CareerStation
IF

Senior Information Security & Control Manager

Ifintalent Global Private Limited
Pune3-6 LPA Posted 14 Nov 2025
FULL TIME
business impact analysis
Cybersecurity
Risk Assessment
Compliance Management
Crisis Management

Job Description

Key Responsibilities:

1. Enterprise IT Risk Assessment & Control Framework Oversight

  • Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
  • Define and manage control frameworks to address key risk areas, especially in cloud, hybrid, and multi-tenant environments.
  • Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
  • Oversee business impact analyses, risk appetite assessments, and the integration of risk controls into broader IT governance.

2. Security Operations & Incident Oversight

  • Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
  • Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
  • Evaluate detection and response capabilities, and implement enhancements for real-time threat intelligence and response workflows.
  • Define SOC performance metrics and ensure adherence to service-level agreements and best practices.

3. Compliance Management & Regulatory Alignment

  • Lead enterprise compliance efforts with international and local regulations (e.g., GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS).
  • Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
  • Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
  • Act as a strategic liaison between technical teams, compliance officers, and legal counsel.

4. Data Privacy & Protection Governance

  • Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
  • Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
  • Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.

5. Crisis Management & Business Continuity Leadership

  • Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
  • Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery.
  • Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.

6. Security Awareness, Training & Stakeholder Engagement

  • Develop organization-wide training programs to promote security best practices and compliance awareness.
  • Deliver executive workshops and functional team training on cybersecurity risks, policy compliance, and secure operations.
  • Foster a culture of accountability and security ownership across business units and client organizations.

7. Strategic Threat Intelligence & Regulatory Monitoring

  • Monitor emerging cybersecurity threats, evolving attack vectors, and global regulatory developments.
  • Translate external intelligence into actionable internal strategies, technology investments, and control adjustments.
  • Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.

8. Reporting, Governance, and Executive Communication

  • Oversee the creation of risk dashboards, compliance status reports, and security performance metrics for executive audiences.
  • Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
  • Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.

Required Qualifications:

  • Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, or related discipline.
  • 8-14 years of experience in cybersecurity, IT risk management, compliance, or information security governance, with 3+ years in managerial role.
  • Deep expertise in regulatory standards and control frameworks, such as ISO 27001, NIST, COBIT, PCI-DSS, GDPR, Law 25, and PIPEDA.
  • Strong knowledge of SOC operations, SIEM tools, threat detection, and incident response strategies.
  • Proven ability to manage and influence stakeholders at all levels, including C-suite and board members.
  • Excellent written and verbal communication skills in French and English.
  • Preferred certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent.

Required Skills

business impact analysisCybersecurityRisk AssessmentCompliance ManagementCrisis Management
Join WhatsApp Channel