4+ Information security governance Jobs in India

Review Criteria:

Mandatory:

• Strong IT Infrastructure Lead Profile
• Must have 10+ years of hands-on experience in global IT Infrastructure management, including administration of Azure Entra ID, Office 365 Suite (Outlook, SharePoint, OneDrive), Azure Exchange, Microsoft Teams, Intune, and Windows Autopilot
• Must have strong expertise in Azure/Office 365 compliance and governance, including audit readiness, data governance policies, and global regulatory frameworks (e.g., GDPR, HIPAA)
• Must have solid experience managing IT operations end-to-end: user onboarding/offboarding, identity & access management, SAML/SSO integrations, and enterprise-wide provisioning/deprovisioning
• Must have strong knowledge and hands-on experience with FortiGate Firewalls, FortiGate WiFi, VPN, routing, subnetting, and overall network administration
• Must have proven capability in endpoint and device management: ManageEngine Endpoint Central, Assets Explorer, Antivirus Endpoint Security, JAMF (macOS), and multi-OS troubleshooting (Windows, Linux, Mac)
• Must have strong Jira/Confluence administration experience for global teams, including configuration, access control, and workflow governance
• Must have experience supporting, patching, updating, and troubleshooting multi-OS environments (Windows, Linux, macOS) with strong focus on security hardening and vulnerability fixes
• Must have strong hands-on experience in shell scripting / bash / PowerShell for automation, system tasks, and operational efficiency
• Must have experience in configuration and troubleshooting of Cisco/Polycom audio-video solutions and collaboration tools

Preferred:

• Experience with Highspot, HubSpot, Gong, or similar platforms for basic administration
• Strong background in cybersecurity frameworks, risk management, IT governance, incident response, and GRC practices
• Bachelor’s or master’s degree in information technology, Computer Science, or related field
• Candidates from NCR/Noida preferred

Role & Responsibilities:

The incumbent will be responsible for managing and enhancing the company’s IT infrastructure, cybersecurity, and IT operations globally. This role will require a strategic leader with a hands-on approach to overseeing infrastructure design, network security, data privacy, and compliance. The IT Head will drive initiatives to maintain a secure, efficient, and scalable technology environment that aligns with company’s business goals.

Key Responsibilities-

IT Infrastructure Management:

• Lead the design, implementation, and management of the IT infrastructure across company’s global offices.
• Oversee IT systems, network architecture, hardware, and software procurement, and ensure optimal performance and uptime.
• Plan and execute IT modernization and digital transformation initiatives to support business growth.

Cybersecurity and Risk Management:

• Establish and maintain robust cybersecurity policies, frameworks, and controls to protect the company’s data, systems, and intellectual property.
• Monitor, detect, and respond to cybersecurity threats, vulnerabilities, and breaches.
• Implement secure access controls, multi-factor authentication, and endpoint security measures to safeguard global IT environments.

Compliance and Data Privacy:

• Ensure compliance with global data privacy regulations, such as GDPR, HIPAA, and other applicable data protection laws.
• Support internal and external audits, ensuring adherence to regulatory and industry standards.

IT Governance and Strategy:

• Develop and execute the IT strategy in alignment with company’s business objectives.
• Create and enforce IT policies, procedures, and best practices for global operations.
• Prepare and manage the IT budget, ensuring cost-effective solutions for infrastructure and security investments.

Vendor Management and Contract Negotiations:

• Build and manage relationships with technology vendors, service providers, and consultants.
• Negotiate contracts to achieve favorable pricing and terms for the company.

Team Leadership and Development:

• Lead, mentor, and develop a high-performing IT team across multiple geographies.
• Foster a culture of innovation, collaboration, and continuous learning.

Ideal Candidate:

• Bachelor’s or master’s degree in information technology, Computer Science, or a related field.
• 10+ years of progressive experience in IT infrastructure, security, and operations, with at least 7 years in a senior leadership role.
• Strong experience in managing global IT environments, distributed teams, and multi-office setups.
• Administer and manage Azure Entra ID, Office 365 suite (Outlook, SharePoint, OneDrive), Azure Exchange, Microsoft Teams, Microsoft Intune, Windows Autopilot, and related services.
• Configure and manage SAML/Azure SSO integrations across enterprise applications.
• Ensure Office 365 compliance management, including audit readiness and data governance policies.
• Handle user onboarding and offboarding, ensuring secure and efficient account provisioning and deprovisioning.
• Oversee IT compliance frameworks, audit processes, and IT asset inventory management, attendance systems.
• Administer Jira, FortiGate firewalls and Wi-Fi, FortiGate EMS, antivirus solutions, and endpoint management systems.
• Provide network administration: routing, subnetting, VPNs, and firewall configurations.
• Support, patch, update, and troubleshoot Windows, Linux, and macOS environments, including applying vulnerability fixes and ensuring system security.
• Manage JAMF, ManageEngine Endpoint Central, and Assets Explorer for device and asset management.
• Provide configuration and basic administration knowledge for Highspot, HubSpot, and Gong platforms.
• Set up, manage, and troubleshoot Cisco and Polycom audio/video conferencing systems.
• Provide remote support for end-users, ensuring quick resolution of technical issues.
• Monitor IT systems and network for performance, security, and reliability, ensuring high availability.
• Collaborate with internal teams and external vendors to resolve issues and optimize systems.
• Working Knowledge of data privacy regulations (GDPR, HIPAA) and experience driving regulatory compliance.
• Strong project management, problem-solving, and stakeholder management skills.
• Document configurations, processes, and troubleshooting procedures for compliance and knowledge sharing.
• Ability to influence cross-functional teams and present technical information to non-technical stakeholders.
• Good Experience in driving GRC

Perks, Benefits and Work Culture:

• Competitive Salary Package
• Generous Leave Policy
• Flexible Working Hours
• Performance-Based Bonuses
• Health Care Benefits

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Qualifications & Experience

• 7–10 years of experience in Information Security, preferably in financial markets / BFSI sector.
• Proven track record of hands-on security implementation in Financial Markets, Trading systems, banking platforms, or other high-transaction environments.
• Strong understanding of security governance, risk management, and compliance processes aligned with international standards.
• Familiarity with tools & platforms like Splunk/QRadar, Qualys, Burp Suite, Nessus, CrowdStrike, or equivalent.
• Certifications preferred: CISSP, CISM, CEH, OSCP, CCSP, or equivalent.
•  

Key Skills

• Deep understanding of perimeter defense, endpoint security, encryption, IAM.
• Strong application security knowledge – OWASP Top 10, secure SDLC, DevSecOps.
• Ability to interface confidently with regulators, auditors, and CXOs.
• Analytical mindset with hands-on troubleshooting ability in complex environments.
• Excellent written and verbal communication skills.

Manager – Information Security

Experience: 10+ years (with minimum 3 years in leadership roles)

Qualification: Bachelors in IT/Computer Science; Preferred: MBA, CISSP, CISM, CISA, ISO

27001/27701 Lead Auditor and Lead Implementor

Key Responsibilities:

 Lead the design, implementation, and continuous improvement of the enterprise-wide ISMS

and PIMS programs.

 Develop and manage the InfoSec strategy aligned with business goals and regulatory

requirements (ISO 27001:2022, ISO 27701:2019, DPDPA, IT Act, CERT-In).

 Oversee security risk assessments, audits, and remediation plans across IT and business

units.

 Manage a team of security professionals; mentor, coach, and evaluate performance.

 Collaborate with Legal, Compliance, IT, and Business stakeholders to ensure security by

design.

 Lead incident response, RCA, and post-mortem reviews.

 Drive security awareness and training programs across the organization.

 Manage security budgets, vendor relationships, and contract negotiations.

Technical Skills:

 Strong knowledge of IBM QRadar SIEM, GTB DLP, CyberArk PAM, Wiz CNAPP, Sentinel

One EDR, Qualys VA and other PT tools.

 Experience in cloud security governance (Preferred on AWS and Azure; Good to have GCP).

 Experience of MITRE ATT&CK, NIST CSF, CIS Controls, OWASP Top 10.

Soft Skills:

 Strategic thinking

 Stakeholder management

 Team leadership

 Excellent communication

 Quality Documentation

email: etalenthire[at]gmail[dot]com

satish: 88O 27 49 743