Be the First to Apply
Job Description
Manager - Information SecurityJOB OVERVIEW
The incumbent will be responsible for managing enterprise Information & Cybersecurity operations, compliance, risk assessments, and security assurance activities across applications, IT infrastructure, cloud platforms, and emerging technologies. The role supports the organization’s overall security posture through proactive risk identification, incident management, security assessments, technology evaluations, and governance activities, while ensuring adherence to regulatory and corporate security requirements.
KEY ROLES & RESPONSIBILITIES
1. Information Security Compliance
Responsible for managing Information & Cybersecurity compliance requirements in line with internal security policies, regulatory frameworks, and industry best practices.
Support internal and external audits, security certifications, and periodic compliance assessments across Piramal Pharma entities.
2. Risk Assessment & Risk Management
Perform periodic risk assessments for key business applications, IT infrastructure, cloud workloads, and third‑party platforms.
Ensure security risks are identified, documented, tracked, and mitigated through appropriate risk treatment plans in coordination with IT and business teams.
3. Application, Infrastructure & Network Security
Manage and coordinate application security practices including penetration testing, vulnerability assessments, secure configuration reviews, and remediation tracking.
Support endpoint security, network security, data leakage protection (DLP), and continuous security monitoring activities.
Track and closure of security findings arising from assessments, audits, and incidents.
4. Cloud Security
Support design, implementation, and monitoring of cloud security controls across public and hybrid cloud environments (AWS / Azure / GCP, as applicable).
Perform cloud security risk assessments covering cloud-hosted applications, workloads, identities, and data repositories.
Ensure adherence to cloud security best practices, internal standards, and regulatory requirements, including shared responsibility considerations.
Work with infrastructure and application teams to review secure cloud architectures, IAM configurations, logging, monitoring, and baseline hardening.
Coordinate remediation of cloud security gaps identified through assessments, audits, or monitoring activities.
5. AI & Emerging Technology Security
Support security and risk assessments of AI / ML-based tools and platforms, including internally developed and third‑party solutions.
Evaluate data security, privacy, access control, and compliance risks associated with AI use cases.
Ensure AI and emerging technology solutions comply with organizational Information Security, Data Protection, and regulatory requirements.
Assist in defining and enforcing security guardrails for responsible use of AI technologies, including data usage, access, and output handling.
Participate in Proof of Concept (PoC) evaluations of AI, automation, and emerging technologies from an Information Security standpoint.
Track evolving AI security threats and risk scenarios and recommend appropriate mitigation controls.
6. Security Incident Management
Ensure potential security incidents are correctly identified, analyzed, investigated, documented, and reported.
Coordinate with SOC, IT teams, and external partners for timely containment, remediation, and post‑incident reviews.
Support ongoing operational components of Enterprise Information Security.
7. Security Reporting & Governance
Periodically prepare and present reports on IT security compliance, risks, incidents, and overall security posture to Information Security leadership and the CISO.
Maintain security dashboards, metrics, risk registers, and audit evidence for management and regulatory reporting.
8. Cybersecurity Technology Evaluation
Evaluate new cybersecurity solutions and perform Proof of Concept (PoC) activities based on business and security requirements.
Provide technical assessments and recommendations for adoption, enhancement, or replacement of security tools.
9. Business Continuity Management (BCM)
Manage and support the Business Continuity Management (BCM) program in line with regulatory and organizational requirements.
Coordinate BCP and DR drills, gap assessments, documentation reviews, and corrective action tracking with IT and business stakeholders.
10. Vendor & Third‑Party Security
Work with IT vendors, service providers, and partners to ensure adherence to contractual security and compliance requirements.
Support third‑party risk assessments and security due‑diligence activities.
SKILLS & COMPETENCIES
Strong knowledge of Information Security frameworks, risk management, and compliance
Hands‑on exposure to vulnerability management, penetration testing coordination, and incident response
Working knowledge of cloud security concepts and shared responsibility models
Understanding of AI / GenAI security, data protection, and privacy risks
Ability to assess and secure new and emerging technologies
Strong documentation, reporting, and stakeholder management skills
Analytical mindset with strong problem‑solving abilities
REPORTING STRUCTURE
QUALIFICATIONS
Education
Bachelor’s degree in Engineering / Technology (B.E., B.Tech).
MBA or equivalent qualification is preferred.
Certifications (Preferred)
EXPERIENCE
8 – 12 years of relevant experience in Information Security, Cybersecurity, IT Risk, or Security Operations.
Preferred Experience working in regulated environments (Pharma / Life Sciences preferred).
