3,365 IT Security Manager jobs in India

Job Purpose

Management :

• To Strategize, develop and implement Data Protection Controls in coordination with stakeholders across the Organization globally.
• To ensure compliance of the Organization with the defined policy & framework with a data driven approach

Execution

• To ensure that the protection operations are executed effectively in a timely manner and with required quality
• Assists in the development and implementation of Data Protection strategic initiatives. Leads all Data protection related tasks with effective monitoring and protection of information security assets.

Manager – Data Protection has overall responsibility to coordinate and support the Head of Data Privacy and Protection to achieve organization’s Protection strategy and goals.

He/she is a T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management.

Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place.

Key result Areas

• Develop and coordinate with stakeholder (internal/external) to implement Data Protection policies, procedures, and protocols.
• Collaborate with internal departments, such as human resources, business and IT, to ensure compliance with security protocols and standards.
• Drive the creation of a comprehensive data protection framework, ensuring compliance with applicable data security laws.
• Develop and maintain metrics (Key Performance / Risk Indicators) for measuring effectiveness of the managed solution and reporting to key stakeholders.
• Work closely with legal and compliance teams to manage risk, breaches, and audits related to data protection.
• Advice on implementation robust security controls across all stages of the data lifecycle, including data collection, storage, processing, transmission, and destruction.
• Ensure the use of encryption (at rest, in transit) and secure key management strategies.
• Apply anonymization and pseudonymization techniques where required to mitigate privacy risks.
• Collaborate with IT teams to integrate security measures into application and system design from the outset (security by design).
• Good understanding/hands-on knowledge of DLP solution and data classification concepts.
• Raise awareness and provide training about information handling rules to end-users;
• Design and implement controls to reduce information risk and coordinate remediation actions with the support of the business;
• Gather and document business and security requirements, identify and define opportunities and lead the development and implementation of Data Protection Controls that meet business needs.
• Establish an exception management process for scenarios where data protection policies cannot be fully enforced.
• Evaluate and approve security exceptions, ensuring that any deviations from standards are properly justified, documented, and risk-assessed.
• Monitor and review approved exceptions regularly to ensure ongoing security and compliance.

Knowledge, Skills and Experience

Essential knowledge

• Graduate/ Post Graduate degree in Science/ Engineering/ IT.
• Minimum 2 Professional certification related to Information Security like CISM / CISSP./CASP+/ CEH / CCSP
• 8+ years Information Security experience in large financial institution/ banks with minimum 5 years’ experience within Compliance, audit and/or risk function, with recent experience in Data protection projects implementation.
• In-depth knowledge of data encryption, anonymization, pseudonymization techniques.
• Strong understanding of security controls required at different stages of the data lifecycle.

Skills and Application

• Coordinate with internal stakeholders and cross-functional teams to execute Protection initiatives, ensuring that projects are completed on time and achieve desired outcomes.
• Excellent communication skills with the ability to work cross-functionally with different teams.

Strong analytical skills and the ability to evaluate the effectiveness of implemented security measures

• Develop, implement, and maintain the organization's information security strategy and roadmap.
• Oversee the design, implementation, and management of security controls, technologies, and processes.
• Lead and mentor the information security team, fostering a culture of continuous improvement and professional development.
• Manage the information security risk assessment process, identifying vulnerabilities and implementing mitigation strategies.
• Develop and manage the incident response plan, ensuring timely and effective handling of security breaches.
• Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, GDPR, NIST).
• Conduct regular security awareness training for employees.
• Manage relationships with third-party security vendors and service providers.
• Oversee security monitoring, vulnerability management, and penetration testing activities.
• Report on the state of information security to executive management and the board of directors.

• Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Minimum of 10 years of progressive experience in information security, with at least 5 years in a management or leadership role.
• In-depth knowledge of cybersecurity principles, frameworks (e.g., NIST CSF, ISO 27001), and best practices.
• Proven experience in developing and implementing security strategies, policies, and procedures.
• Strong understanding of risk management, incident response, business continuity, and disaster recovery planning.
• Experience with various security technologies, including firewalls, IDS/IPS, SIEM, EDR, and encryption.
• Excellent leadership, communication, and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
• Ability to work effectively in a hybrid environment, balancing remote work with necessary on-site collaboration.

• Developing and executing the organization's information security strategy and roadmap.
• Overseeing the implementation and maintenance of security controls, policies, and procedures.
• Managing and leading the information security team, providing guidance and mentorship.
• Conducting regular risk assessments and vulnerability analyses across all systems and applications.
• Developing and managing the incident response plan, coordinating responses to security breaches.
• Ensuring compliance with relevant industry regulations and legal requirements.
• Collaborating with IT, legal, and business units to integrate security into all aspects of operations.
• Managing security awareness training programs for all employees.
• Overseeing third-party risk management and vendor security assessments.
• Staying current with emerging threats, technologies, and best practices in cybersecurity.
• Managing the security budget and resource allocation.
• Reporting on security posture and key performance indicators to executive leadership.
• Championing security best practices and fostering a proactive security culture.
• Evaluating and recommending new security technologies and solutions.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 10+ years of progressive experience in information security, with at least 3 years in a management role.
• Extensive knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001), risk management, and compliance.
• Proven experience in incident response, threat intelligence, and vulnerability management.
• Strong leadership, team management, and interpersonal skills.
• Excellent written and verbal communication skills, with the ability to present complex information clearly.
• Demonstrated ability to develop and implement strategic security initiatives.
• Relevant security certifications such as CISSP, CISM, or CISA are highly preferred.
• Experience working in a hybrid work environment, balancing on-site and remote collaboration.
• Familiarity with cloud security principles and best practices.

• Develop, implement, and maintain information security policies, standards, and procedures.
• Oversee the management of security infrastructure, including firewalls, intrusion detection/prevention systems, and endpoint security solutions.
• Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Develop and execute incident response plans, managing security breaches and cyberattacks.
• Ensure compliance with relevant data protection regulations (e.g., GDPR, ISO 27001).
• Lead security awareness training programs for employees.
• Manage security risks through threat modeling and risk assessments.
• Collaborate with IT teams to implement secure development practices and system configurations.
• Monitor security alerts and logs for suspicious activity, and respond accordingly.
• Evaluate and recommend new security technologies and solutions.
• Manage relationships with third-party security vendors and service providers.
• Lead and mentor the information security team.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree is a plus.
• Minimum of 7-10 years of experience in information security, with at least 3 years in a management or leadership role.
• In-depth knowledge of cybersecurity frameworks, best practices, and threat landscapes.
• Experience with security technologies such as SIEM, IDS/IPS, firewalls, and encryption.
• Proven experience in incident response and forensic analysis.
• Strong understanding of risk management and compliance principles.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively in a hybrid work environment.
• Relevant security certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

• Develop, implement, and maintain the organization's information security strategy and roadmap.
• Oversee daily security operations, including threat monitoring, incident response, and vulnerability management.
• Lead and mentor the information security team, fostering a culture of security excellence.
• Conduct regular risk assessments, identify vulnerabilities, and implement appropriate mitigation measures.
• Ensure compliance with relevant industry regulations, data privacy laws, and security standards.
• Develop and enforce security policies, standards, and procedures across the organization.
• Manage security awareness training programs for all employees.
• Oversee the selection, implementation, and management of security technologies and tools.
• Act as the primary point of contact for security incidents, leading response and recovery efforts.
• Collaborate with IT, legal, and business units to address security risks and requirements.
• Stay abreast of the latest cybersecurity threats, trends, and technologies, and adapt strategies accordingly.
• Manage relationships with third-party security vendors and service providers.

• Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree or relevant advanced certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• 7+ years of experience in information security, with at least 3 years in a management or leadership role.
• Proven experience in developing and executing comprehensive security programs.
• In-depth knowledge of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), and best practices.
• Strong understanding of network security, application security, cloud security, and data protection.
• Experience with incident response, vulnerability management, and risk assessment methodologies.
• Excellent leadership, communication, and interpersonal skills.
• Demonstrated ability to manage and motivate a team.
• Experience in a hybrid work environment, managing distributed teams and resources effectively.
• Strong project management and organizational skills.
• Ability to think strategically and translate business requirements into security solutions.