Job Title : Senior Manager - Risk Management and Information Security

Location : Bangalore only

Department : Risk Management - RAC

Reports To : ERM head

Experience Required: 15-20 years in Risk Management, Information Security, and Compliance roles

Job Summary :

We are seeking an experienced and proactive Senior Manager - Risk Mgmt and Information Security to lead and manage our global risk, compliance, incident response, and information security programs. This role will be instrumental in overseeing end-to-end security and risk functions, maintaining global compliance standards, and ensuring business continuity in a rapidly evolving threat landscape.

Key Responsibilities:

Incident & Risk Management:

- Manage org wide Enterprise Risk Register and keep updating and maintaining based on emerging risks

- Lead Incident Management including end-to-end ownership and resolution

- Manage and respond to issues related to Risks from Customers

- Own RCA-CAPA processes for all deviations, including customer-facing issues

- Conduct biannual Incident Simulations and ensure retraining and compliance for defaulters

- Manage and address all employee risks including those related to Physical security risks

Compliance & Audits:

- Maintain ISMS ISO 27001, PIMS ISO 27701, SOC 2 Type 2 readiness, audit support, and NC tracking/closure

- Represent Infosec in Customer Audits, SOC 2 Type 2, and other ISO assessments

- Manage TPRM (Third Party Risk Management) support activities and compliance tracking

- Ensure timely completion of Cybervadis assessments and support Data Classification and other Privacy initiatives

Policy & Access Management:

- Own annual SOP management and policy refresh cycles for InfoSec

- Administer Exception Access Management for critical controls (USB, Gmail, Admin Access etc.,)

- Oversee Admin Access Management and enforce MDM/DLP policies

- Oversee IP inventory and ensure there are no IP violations.

Security Monitoring & Tools:

- Monitor threat landscape including Dark Web Monitoring

- Lead Cybersecurity Attack Simulations, including SOP creation, documentation, and testing

- Maintain and optimize Forcepoint DLP policies and support MDM reviews

Training & Awareness:

- Lead Infosec Training Programs and ensure 98% compliance at any point

- Refresh training materials for AUP, COE, ISMS annually

- Conduct regular compliance follow-ups and retraining for defaulters

Metrics & Reporting:

- Define, publish, and manage IT Security Metrics dashboards

- Maintain and update the Enterprise Risk Tracker

Stakeholder & Cross-Functional Collaboration:

- Respond to and manage RFI/P (Request for Information/Proposal) documents for Infosec

- Provide Infosec support for various IT initiatives and new implementations

- Coordinate with internal and external stakeholders for audits, assessments, and security operations

Qualifications & Skills:

- Bachelor's/Master's degree in Computer Science, or related field

- Industry certifications such as CISSP, CISM, CISA, ISO 27001 LA, or equivalent

- In-depth knowledge of ISMS, SOC 2, Privacy laws (including GDPR/DPDPA), and security best practices

- Experience in tools like Forcepoint and creating risk dashboards with heat-maps

- Strong stakeholder management, communication, and team leadership skills

- Ability to work independently and manage global teams and vendors

Preferred Experience:

- Experience in Pharma, Healthcare, or Regulated Industries

- Prior experience dealing with Customer Audits

- Knowledge of emerging threats and technologies such as AI/ML in InfoSec