7,170 Information Security Manager jobs in India

Job Title: Manager – Information Security

Job Summary

We are seeking an accomplished Information Security professional with extensive experience in cybersecurity best practices, enterprise security architecture, data protection, first-line information security risk management, and conducting security assessments. The Manager – Information Security will be instrumental in developing, evaluating, and ensuring alignment with cybersecurity controls and policies, maintaining compliance with standards, and embedding security into the organization’s products, services, and technology infrastructure. This position demands a subject matter expert capable of bridging the gap between security policy, risk, and technical implementation. A solid understanding of the latest security frameworks and technologies, including Cloud and AI, is essential to effectively inform and support risk-based decision-making.

Key Responsibilities

Cybersecurity Policy & Governance

• Develop, review, and maintain cybersecurity policies, standards, and procedures consistent with NIST, Cloud Security Alliance, CIS, and other global security frameworks.
• Convert identified security risks into policy requirements while ensuring alignment with business objectives.
• Work with security, engineering, architecture, and operational teams to confirm that policies are technically feasible and provide guidance on implementing and enforcing controls.

Risk Management and Assessments

• Function as a security specialist, providing advisory support or directly conducting comprehensive risk assessments and control gap analyses across services, products, infrastructure, and applications.
• Offer recommendations and guidance on effective risk mitigation strategies that align with business objectives and maintain appropriate security standards.
• Track emerging threats, evolving industry standards, best practices, and regulatory changes in order to proactively advise on necessary updates to policies, controls, or other measures required to strengthen and modernize our risk management posture.

Security Architecture

• Provide guidance on secure cloud, network architecture, segmentation, and system hardening.
• Work with engineering teams to monitor and maintain secure configurations and access controls.
• Lead or advise on security reviews of new technologies and system changes.
• Carry out Security Architecture Integration by conducting ongoing or targeted architecture reviews to confirm that security is incorporated, integrated, and verified in designs and implemented services.
• Establish and uphold architectural security principles throughout the technology and services ecosystem.
• Assess and integrate security tools and technologies to support the enterprise security posture.

Security Assurance and Attestations

• Maintain documentation and evidence repositories to facilitate internal and external support.
• Utilize platforms such as SharePoint and Jira to ensure optimal assessment preparedness.
• Collaborate with control owners to monitor, address, and close findings efficiently.

Awareness & Communication

• Develop and implement cybersecurity awareness programs designed for both technical and non-technical teams.
• Prepare concise communications regarding policy changes, risk advisories, and incident notifications.
• Deliver training sessions to stakeholders on security controls and risk management procedures.

Required Qualifications

• Bachelor’s / Master’s degree in Information Security, Computer Science, or related field.
• 12 – 15 years of experience in Information Security with a strong focus on risk management, network security, and security architecture.
• Hands-on experience in system/network administration (Windows/Linux/Cloud).
• Deep understanding of frameworks such as ISO 27001, NIST, PCI DSS, and COBIT.
• Proven experience in drafting and implementing security policies and technical standards.
• Strong knowledge of identity lifecycle management and access governance.
• Experience with audit documentation and evidence management tools (e.g., SharePoint, Jira).
• Excellent communication and stakeholder engagement skills.

Preferred Qualifications

• Certifications: CISSP, CISM, CISA, CRISC, or equivalent.
• Experience with GRC platforms and risk assessment methodologies.
• Familiarity with regulatory standards such as GDPR, CCPA, and other data protection laws.
• Exposure to cloud platforms (Azure, AWS) and security tools (e.g., Defender, CrowdStrike, Tenable).
• Knowledge of enterprise architecture frameworks and secure design principles.

Job Purpose

Management :

• To Strategize, develop and implement Data Protection Controls in coordination with stakeholders across the Organization globally.
• To ensure compliance of the Organization with the defined policy & framework with a data driven approach

Execution

• To ensure that the protection operations are executed effectively in a timely manner and with required quality
• Assists in the development and implementation of Data Protection strategic initiatives. Leads all Data protection related tasks with effective monitoring and protection of information security assets.

Manager – Data Protection has overall responsibility to coordinate and support the Head of Data Privacy and Protection to achieve organization’s Protection strategy and goals.

He/she is a T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management.

Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place.

Key result Areas

• Develop and coordinate with stakeholder (internal/external) to implement Data Protection policies, procedures, and protocols.
• Collaborate with internal departments, such as human resources, business and IT, to ensure compliance with security protocols and standards.
• Drive the creation of a comprehensive data protection framework, ensuring compliance with applicable data security laws.
• Develop and maintain metrics (Key Performance / Risk Indicators) for measuring effectiveness of the managed solution and reporting to key stakeholders.
• Work closely with legal and compliance teams to manage risk, breaches, and audits related to data protection.
• Advice on implementation robust security controls across all stages of the data lifecycle, including data collection, storage, processing, transmission, and destruction.
• Ensure the use of encryption (at rest, in transit) and secure key management strategies.
• Apply anonymization and pseudonymization techniques where required to mitigate privacy risks.
• Collaborate with IT teams to integrate security measures into application and system design from the outset (security by design).
• Good understanding/hands-on knowledge of DLP solution and data classification concepts.
• Raise awareness and provide training about information handling rules to end-users;
• Design and implement controls to reduce information risk and coordinate remediation actions with the support of the business;
• Gather and document business and security requirements, identify and define opportunities and lead the development and implementation of Data Protection Controls that meet business needs.
• Establish an exception management process for scenarios where data protection policies cannot be fully enforced.
• Evaluate and approve security exceptions, ensuring that any deviations from standards are properly justified, documented, and risk-assessed.
• Monitor and review approved exceptions regularly to ensure ongoing security and compliance.

Knowledge, Skills and Experience

Essential knowledge

• Graduate/ Post Graduate degree in Science/ Engineering/ IT.
• Minimum 2 Professional certification related to Information Security like CISM / CISSP./CASP+/ CEH / CCSP
• 8+ years Information Security experience in large financial institution/ banks with minimum 5 years’ experience within Compliance, audit and/or risk function, with recent experience in Data protection projects implementation.
• In-depth knowledge of data encryption, anonymization, pseudonymization techniques.
• Strong understanding of security controls required at different stages of the data lifecycle.

Skills and Application

• Coordinate with internal stakeholders and cross-functional teams to execute Protection initiatives, ensuring that projects are completed on time and achieve desired outcomes.
• Excellent communication skills with the ability to work cross-functionally with different teams.

Strong analytical skills and the ability to evaluate the effectiveness of implemented security measures

Job description - Information Security Manager

Role & responsibilities

-Shall be accountable for interpreting the RFI/RFP, or Customer queries, and responding

to them.

-Review Contracts/MSA/DPA to ensure they include appropriate risk-related clauses,

such as security controls, data privacy, liability, and business continuity terms.

-Shall be accountable for assessing vendors or suppliers to identify potential risks in

areas such as cybersecurity, data protection, regulatory compliance, and operational

resilience.

-Participate in meetings with customers, partners, and vendors and be accountable for

handling security/privacy-related discussions.

-Work closely with IT, HRD, L&D, and other teams to close any Customer audit

observations, and shall be accountable.

-Shall be accountable for tracking the external advisories/threat intelligence to closure.

-Shall be accountable for Enterprise Risk Management.

Eligibility Criteria

-Must have 5 years in a Customer/Vendor role responsible for Responding, clarifyingand reviewing Contracts around below standards/models/industry best practices andtheir mapping to Organizational Practices.

-In-depth knowledge of standards and frameworks such as ISO 9000, ISO 27001, PCIDSS, SOC 2, CMMi, NIST, HIPAA, GDPR, and CCPA.

-Must have led the implementation of security standards like ISO 27001, PCI-DSS, SOC2, etc.

-Knowledge of privacy regulations like GDPR, PDPD, DPDPA, etc. is preferred.

-Must have faced or facilitated customer or external audits.

-Proven experience in quality assurance, compliance, and risk management. At leastmore than 7 years of experience in managing the audit.

-Excellent communication and interpersonal skills.

-Strong analytical skills and attention to detail.

-Ability to work collaboratively with cross-functional teams.

-Must have managed a team of more than 3 members at least for 5 years.

-Certification in Quality Assurance or Information Security (e.g., ISO 9001 Lead Auditor,ISO 27001 Lead Implementer, CEH) will be preferred.

Role : IT & Information Security - Other

Industry Type : Software Product

Department : IT & Information Security

Employment Type : Full Time, Permanent

Role Category : IT & Information Security - Other

Education

UG: B.Tech/B.E. in Computer Science Engineering, Information Technology, Computer

Science, Cyber Security, Computers

PG: MCA in Any Specialization, MBA/PGDM in Information Technolog

Information Security Manager

Location: Pune (Yerwada) | Hybrid Mode

Experience: 11+ Years

⏳ Notice Period: Immediate to 60 Days

Job Description

We are seeking an experienced Information Security Manager to lead and strengthen our security practices. This role requires a proven leader with strong expertise in Application Security, DevSecOps, and Vulnerability Management , along with the ability to manage a high-performing team.

Key Responsibilities:

• Lead and manage a team of 7 security professionals.
• Oversee Application Security including SAST & DAST implementation and reviews .
• Integrate security practices into CI/CD pipelines .
• Drive Vulnerability Assessment & Remediation activities.
• Collaborate with Development, DevOps, and Infrastructure teams to ensure secure design and delivery.
• Provide technical guidance on security best practices across multiple projects.
• Exposure to cloud platforms (GCP/AWS ) will be an added advantage.

Required Skills & Experience:

• Strong hands-on experience in Application Security, SAST, and DAST .
• Solid understanding of DevSecOps frameworks and CI/CD security integration.
• Proven experience in Vulnerability Management .
• Knowledge of Cloud Security (preferably GCP/AWS ).
• Excellent leadership, communication, and stakeholder management skills.

Interested candidates can share their updated resume at:

If you’re passionate about driving security initiatives and leading a dynamic team, we’d love to connect with you!

The ideal candidate will have a wealth of experience tackling various hardware and software problems. They should be comfortable providing technology solutions to employees and working closely with third party software companies to adopt new technologies and efficiently use existing ones. This candidate should have prior experience working with information technology and understand the latest technology trends to ensure the technology in place is up to date.

Responsibilities

• Conduct vulnerability assessments and penetration tests to identify security weaknesses in an organization's systems and networks.
• Evaluate, rate, and perform risk assessments on assets.
• Prioritizing vulnerabilities discovered along with remediation timeline(s)
• Send and receive notifications to the SMEs of vulnerabilities within the environment.
• Maintain knowledge of the threat landscape.
• Provide reporting and analysis and follow up.
• Provide vulnerability analysis and produce reports for management.
• Develop and implement security policies and procedures to prevent cyber-attacks.
• Monitor network traffic and identify potential security threats.
• Investigate security incidents and provide recommendations for remediation.
• Conduct risk assessments to identify potential security threats and vulnerabilities.
• Stay up-to-date on the latest security threats and vulnerabilities.
• Provide training and guidance to other security professionals.

Skills

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in vulnerability management.
• Strong understanding of vulnerability assessment and penetration testing methodologies.
• Familiarity with vulnerability scanning tools and reporting solutions.
• Experience with risk assessment and prioritization techniques.
• Excellent communication and writing skills.
• Ability to work independently and as part of a team.
• Strong analytical and problem-solving skills.

Preferred Qualifications:

• GIAC GCIH certification.
• Experience with information security management systems (ISMS).
• Experience with cloud security.
• Experience in Tenable

Regards

Shyam J

Senior HR Analyst

106-109, Anna Salai, Guindy, Chennai –

M:

• About EXELA
• Instagram
• LinkedIn

As Information Security Manager at / , you will serve as a critical link between global security functions and local business units, ensuring seamless adoption of group-provided security services while driving stakeholder alignment. This role requires an outgoing professional with exceptional coordination skills, a deep understanding of Indian business culture, and the ability to support group-wide security objectives. You will work closely with internal teams, external auditors, and leadership to maintain a robust internal control framework that meets the regulatory requirements aligned with industry's best practices.

• Stakeholder Management: Develop and maintain strong relationships with local business leaders, IT teams, and global stakeholders to align group security strategies with local business objectives.

• Security Governance: Support the implementation of group-provided security policies, standards, and frameworks, ensuring compliance with local regulations (e.g., DPDP Act) and global standards (e.g., ISO 27001, GDPR).

• Cultural Alignment: Leverage deep knowledge of Indian business culture to effectively communicate and integrate group security initiatives within local teams, fostering a collaborative group-wide security culture.

• Coordination: Facilitate coordination between group security teams and local business units, ensuring effective rollout of group-provided risk management, training & awareness, IT compliance, BCM, and incident management processes.

• Local Advocacy: Represent local business needs to group security teams, ensuring group-provided services are tailored to India-specific requirements.

• Incident Support: Support local incident response activities by adhering to group-aligned security incident management processes, ensuring effective communication and resolution.

• Reporting: Provide clear, concise updates to senior leadership on the adoption of group security initiatives, local compliance, incident status, and stakeholder feedback, bridging local and global perspectives.

• Cultural Competence: Strong understanding of Indian business practices, communication styles, and workplace dynamics, with proven ability to navigate multicultural environments.

• Stakeholder Engagement: Outgoing personality with a demonstrated ability to influence stakeholders and foster collaboration across diverse teams.

• Security Knowledge: Familiarity with Application security, security governance, compliance frameworks, and group-aligned incident management processes, with awareness of local and global regulations.

• Coordination Skills: Proven ability to manage cross-functional coordination, align diverse teams, and execute initiatives in a fast-paced environment.

• Communication: Excellent verbal and written communication skills in English.

• Bachelor's degree in information security / computer science / information technology.

• 7-10 years in information security or related roles, with at least 3 years in a stakeholder-facing or coordination role. Experience in India with multinational organizations is highly desirable.

• Certifications (e.g., CISSP, CISM, CRISC) are preferred.

Role Overview

The Manager will be responsible for driving the organizations information security strategy, governance, and compliance programs. This role ensures that security policies, processes, and controls are in place to protect critical business systems, data, and infrastructure against evolving cyber threats. The incumbent will lead cross-functional teams, coordinate with business units, and collaborate with external partners to strengthen the overall security posture of the organization.

Key Responsibilities

Strategic Leadership

• Define and implement the organization's Information Security strategy aligned with business objectives and regulatory requirements.
• Establish and maintain security governance, frameworks, and policies (ISO 27001, NIST, CIS, GDPR, etc.).
• Develop long-term security roadmaps covering risk management, compliance, and incident response.

Risk & Compliance Management

• Conduct enterprise-wide risk assessments and drive mitigation measures.
• Ensure compliance with internal security standards and external audits (ISO, SOC2, GDPR, CERT-In, etc.).
• Manage ISMS implementation and periodic reviews.

Security Operations

• Oversee Security Operations Center (SOC), endpoint security, network defense, data protection, and vulnerability management.
• Lead incident detection, response, and recovery activities.
• Implement and monitor Data Loss Prevention (DLP), Identity & Access Management (IAM), and Zero Trust models.

Technology & Process Enablement

• Evaluate, implement, and optimize security tools (SIEM, SOAR, EDR/XDR, Cloud Security, IAM).
• Drive secure adoption of cloud, mobility, and digital platforms.
• Ensure secure software development lifecycle (DevSecOps).

Awareness & Training

• Build security awareness programs for employees, contractors, and leadership.
• Conduct phishing simulations and regular cyber drills.
• Leadership & Stakeholder Management
• Lead and mentor a team of security professionals.
• Collaborate with IT, Legal, HR, and Business Leaders to embed security into business processes.
• Act as the primary contact for security incidents and regulatory interactions.

Job Description:

We are seeking an Information Security Manager with 2–4 years of experience to safeguard organizational data and IT infrastructure. The candidate will manage cybersecurity policies, incident response, and security audits.

Responsibilities:

• Implement and maintain IT security policies.
• Manage security operations, firewalls, and SIEM tools.
• Monitor and respond to cyber threats.
• Conduct vulnerability assessments and penetration testing.

Qualifications:

• Bachelor's in IT/Computer Science.
• 2–4 years of experience in Information Security.
• Certifications like CISSP, CISM, CEH preferred.

Salary: Up to 10 LPA

Job Type: Permanent

Pay: ₹800, ₹1,000,000.00 per year

We are looking for Information Security Professional in our Corporate office.

Experience: 7-10 years of experience in security and privacy roles.

Monitor, investigate, and respond to security incidents using DLP, EDR, and MDR solutions.

• Conduct Vulnerability Assessment and Penetration Testing (VAPT) to identify and mitigate risks.
• Implement and manage Data Loss Prevention (DLP) strategies to safeguard sensitive information.
• Ensure compliance with ISO 27001/27002 controls and support audit requirements.
• Analyze security events, perform root cause analysis, and recommend remediation measures.
• Collaborate with internal stakeholders to enhance the overall security posture
• Partner with internal departments, such as IT, Compliance, and Risk Management, to identify security gaps, implement best practices, and enhance overall cybersecurity measures.
• Conduct regular assessments of the organization's systems, networks, and processes to identify and mitigate potential security and privacy risks.
• Develop and enforce security and privacy policies, ensuring alignment with industry standards and regulatory requirements.
• Lead and participate in incident response activities, including investigation, analysis, and resolution of security incidents.
• Develop and deliver security awareness training programs to educate employees on security best practices and privacy guidelines.
• Implement and manage vulnerability assessment programs to identify and remediate security vulnerabilities in a timely manner.
• Ensure the protection of sensitive data through encryption, access controls, and other relevant measures.
• Work closely with cross-functional teams to integrate security and privacy considerations into the development lifecycle of applications and systems.
• Stay current with relevant security and privacy regulations, ensuring the organization's compliance with applicable laws.

Work Experience & Educational/Professional Certifications

• 7-10 Years of experience in cybersecurity.
• Proficiency in EDR, MDR, VAPT, and ISO 27001/27002.
• Strong analytical and problem-solving skills.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Industry-recognized certifications such as ISO 27001 LA,/LI, CEH, Security+ are a plus.
• Strong knowledge of security frameworks, standards, and best practices.
• Experience with risk management, policy and process documentation, and security assessments.
• Excellent communication skills and the ability to collaborate with diverse teams.