Information Security Manager

Key Responsibilities

• Information Security Management
• Establish, implement, and maintain the organization’s Information Security Management System (ISMS) in line with ISO 27001 standards.
• Lead ISO 27001 audits (internal & external) — coordinate with auditors, manage corrective actions, and ensure ongoing compliance.
• Develop and enforce information security policies, procedures, and controls across all business units.
• Conduct risk assessments and manage the risk treatment plan.
• Ensure compliance with data protection and privacy regulations (e.g., GDPR, IT Act).
• Network and Infrastructure Security
• Design and manage secure network architecture, VLANs, VPNs, and access control systems.
• Configure, monitor, and maintain firewalls (e.g., Sophos) and intrusion prevention systems (IPS/IDS).
• Oversee deployment and management of antivirus, endpoint protection, and data loss prevention (DLP) tools.
• Perform regular vulnerability assessments and coordinate remediation with infrastructure teams.
• Manage patch management, secure configuration, and change management processes.
• Incident Management & Monitoring
• Establish and maintain a Security Operations framework — including incident response plans and escalation protocols.
• Lead investigation of security incidents and root cause analysis.
• Implement and monitor SIEM solutions and log management systems to detect and respond to threats proactively.
• Awareness & Training
• Conduct information security awareness sessions for employees and vendors.
• Build a culture of security across departments through campaigns and refresher trainings.
• Vendor & Asset Security
• Review vendor security posture and ensure compliance with company standards.
• Maintain updated inventory of information assets, along with classification and ownership details.
  

Key Skills & Competencies

• Strong understanding of network engineering, firewalls, endpoint protection, and security monitoring tools.
• Practical knowledge of Windows/Linux server hardening, Active Directory, and cloud security controls (AWS/Azure).
• Sound understanding of information security risk management, business continuity, and incident response.
• Experience in ISO 27001:2022 implementation, audit, or maintenance.
• Excellent analytical, documentation, and communication skills.
  

Preferred Qualifications

• Bachelor’s degree in Computer Science / IT / Information Security or related field.
• ISO 27001 Lead Implementer / Lead Auditor certification (preferred).
• Certifications such as CISSP, CISM, CEH, CCNP Security, Fortinet NSE, or equivalent will be an advantage.
  

Required Skills