General Manager - Information Security

Job Overview

The Lead – Information Security will be responsible for managing VFS Global’s end‑to‑end cybersecurity posture across platforms, ensuring that security controls, governance practices, and risk frameworks are embedded across all digital and government‑facing solutions. Additionally, the role involves driving major modernization initiatives from SOC and cloud security to AppSec and data protection while securing both legacy systems and newly deployed global platforms.

Duties & Responsibilities

Job Description

Cybersecurity Governance, Strategy & Risk Management

• Define and maintain enterprise-wide cybersecurity strategy, policies, standards, and frameworks, ensuring alignment with ISO 27001, NIST CSF, GDPR, and client/government requirements.
• Lead governance forums, security steering committees, and enterprise cyber transformation initiatives.
• Integrate cyber‑risk considerations into business strategy and technology roadmaps while evaluating emerging technologies (AI, automation, cloud-native tools) to enhance resilience.
• Drive annual security uplift programs, monitor maturity through dashboards, KRIs, and scorecards, and conduct enterprise-wide risk assessments with defined mitigation strategies.
• Own the technology risk framework and collaborate with platform, IT, and business teams to close high-risk items within SLAs, ensuring real-time risk visibility via centralized dashboards.
  
  

• Define and maintain enterprise-wide cybersecurity strategy, policies, standards, and frameworks, ensuring alignment with ISO 27001, NIST CSF, GDPR, and client/government requirements.
• Lead governance forums, security steering committees, and enterprise cyber transformation initiatives.
• Integrate cyber‑risk considerations into business strategy and technology roadmaps while evaluating emerging technologies (AI, automation, cloud-native tools) to enhance resilience.
• Drive annual security uplift programs, monitor maturity through dashboards, KRIs, and scorecards, and conduct enterprise-wide risk assessments with defined mitigation strategies.
• Own the technology risk framework and collaborate with platform, IT, and business teams to close high-risk items within SLAs, ensuring real-time risk visibility via centralized dashboards.
  
  

• Provide senior oversight for SOC operations including SIEM, SOAR, EDR/XDR, incident response, and threat hunting.
• Ensure timely detection, containment, and remediation of security incidents.
• Lead threat intelligence ingestion, dark web monitoring, and proactive hunting activities.
• Oversee forensic investigations, ensuring documentation, RCA, and audit readiness.
• Guide modernization of SOC capabilities via POCs, tooling evaluations, and efficiency initiatives.
• Review and approve solution architectures, design reviews, and integration patterns.
• Ensure implementation of security controls across infrastructure, applications, cloud, and endpoints.
• Lead vulnerability management, penetration testing, red teaming, and remediation governance.
• Drive secure SDLC adoption and ensure security checkpoints across CI/CD pipelines.
  
  

• Oversee RBAC, access reviews, PAM, JIT/JEA, and ensure strong Lead identity and access security, including RBAC, PAM, JIT/JEA, MFA/Conditional Access, and automated identity governance with strong threat‑protection measures.
• Drive secure SDLC and AppSec practices by embedding security into development teams and integrating SAST/DAST/IAST tools within CI/CD pipelines; oversee threat modeling, code reviews, and developer training.
• Manage attack surface reduction, red teaming, bug bounty programs, and remediation of misconfigurations to strengthen overall security posture.
• Engage senior stakeholders and mentor cross‑functional cybersecurity teams while championing global security awareness and culture uplift.
  
  

• Manage and develop staff, including performance management, training, and career development.
• Create and maintain a robust talent pipeline to ensure succession planning (1:2 ratio).
  
  

• Oversee corporate governance within the assigned region, ensuring alignment with organizational principles, policies, and regulations.
• Promote judicious use of natural resources and adhere to the organizations environment, health, and safety policies, objectives, and guidelines.
• Drive the organizations sustainability initiatives, working towards achieving established targets.
  
  

• Follow the ABMS roles and responsibilities details as prescribed on the ABMS manual.
• Understanding of ethical standards and the importance of integrity in business practices.
• Ability to identify and evaluate risks related to bribery in various business contexts. For more detailed explanation, follow the ABMS manual.
  
  

• Bachelor’s degree in engineering/technology, CISSP/CISM required or preferred.
  
  

• 14–15+ years of experience leading enterprise security programs across global, multi-site environments.
• Deep expertise across GRC, SecOps, IAM, Application Security, Cloud Security, Risk Management, and Threat Intelligence