Information Security Manager at Sigmoid

<p><strong>Job Title: Cybersecurity Manager</strong></p> <p><strong>Location:</strong> Bengaluru / Hybrid<br><strong>Department:</strong> Information Security</p> <p><strong>Role Overview</strong></p> <p>We are seeking an experienced Cybersecurity Manager to lead and mature enterprise security programs across governance, cyber risk management, compliance, cloud security, AI security governance, and certification initiatives.</p> <p>This role will be responsible for cyber risk management, IT audits, vulnerability governance, certification ownership, and enterprise security programs across key standards including SOC 2 Type II, ISO 27001, PCI-DSS, and HIPAA.</p> <p>The role will also lead AI risk management and Responsible AI initiatives to ensure secure adoption of emerging technologies.</p> <p><strong>Key Responsibilities</strong></p> <ol> <li><strong> Security Strategy &amp; Governance</strong></li> </ol> <ul> <li>Define and execute enterprise cybersecurity strategy aligned to business objectives and regulatory requirements&nbsp;</li> <li>Establish security policies, standards, and governance frameworks&nbsp;</li> <li>Drive adoption of security frameworks including NIST CSF, ISO 27001, and CIS Controls&nbsp;</li> <li>Govern security operations from risk and governance perspective&nbsp;</li> <li>Review security incidents, operational risks, trends, and management reporting&nbsp;</li> <li>Support incident readiness and post-incident governance activities&nbsp;</li> </ul> <ol> <li><strong> Cyber Risk Management</strong></li> </ol> <ul> <li>Lead enterprise cyber risk management programs including risk identification, assessment, treatment, and reporting&nbsp;</li> <li>Maintain risk registers and executive reporting&nbsp;</li> <li>Integrate cyber risks across cloud, applications, AI systems, infrastructure, and third parties&nbsp;</li> </ul> <ol> <li><strong> IT Audits &amp; Compliance Ownership</strong></li> </ol> <p style="padding-left: 40px;">Own enterprise certification and audit programs including:</p> <ul> <li>SOC 2 Type II&nbsp;</li> <li>ISO 27001 / ISO 27701&nbsp;</li> <li>PCI-DSS&nbsp;</li> <li>HIPAA&nbsp;</li> </ul> <p style="padding-left: 40px;">Responsibilities include: Responsibilities include IT audits, certification readiness, evidence management, remediation tracking, and client assurance support.</p> <ol> <li><strong> Vulnerability Governance</strong></li> </ol> <ul> <li>Govern enterprise vulnerability management programs&nbsp;</li> <li>Oversee VAPT activities and remediation tracking&nbsp;</li> <li>Drive risk-based prioritization and exposure reduction initiatives&nbsp;</li> </ul> <ol> <li><strong> AI Risk Management &amp; Responsible AI</strong></li> </ol> <ul> <li>Define AI security and AI risk management frameworks&nbsp;</li> <li>Identify risks related to AI systems including data leakage, model manipulation, privacy, and bias risks&nbsp;</li> <li>Drive Responsible AI governance and policy implementation&nbsp;</li> <li>Support secure AI lifecycle initiatives&nbsp;</li> </ul> <ol> <li><strong> Security Architecture &amp; Engineering Governance</strong></li> </ol> <ul> <li>Collaborate with IT and engineering teams on secure architecture initiatives&nbsp;</li> <li>Promote Zero Trust, identity-first security, and secure SDLC practices&nbsp;</li> </ul> <ol> <li><strong> Vendor Risk Management &amp; Security Awareness</strong></li> </ol> <ul> <li>Conduct vendor risk assessments and third-party reviews&nbsp;</li> <li>Support supplier security governance and contractual security requirements&nbsp;</li> <li>Lead enterprise awareness programs and phishing initiatives&nbsp;</li> <li>Promote organization-wide security culture initiatives&nbsp;</li> </ul> <p><strong>Required Qualifications</strong></p> <ul> <li>Bachelor’s degree in Cybersecurity / IT / Engineering or related fields&nbsp;</li> <li>8–12+ years cybersecurity experience&nbsp;</li> <li>3–5 years in leadership roles&nbsp;</li> <li>Experience in cyber risk, audits, certifications, cloud security, and governance programs&nbsp;</li> <li>Experience supporting client assurance and regulatory initiatives&nbsp;</li> </ul> <p><strong>Preferred Certifications</strong></p> <p>CISSP | CISM | CISA | CRISC | CCSP | ISO 27001 Lead Implementer / Lead Auditor | SC-100 | AZ-500</p> <p><strong>Key Skills</strong></p> <ul> <li>Cyber Risk Management&nbsp;</li> <li>IT Audit &amp; Compliance (SOC2, ISO, PCI-DSS, HIPAA)&nbsp;</li> <li>Vulnerability Governance &amp; VAPT&nbsp;</li> <li>Cloud Security Governance&nbsp;</li> <li>AI Risk Management &amp; Responsible AI&nbsp;</li> <li>Security Governance&nbsp;</li> <li>Vendor Risk Management&nbsp;</li> <li>Leadership &amp; Stakeholder Management</li> </ul><div class="content-conclusion"><p><strong>Note:</strong></p> <blockquote class="gmail_quote"><em>By submitting your application, you consent to being contacted by our Talent Acquisition team via phone call, email, SMS, WhatsApp, or other communication channels regarding your application and relevant career opportunities.</em></blockquote> <p></p></div>