IT Security Manager

Job Summary:

• The Security Manager will be responsible for developing and implementing the organization's security strategy and maintaining security tools and infrastructure. The role involves ensuring compliance with IT GRCA security guidelines, leading security audits, managing advanced security technologies, and mitigating security threats. The ideal candidate will work closely with internal and external teams to enhance the overall security posture, covering everything from VAPT, DLP, MDM, XDR, SIEM, and SOC, to phishing protection, threat analysis, encryption, and cloud security.

Key Responsibilities:

Security Strategy Development:

• Develop and implement a comprehensive security strategy to protect the organizations IT infrastructure, data, and applications.
• Ensure alignment with RBI guidelines, CERT-In regulations, IT GRCA guidelines, and the DPDP Act (Digital Personal Data Protection Act) to maintain regulatory compliance.

Vulnerability Management & Threat Analysis:

• Oversee Vulnerability Assessment and Penetration Testing (VAPT), working with external auditors and internal teams to identify and mitigate security vulnerabilities.
• Perform regular threat analysis, evaluate potential risks, and develop action plans to counter emerging cyber threats.

Security Tools Implementation & Management:

• Implement, configure, and maintain advanced security tools, including Data Loss Prevention (DLP), Mobile Device Management (MDM), Extended Detection and Response (XDR), Security Information and Event Management (SIEM), SOC (Security Operations Center), and email DLP.
• Manage application security, ensuring that all in-house and third-party applications comply with security standards.
• Oversee firewall management, branch security, and SD-WAN solutions to protect the organizations network infrastructure.

Incident Response & SOC Management:

• Lead the Security Operations Center (SOC) to monitor and respond to security incidents in real time.
• Establish robust incident response procedures, ensure the timely resolution of security breaches, and lead post-incident reviews.
• Regularly test disaster recovery and business continuity plans.

Security Audits & Compliance:

• Conduct internal and external security audits to ensure compliance with regulatory frameworks, including RBI IT GRCA guidelines, CERT-In, DPDP Act, and other relevant standards.
• Ensure the organization is audit-ready at all times by maintaining comprehensive documentation of security controls, processes, and configurations.
• Address findings from audits and security reviews, implementing remediation plans in a timely manner.

Email Security & Phishing Protection:

• Implement and manage email security solutions, including email DLP and anti-phishing technologies, to prevent data leaks and phishing attacks.
• Run phishing simulations and awareness training programs to reduce the risk of phishing attacks.

Cloud Security:

• Implement and maintain cloud security measures for the organization’s cloud-based infrastructure on platforms like Microsoft Azure, AWS, or hybrid environments.
• Ensure encryption standards and secure access controls are enforced in cloud environments to safeguard sensitive data.

Encryption & Data Protection:

• Implement encryption solutions to protect data at rest, in transit, and in use, ensuring compliance with regulatory requirements and best practices.
• Oversee the management of encryption keys and certificate authorities.

Branch Security Management:

• Ensure the security of IT infrastructure and networks across the organization's branches, coordinating with branch IT teams to deploy consistent security measures.
• Manage security for remote offices, branches, and distributed teams, ensuring endpoint protection and secure network connectivity.

Vendor & Third-party Security Management:

• Collaborate with third-party vendors to manage security tools, software, and services.
• Ensure vendors and service providers adhere to the organization’s security policies and regulatory requirements.

Reporting & Documentation:

• Develop regular reports on security incidents, threat analysis, tool performance, and audit outcomes for senior management.
• Maintain detailed documentation for security processes, tools configurations, and incident response protocols.

Required Skills & Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• 8-12 years of experience in IT security, with a focus on security management in the NBFC, banking, or financial services sector.
• Hands-on experience with security tools such as SIEM, DLP, MDM, XDR, SOC, firewalls, phishing protection tools, and application security solutions.
• In-depth understanding of RBI IT GRCA guidelines, CERT-In regulations, DPDP Act, and other relevant security frameworks.
• Strong expertise in threat analysis, VAPT, and vulnerability management.
• Cloud security experience with platforms like Microsoft Azure, AWS, and other hybrid cloud environments.
• Certifications such as CISSP, CISM, CEH, or relevant cloud security certifications (e.g., AWS Certified Security, Microsoft Certified: Azure Security Engineer) are highly desirable.