IT Security Manager

Job description
About The Role

We are hiring an experienced IT Security Manager to lead our enterprise-wide security initiatives in the Banking & Financial Services domain. You will be responsible for defining and enforcing security standards across applications, infrastructure, data, and user environments, ensuring compliance with RBI and other regulatory requirements.

This is a strategic and hands-on role suited for a security leader who understands the unique challenges of financial systems and enterprise-grade IT infrastructure.

Key Responsibilities
• Define and implement enterprise-level security policies, frameworks, and controls aligned with RBI guidelines, ISO 27001, and other BFSI regulations.
• Lead end-to-end security operations: vulnerability management, threat detection, incident response, and security monitoring.
• Work closely with Compliance, DevOps, Cloud, and Infrastructure teams to embed security into all layers of IT.
• Oversee data protection and privacy efforts, including encryption, data classification, DLP, and secure data sharing.
• Conduct regular internal/external audits, third-party risk assessments, and compliance checks.
• Establish and manage Identity & Access
• Manage enterprise security tools such as SIEM, endpoint protection, firewalls, IDS/IPS, and antivirus.
• Lead employee security awareness and training programs across the organization.
• Coordinate with regulators, auditors, and client teams for security reviews and certifications.
• Stay updated with BFSI-specific cyber threats and regulatory changes.

Required Skills & Qualifications
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 7+ years of experience in IT Security, with 3+ years in a BFSI or regulated enterprise environment.
• Strong knowledge of RBI cybersecurity guidelines, ISO 27001, NIST, SOC 2, and data privacy laws (DPDP/GDPR).
• Experience in securing enterprise applications (core banking, lending, payments, etc.) and cloud infrastructure (AWS, Azure).
• Hands-on experience with tools like SIEM, WAF, EDR, DLP, IAM, vulnerability scanners, and endpoint security platforms.
• Deep understanding of network security, application security (including mobile/web), and secure SDLC practices.
• Security certifications preferred: CISSP, CISM, CEH, CRISC, ISO 27001 Lead Implementer/Auditor.