Information Security Manager – Global

About the role

The Information Security Manager reports directly to the CIO and leads the operational execution of the organization’s information security program on a global scale. The role focuses on managing security operations, driving governance, risk and compliance initiatives, and securing cloud and SaaS environments while collaborating closely with IT, development, sales, legal and compliance teams.

Key responsibilities

• Lead core security functions including SecOps, vulnerability management and incident response.
• Drive security programs such as security awareness, data loss prevention (DLP) and identity and access management (IAM).
• Administer and optimise security tools (SIEM, EDR, DLP, etc.).
• Establish and mature the GRC framework, manage risk registers and conduct regular risk assessments for SaaS/cloud services.
• Ensure compliance with laws, regulations and standards (e.g., ISO 27001, SOC 2, CERT‑In directives, DPDP Act).
• Prepare for internal and external audits, manage remediation efforts and enforce security policies.
• Develop and implement security controls for SaaS applications and provide guidance during adoption.
• Partner with development teams on Secure SDLC practices, threat modeling and application security testing.
• Support sales cycles with security expertise and respond to client security questionnaires.

Required profile

• Proven experience leading information security operations in a global or multi‑regional environment.
• Strong understanding of GRC processes, risk assessment methodologies and regulatory compliance.
• Excellent collaboration skills with cross‑functional teams including IT, development, legal and sales.
• Ability to communicate security posture effectively to internal stakeholders, auditors and external clients.
• Senior‑level experience (typically 8+ years) in cybersecurity or information security management.

Required skills

• Security Operations (SecOps), Vulnerability Management, Incident Response
• Security Awareness, Data Loss Prevention (DLP), Identity & Access Management (IAM)
• Security tools: SIEM, Endpoint Detection & Response (EDR)
• Cloud and SaaS security controls
• Secure Software Development Lifecycle (Secure SDLC), Threat Modeling, Application Security testing
• GRC frameworks and standards: ISO 27001, SOC 2