Information Security Manager ( Global )
South Goa, Goa, India
Full Time
Manager/Supervisor
Job Summary:
Reporting directly to the Chief Information Officer (CIO), the Information Security Manager leads the operational execution of the organization's information security program. This role involves managing security functions, implementing strategy, overseeing technologies, and leading Governance, Risk Management, and Compliance (GRC) activities, with a strong focus on cloud/SaaS environments. The role demands close collaboration with IT, Development, Sales, Legal, Compliance, and other core business functions. It requires the ability to represent the company's security posture effectively to external/internal clients and auditors . This individual serves as the primary operational leader for security, advising the CIO, driving initiatives, and acting as a key security liaison both internally and externally.
Key Responsibilities:
1. Security Operations & Program Management:
○ Lead and manage core security functions (SecOps, Vulnerability Management, Incident Response).
○ Drive key security programs (Security Awareness, DLP, IAM).
○ Oversee administration and optimization of security tools (SIEM, EDR, DLP, etc.).
2. Governance, Risk Management & Compliance (GRC):
○ Establish, manage, and mature the information security GRC framework, including risk assessment methodologies, control implementation, and policy lifecycle management.
○ Manage the information security risk register, conduct regular risk assessments (incl. SaaS/cloud), propose mitigations, and track remediation.
○ Ensure compliance with relevant laws, regulations (e.g., CERT-In directives, DPDP Act), standards (ISO 27001,SOC 2, etc.), and contractual obligations.
○ Lead security audit preparation (internal/external) and manage responses/remediation efforts.
○ Develop, implement, socialize, and enforce information security policies and standards.
3. SaaS & Cloud Security:
○ Develop, implement, and manage security controls, configurations, and processes for SaaS applications.
○ Conduct security and risk assessments for new and existing SaaS solutions.
○ Provide security guidance for the adoption and secure configuration of SaaS applications.
4. Collaboration & Engagement:
○ Cross-Functional Partnership: Foster strong working relationships across departments, including IT (infrastructure, applications, firewall team), Development, Sales, Legal, Compliance, and other core business functions to integrate security practices effectively.
○ Development Collaboration: Work closely with development teams on Secure SDLC practices (secure coding, threat modeling, AppSec testing).
○ Sales Partnership: Provide security expertise to Sales during the sales cycle.
○ Client-Facing Security: Represent the company's security posture externally, responding to client questionnaires (RFIs/RFPs) and participating in security discussions.
5. Strategy Execution & Advisory:
○ Support the CIO in developing and refining the security strategy.
○ Translate strategy into actionable plans and lead execution, particularly around GRC and operations.
○ Act as the primary security advisor to the CIO on operational security, GRC status, risk posture, and cloud/SaaS security.
○ Prepare security reports, metrics (including GRC metrics), and briefings for the CIO.
6. Incident Response & Leadership:
○ Lead security incident response coordination.
○ Provide technical leadership on security architecture and secure configurations.
○ Manage security vendor relationships and provide input/manage the security budget.
○ Lead and mentor any direct or indirect security team members.
Required Qualifications:
● Experience: 8-10+ years of progressive experience in Information Security across multiple domains.
● GRC Expertise: Strong understanding and practical experience with Governance, Risk Management, and Compliance (GRC) principles and frameworks (e.g., implementing controls based on NIST/ISO, managing risk registers, policy lifecycle management, supporting audits such as SOC 2 or ISO 27001).
● SaaS Security Expertise: Demonstrated experience in securing SaaS applications (controls, configuration, risk assessment). Understanding of identity federation.
● Collaboration Skills: Proven ability to collaborate effectively with technical (Development, IT) and business/support functions (Sales, Legal, Compliance). Experience with DevSecOps principles desirable.
● Client-Facing Communication: Excellent client-facing communication, presentation, and interpersonal skills. Ability to represent security posture confidently externally.
● Business Acumen: Ability to understand business processes and translate technical security concepts into business/risk terms.
● Leadership: Proven experience leading security operations, projects, or teams.
● Technical Expertise: Deep understanding of core security principles, technologies, frameworks. Broad knowledge of cloud security, endpoint security, IAM, SIEM, vulnerability management, network security concepts.
● Risk Management: Solid experience with security risk assessment methodologies.
● Execution Focus: Demonstrated ability to manage security operations and GRC processes effectively.
● Education: Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
Preferred Qualifications:
● Master's degree in Cybersecurity or related field.
● Certifications: CISSP, CISM, CRISC, CISA,
● Experience completing industry-standard security questionnaires (e.g., SIG, CAIQ VSAQ).
● Experience reporting directly to senior leadership.
● Experience managing security vendors.
● Knowledge of specific Indian, European and American data protection laws and cybersecurity regulations.
Key Responsibilities:
1. Security Operations & Program Management:
○ Lead and manage core security functions (SecOps, Vulnerability Management, Incident Response).
○ Drive key security programs (Security Awareness, DLP, IAM).
○ Oversee administration and optimization of security tools (SIEM, EDR, DLP, etc.).
2. Governance, Risk Management & Compliance (GRC):
○ Establish, manage, and mature the information security GRC framework, including risk assessment methodologies, control implementation, and policy lifecycle management.
○ Manage the information security risk register, conduct regular risk assessments (incl. SaaS/cloud), propose mitigations, and track remediation.
○ Ensure compliance with relevant laws, regulations (e.g., CERT-In directives, DPDP Act), standards (ISO 27001,SOC 2, etc.), and contractual obligations.
○ Lead security audit preparation (internal/external) and manage responses/remediation efforts.
○ Develop, implement, socialize, and enforce information security policies and standards.
3. SaaS & Cloud Security:
○ Develop, implement, and manage security controls, configurations, and processes for SaaS applications.
○ Conduct security and risk assessments for new and existing SaaS solutions.
○ Provide security guidance for the adoption and secure configuration of SaaS applications.
4. Collaboration & Engagement:
○ Cross-Functional Partnership: Foster strong working relationships across departments, including IT (infrastructure, applications, firewall team), Development, Sales, Legal, Compliance, and other core business functions to integrate security practices effectively.
○ Development Collaboration: Work closely with development teams on Secure SDLC practices (secure coding, threat modeling, AppSec testing).
○ Sales Partnership: Provide security expertise to Sales during the sales cycle.
○ Client-Facing Security: Represent the company's security posture externally, responding to client questionnaires (RFIs/RFPs) and participating in security discussions.
5. Strategy Execution & Advisory:
○ Support the CIO in developing and refining the security strategy.
○ Translate strategy into actionable plans and lead execution, particularly around GRC and operations.
○ Act as the primary security advisor to the CIO on operational security, GRC status, risk posture, and cloud/SaaS security.
○ Prepare security reports, metrics (including GRC metrics), and briefings for the CIO.
6. Incident Response & Leadership:
○ Lead security incident response coordination.
○ Provide technical leadership on security architecture and secure configurations.
○ Manage security vendor relationships and provide input/manage the security budget.
○ Lead and mentor any direct or indirect security team members.
Required Qualifications:
● Experience: 8-10+ years of progressive experience in Information Security across multiple domains.
● GRC Expertise: Strong understanding and practical experience with Governance, Risk Management, and Compliance (GRC) principles and frameworks (e.g., implementing controls based on NIST/ISO, managing risk registers, policy lifecycle management, supporting audits such as SOC 2 or ISO 27001).
● SaaS Security Expertise: Demonstrated experience in securing SaaS applications (controls, configuration, risk assessment). Understanding of identity federation.
● Collaboration Skills: Proven ability to collaborate effectively with technical (Development, IT) and business/support functions (Sales, Legal, Compliance). Experience with DevSecOps principles desirable.
● Client-Facing Communication: Excellent client-facing communication, presentation, and interpersonal skills. Ability to represent security posture confidently externally.
● Business Acumen: Ability to understand business processes and translate technical security concepts into business/risk terms.
● Leadership: Proven experience leading security operations, projects, or teams.
● Technical Expertise: Deep understanding of core security principles, technologies, frameworks. Broad knowledge of cloud security, endpoint security, IAM, SIEM, vulnerability management, network security concepts.
● Risk Management: Solid experience with security risk assessment methodologies.
● Execution Focus: Demonstrated ability to manage security operations and GRC processes effectively.
● Education: Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
Preferred Qualifications:
● Master's degree in Cybersecurity or related field.
● Certifications: CISSP, CISM, CRISC, CISA,
● Experience completing industry-standard security questionnaires (e.g., SIG, CAIQ VSAQ).
● Experience reporting directly to senior leadership.
● Experience managing security vendors.
● Knowledge of specific Indian, European and American data protection laws and cybersecurity regulations.
Apply for this position
Required*