General Manager IT Services (Cybersecurity & Audit)
Location : Bengaluru
Employment Type : Full Time
Roles and Responsibilities
- Continuously monitor infrastructure to identify and respond to security threats and vulnerabilities.
- Involve in regular vulnerability assessments, penetration testing, and threat analysis.
- Implement and enforce data protection strategies aligned with confidentiality, integrity, and availability principles.
- Investigate and respond to security incidents, including breaches, malware, and unauthorized access, across both internal and client networks.
- Design and update information security policies and SOPs, aligned with industry best practices.
- Conduct security awareness and training programs for internal teams and all other stakeholders.
- Evaluate and deploy advanced security tools (e.g., SIEM, EDR, DLP) to strengthen the organizations and clients security postures.
- Ensure compliance with IT service industry standards and regulations such as ISO 27001, DPDPA, GDPR, and HIPAA.
- Perform internal audits to evaluate IT security controls and risk management processes across business units and client projects.
- Support external audits and third party assessments, ensuring evidence gathering, audit readiness, and successful certification outcomes.
- Conduct ITGC, system access reviews, change management audits, and disaster recovery assessments.
- Identify compliance gaps and provide recommendations for process and control improvements.
- Lead forensic audits and post incident investigations, document findings, and support legal or client-driven actions.
- Collaborate with cross-functional teams (IT, Legal, Tech, etc.) to implement audit findings and close action items.
- Maintain audit logs, risk registers, and evidence repositories in accordance with internal governance and client SLAs.
Skills and Qualifications
Bachelors degree in Cybersecurity, Information Technology, or related field.Professional certifications such as CISSP, CISA, CISM, CEH, CompTIA Security , ISO 27001 LA preferred.Strong knowledge of network and endpoint security, encryption standards, firewalls, vulnerability management, and identity access management.Familiarity with IT audit frameworks (COBIT, NIST, ITIL) and compliance management tools.Experience working in or with Managed Security Services Providers (MSSP) or IT outsourcing clients is a plus.Strong analytical, documentation, and communication skills with client-facing experience.