Job Title: Manager (Information Systems and Security)
Position: Manager Dept: Information Technology Services (ITS)
Reports to: CTO
- B. Tech/B. E. in Computer Science or IT, or similar related field, from an institute of repute; BSC. or Diploma
- Information/Network security, Agile project management, Lean-IT, etc., preferred
Experience: 12+ years of experience in IT Systems and Security functions
Industry preference: N/A
Responsible for overall ‘Information Technology Services (ITS) function and in defining, implementing and documenting relevant processes, procedures and standards. This role will be in charge of establishing and maintaining an organization wide information systems, infrastructure, and security, management program to ensure that information assets are well performing, fully functional in a secure mode, adequately protected, monitors inventory tracking and renewals or upgrade requirements. This position is responsible for identifying, evaluating and reporting on information systems performance, and security risks, in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The role serves as the process manager of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information protocols and security policies.
Broad Responsibilities:
Responsible for overall ‘Information Technology Services (ITS) function and in defining, implementing and documenting relevant processes, procedures and standards. This role will be in charge of establishing and maintaining an organization wide information systems, infrastructure, and security, management program to ensure that information assets are well performing, fully functional in a secure mode, adequately protected, monitors inventory tracking and renewals or upgrade requirements. This position is responsible for identifying, evaluating and reporting on information systems performance, and security risks, in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The role serves as the process manager of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information protocols and security policies.
The Manager (Information Systems and Security) undertakes IT organization's technical activities and is responsible to provide regular status and service-level reports to management. The individual should be a critical thinker, a consensus builder, and an integrator of people and processes must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding of overall organizational business objectives. The role keeps an eye on the IT support, logistics, and security, for in-premises, and off-premises distributed and virtual workforce, and is a developing opportunity for more strategic responsibilities in due course of time, the extent of duties include but not be limited to:
- Management of IT Infrastructure including Servers, Network Devices, IT Security Solutions, Databases, Cloud Services, Network Connectivity and Server Rooms
- Management of IT Service Providers to ensure services are delivered effectively
- Identification and evaluation of IT System/ security solutions to meet the objectives
- Implementation of IT systems/ security solutions covering people, process and technology to ensure effectiveness of the systems/ solutions
- Understand business requirements from ITS Department and provide effective solutions keeping in mind Policies and compliance requirements
- Timely delivery of ITS Department services to Business and other Department or clients
- Secure network architecture and cloud security architecture
- Ensure security of IT Setup to ensure confidentiality, integrity and availability of IT Assets
- Ensure secure configuration of various systems/ devices/ platforms under ITS Department
- Ensure systems/ devices/ platforms are timely patched and upgraded
- Ensure timely closure of any audit findings/ configuration gaps/ vulnerabilities identified
- Integrate logs of various systems/ devices/ platforms under ITS Department with central log monitoring solution
- Responsible for conducting Information Security Risk Assessment and Data Privacy Impact Assessment for ITS Department
- Contribute to define, test and revision of Security Incident Management and Cyber Crisis Management Plans
- Timely respond to security events/ alerts/ incident assigned to ITS department
- Implement changes based on the lessons learnt while handling processes/ activities like change management, security incident management etc. to ensure continual improvement in IT Security controls/ practices
- Define proper scope of work (SoW), service level agreements (SLAs) for third party services
- Proper evaluation and selection of service providers who can deliver defined scope of work, service levels and meet the compliance requirements which will be applicable for the service provider
- Regular monitoring of deliverables of service providers against the defined and agreed SOW and SLA and compliance requirements
- Ensure business continuity aspects while taking into account critical services
- Design, implement, regular testing and continual improvement of Disaster Recovery Program
- Ensure availability of systems/ devices/ servers/ services/ data without compromising on compliance requirements and information & cyber security requirements
- Ensure DR Program supports organization’s BCP Program
- Represent ITS Department in organization’s BCP Program and Cyber Crisis Management Program
- Responsible for conducting Business Impact Assessment for ITS Department
- Definition of Team structure with roles and responsibility
- Selection of Team Members suitable for the defined roles and responsibility
- Clearly communicate roles and responsibility (including information & cyber security and compliance responsibilities) of Team Members
- Ensure Team Members are timely completing training assigned to them
- Monitor/ guide Team Members to motivate to deliver their the best and grow along with
- Timely feedback on the performance
- Monitor Team Members for their suspicious behaviour
- Provide inputs for defining policies related to IT and IT Security
- Definition and regular revision of processes, standard operating procedures (SOPs) for ITS Departments
- Ensure compliance with the organization’s policies and procedures to meet regulatory requirements and contractual obligations
- Represent/ responsible for ITS Department for ensuring compliance with and continual improvement in Information and Cyber Security Practices, Data Privacy Practices and regulatory compliances
- Maintain and timely provide artifacts/ evidence to demonstrate compliance to internal and external auditors
- Ensure ITS department is always audit ready and meet the compliance requirements
- Collaborate with cross-functional teams to ensure security and compliance requirements are met
- Capacity and performance monitoring and management of IT setup
- Support CTO is preparing and planning for IT Budget
- Actively participate and contribute to IT Governance/ Information Security Meetings to ensure continual improvements
- Assist in the development and review of security policies, procedures, and controls.
- Support risk assessments and compliance audits for regulatory and industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR).
- Conduct research on regulatory requirements and industry best practices.
- Help track and document security risks, incidents, and compliance gaps.
- Assist in vendor risk assessments and third-party due diligence.
- Participate in internal security awareness programs and training sessions.
- Support the team in maintaining compliance documentation and reports.
