Manager - Information Security

Be the First to Apply

Job Description

Manager - Information SecurityJOB OVERVIEW
The incumbent will be responsible for managing enterprise Information & Cybersecurity operations, compliance, risk assessments, and security assurance activities across applications, IT infrastructure, cloud platforms, and emerging technologies. The role supports the organization’s overall security posture through proactive risk identification, incident management, security assessments, technology evaluations, and governance activities, while ensuring adherence to regulatory and corporate security requirements.

KEY ROLES & RESPONSIBILITIES

1. Information Security Compliance

• Responsible for managing Information & Cybersecurity compliance requirements in line with internal security policies, regulatory frameworks, and industry best practices.

• Support internal and external audits, security certifications, and periodic compliance assessments across Piramal Pharma entities.

 

2. Risk Assessment & Risk Management

• Perform periodic risk assessments for key business applications, IT infrastructure, cloud workloads, and third‑party platforms.

• Ensure security risks are identified, documented, tracked, and mitigated through appropriate risk treatment plans in coordination with IT and business teams.

 

3. Application, Infrastructure & Network Security

• Manage and coordinate application security practices including penetration testing, vulnerability assessments, secure configuration reviews, and remediation tracking.

• Support endpoint security, network security, data leakage protection (DLP), and continuous security monitoring activities.

• Track and closure of security findings arising from assessments, audits, and incidents.

 

4. Cloud Security

• Support design, implementation, and monitoring of cloud security controls across public and hybrid cloud environments (AWS / Azure / GCP, as applicable).

• Perform cloud security risk assessments covering cloud-hosted applications, workloads, identities, and data repositories.

• Ensure adherence to cloud security best practices, internal standards, and regulatory requirements, including shared responsibility considerations.

• Work with infrastructure and application teams to review secure cloud architectures, IAM configurations, logging, monitoring, and baseline hardening.

• Coordinate remediation of cloud security gaps identified through assessments, audits, or monitoring activities.

 

5. AI & Emerging Technology Security

• Support security and risk assessments of AI / ML-based tools and platforms, including internally developed and third‑party solutions.

• Evaluate data security, privacy, access control, and compliance risks associated with AI use cases.

• Ensure AI and emerging technology solutions comply with organizational Information Security, Data Protection, and regulatory requirements.

• Assist in defining and enforcing security guardrails for responsible use of AI technologies, including data usage, access, and output handling.

• Participate in Proof of Concept (PoC) evaluations of AI, automation, and emerging technologies from an Information Security standpoint.

• Track evolving AI security threats and risk scenarios and recommend appropriate mitigation controls.

 

6. Security Incident Management

• Ensure potential security incidents are correctly identified, analyzed, investigated, documented, and reported.

• Coordinate with SOC, IT teams, and external partners for timely containment, remediation, and post‑incident reviews.

• Support ongoing operational components of Enterprise Information Security.

 

7. Security Reporting & Governance

• Periodically prepare and present reports on IT security compliance, risks, incidents, and overall security posture to Information Security leadership and the CISO.

• Maintain security dashboards, metrics, risk registers, and audit evidence for management and regulatory reporting.

 

8. Cybersecurity Technology Evaluation

• Evaluate new cybersecurity solutions and perform Proof of Concept (PoC) activities based on business and security requirements.

• Provide technical assessments and recommendations for adoption, enhancement, or replacement of security tools.

 

9. Business Continuity Management (BCM)

• Manage and support the Business Continuity Management (BCM) program in line with regulatory and organizational requirements.

• Coordinate BCP and DR drills, gap assessments, documentation reviews, and corrective action tracking with IT and business stakeholders.

 

10. Vendor & Third‑Party Security

• Work with IT vendors, service providers, and partners to ensure adherence to contractual security and compliance requirements.

• Support third‑party risk assessments and security due‑diligence activities.

 

SKILLS & COMPETENCIES

• Strong knowledge of Information Security frameworks, risk management, and compliance

• Hands‑on exposure to vulnerability management, penetration testing coordination, and incident response

• Working knowledge of cloud security concepts and shared responsibility models

• Understanding of AI / GenAI security, data protection, and privacy risks

• Ability to assess and secure new and emerging technologies

• Strong documentation, reporting, and stakeholder management skills

• Analytical mindset with strong problem‑solving abilities

 

REPORTING STRUCTURE

• Reports to: Associate General Manager – Information Security

 

QUALIFICATIONS

Education

• Bachelor’s degree in Engineering / Technology (B.E., B.Tech).

• MBA or equivalent qualification is preferred.

Certifications (Preferred)

• CISA / CISSP / CRISC

• ISO 27001 Lead Implementer or Lead Auditor

• Relevant Cloud or Cybersecurity certifications (preferred)

 

EXPERIENCE

• 8 – 12 years of relevant experience in Information Security, Cybersecurity, IT Risk, or Security Operations.

• Preferred Experience working in regulated environments (Pharma / Life Sciences preferred).