Information Security Manager

Broad Function:

The Information Security Manager will be responsible for developing, implementing, and maintaining the organization’s information security strategy, risk framework, policies, and controls. This role requires deep expertise in cyber operations, audit management, risk evaluation, and compliance with security standards such as ISO 27001, SOC 2, and NIST.
The individual will work closely with senior leadership, IT, HR, Compliance, Delivery teams, and external auditors to ensure FCI remains secure, compliant, and resilient across all its systems, processes, and customer engagements.

Key Roles & Responsibilities (Not Limited To)

1. Information Security Governance & Policy Management:

• Define, develop, implement, and continuously improve information security policies, standards, procedures, and guidelines.
  
• Own and maintain the Information Security Management System (ISMS) aligned with ISO 27001.
  
• Establish governance frameworks to ensure consistent security implementation across:
  
• Corporate IT
  
• Product engineering
  
• Cloud infrastructure
  
• Manufacturing/plant environments (IT/OT)
  
• Ensure alignment with ISO 27001, SOC 2, PCI DSS, GDPR, and client-specific security requirements.
  
• Act as the primary point of contact for information security governance across business units.
  
  
  

• Conduct periodic enterprise risk assessments, threat modeling, and vulnerability assessments across IT, cloud, product, and plant systems.
  
• Maintain and continuously update:
  
• Risk registers
  
• Asset inventories
  
• Control matrices
  
• Compliance dashboards
  
• Lead and independently manage:
  
• ISO 27001 certification and surveillance audits
  
• SOC 2 Type I & II audits
  
• PCI DSS compliance assessments
  
• Client and partner security audits
  
• Coordinate audit schedules, evidence collection, documentation, and stakeholder interactions.
  
• Track, manage, and ensure timely closure of non-conformities (NCs), observations, and CAPAs.
  
• Ensure continuous compliance with regulatory, contractual, and customer-driven security obligations.
  
  
  

• Oversee day-to-day security operations including:
  
• SIEM monitoring
  
• Log management
  
• Threat detection and alerting
  
• Collaborate with IT and infrastructure teams to strengthen:
  
• Network security
  
• Endpoint security
  
• Identity and access management (IAM)
  
• Cloud security posture
  
• Evaluate, implement, and manage security tools such as:
  
• Firewalls, IDS/IPS
  
• EDR/antivirus solutions
  
• DLP solutions
  
• IAM, MFA, PAM
  
• Vulnerability management tools
  
• Define and monitor security KPIs and metrics for management reporting.
  
  
  

• Develop, maintain, and test Incident Response Plans (IRP).
  
• Lead investigation, containment, remediation, and root-cause analysis of:
  
• Security incidents
  
• Data breaches
  
• Vulnerability exploitations
  
• Coordinate incident response with internal teams, vendors, and external stakeholders when required.
  
• Own and enhance Business Continuity Plans (BCP) and Disaster Recovery (DR) frameworks.
  
• Conduct periodic BCP/DR drills, tabletop exercises, and cyber incident simulations.
  
• Ensure readiness for ransomware, data breach, and operational disruption scenarios.
  
  
  

• Work closely with product engineering and development teams to embed security-by-design principles.
  
• Define and enforce Secure SDLC practices, including:
  
• Secure coding standards
  
• Code reviews
  
• Vulnerability scanning
  
• Penetration testing coordination
  
• Oversee application security for internally developed and third-party products.
  
• Manage vulnerability remediation lifecycle for product platforms.
  
• Support customer security questionnaires, product security documentation, and assurance artifacts.
  
  

• Lead security initiatives for cloud-hosted products and platforms (AWS / Azure/etc)
  
• Drive cloud security compliance and certifications such as:
  
• ISO 27001 for cloud scope
  
• SOC 2 for SaaS platforms
  
• Cloud-specific best practices (CIS Benchmarks)
  
• Implement and monitor:
  
• Cloud IAM and least-privilege access
  
• Secure configuration baselines
  
• Cloud logging and monitoring
  
• Data protection and encryption controls
  
• Partner with DevOps teams to integrate security into CI/CD pipelines
  
  

• Ensure secure configuration and access control for internal enterprise systems including:
  
• Zoho, JIRA
  
• Office 365 Suite
  
• Other SaaS and internal applications
  
• Conduct periodic:
  
• User access reviews
  
• Privileged access reviews
  
• Segregation of duties (SoD) checks
  
• Ensure strong data classification, handling, retention, and protection controls.
  
• Support privacy and data protection requirements related to customer and employee data
  
  
  

• Collaborate with plant and operations teams to assess and improve OT / industrial system security.
  
• Ensure basic cybersecurity controls for plant networks, devices, and access.
  
• Conduct risk assessments for IT–OT integration points.
  
• Align plant security controls with overall organizational security governance.
  
  
  

• Design and conduct periodic information security awareness programs for employees.
  
• Develop training materials covering:
  
• Phishing and social engineering prevention
  
• Password and access hygiene
  
• Data protection and privacy
  
• Secure development practices
  
• Run simulated phishing exercises and track improvement metrics.
  
• Foster a strong, organization-wide security-first culture
  
  
  

• Define and own the information security roadmap aligned with business and product strategy.
  
• Track emerging cyber threats, vulnerabilities, regulatory updates, and industry trends.
  
• Recommend and implement continuous improvements to security posture.
  
• Lead evaluation and rollout of new security tools, technologies, and frameworks.
  
• Provide regular security posture updates to senior management.
  
  
  
  
  
  
  

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline.
  
• Master’s degree preferred
  
  

• 6–10 years of hands-on experience in:
  
• Information security
  
• Cybersecurity operations
  
• Risk, compliance, and audit management
  
• Strong experience working in product/SaaS organizations.
  
• Experience handling client data and customer-driven security requirements.
  
• Prior exposure to manufacturing/plant or OT environments is a plus
  
  

• CISSP / CISM
  
• ISO 27001 Lead Implementer or Lead Auditor
  
• Cloud security certifications (AWS Security Specialty, Azure Security Engineer, etc.) – good to have
  
• CEH (Certified Ethical Hacker)/ CompTIA Security+ ( good to have)
  
  
  

• Information security governance and ISMS
  
• ISO 27001, SOC 2, PCI DSS frameworks
  
• Risk assessment and mitigation
  
• Security audits and compliance operations
  
• Application, network, endpoint, and cloud security
  
• Incident response and BCP/DR
  
• Secure SDLC and product security
  
  

• Strong communication and documentation skills
  
• Ability to work cross-functionally with IT, product, engineering, and business teams
  
• Proven ability to independently manage audits and external stakeholders
  
• Strong analytical, problem-solving, and decision-making skills
  
  
  
  
  
  
  

• Cashless medical insurance for employees, spouses, and children
  
• Accidental insurance coverage
  
• Life insurance coverage
  
• Retirement benefits including Provident Fund (PF) and Gratuity
  
• ESI*
  
• Complementary meal coupons
  
• Company-paid transportation
  
• Sodexo benefits for income tax savings
  
• Paternity & Maternity Leave Benefit
  
• National Pension Saving
  
• EL encashment
  
• Sick Leave