Apply on Kit Job: kitjob.in/job/4mqo1g

PURPOSE OF THE ROLE

The Manager / Divisional Manager - IT Security & Governance is responsible for implementing and operating cybersecurity, information security governance, and incident response capabilities across IT and OT environments in a manufacturing setup. The role protects the confidentiality, integrity, and availability of information assets while aligning security controls with business, regulatory, and compliance requirements.

KEY ROLES AND RESPONSIBILITIES

Cyber Security & Incident Response

- Own the full cyber security incident response lifecycle: detection, containment, eradication, recovery, and post-incident review.
- Develop and maintain incident response plans, playbooks, and runbooks.
- Coordinate incident response with SOC, IT, OT, legal, risk, and business stakeholders.
- Conduct tabletop exercises and simulations to test cyber resilience.

Security Operations Center (SOC)

- Oversee in-house or managed SOC operations.
- Ensure effective monitoring of SIEM, EDR, IDS/IPS, and log management platforms.
- Define security use cases, alert thresholds, escalation procedures, and reporting metrics.
- Review SOC performance, KPIs, and incident trends.

Data Protection & Data Privacy

- Implement and govern data protection controls across applications, infrastructure, and endpoints.
- Support compliance with GDPR, TISAX, and applicable local data protection laws.
- Drive data classification, encryption, DLP, and access control frameworks.
- Support Privacy Impact Assessments / DPIA with legal and compliance teams.

IT Audits & Compliance

- Lead and coordinate internal and external IT security audits.
- Ensure ongoing compliance with ISO/IEC 27001, customer security requirements, and regulatory expectations.
- Manage risk assessments, control testing, audit findings, and remediation plans.
- Maintain security policies,



standards, procedures, and evidence repositories.

Security Engineering

- Work with IT and OT teams to design and implement secure architectures.
- Review and approve security controls for network, endpoint, IAM, cloud, and hybrid environments.
- Embed security in projects, system changes, and vendor onboarding.

Cyber Insurance, Vendor Management & Roadmap

- Support cyber insurance policy selection, renewal, claims, and alignment with security control requirements.
- Manage security vendors, MSSPs, and technology partners.
- Provide regular security risk and posture reporting to management.
- Work with external advisors / SMEs to create and support a groupwide security strategy and roadmap.

KEY STAKEHOLDERS

Internal Stakeholders

External Stakeholders

Cross Functional Heads / End Users

Application Support Partners

Business Leaders / Apex / MD

Functional Consultants / SMEs; Licensing / Application Providers

REQUIREMENTS

Category

Requirement Summary

Education

Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent.

Mandatory Certification

CISSP or CISM.

Preferred Certifications

ISO 27001 Lead Implementer / Lead Auditor, CISA, GIAC Incident Response / SOC-related certification, and cloud security certifications.

Experience

8+ years of experience in Information Security / Cyber Security roles, including hands-on experience in security governance, SOC operations, incident response,



IT/OT security, audits, compliance, and vendor risk management.

REQUIRED EXPERIENCE AREAS

- Incident response and crisis management.
- Security operations and monitoring.
- IT and OT security in a manufacturing environment.
- Regulatory and compliance management, audit and assurance, and ISO 27001 implementation.
- Vendor and third-party risk management.
- Policy, standards, and control frameworks.
- Data protection technologies including encryption, DLP, key management, IAM, network security, and endpoint security.
- Cloud security fundamentals across AWS, Azure, and hybrid environments.

FUNCTIONAL / TECHNICAL COMPETENCIES

Competency

Expected Level

Information Security Governance

3 - Proficient

Vulnerability Management & Patch Governance

3 - Proficient

ISO/IEC 27001 - ISMS implementation, audits, and continuous improvement

3 - Proficient

Security Operations & SOC - SIEM, EDR, XDR, IDS/IPS

3 - Proficient

Cyber Risk Management

3 - Proficient

BEHAVIORAL / LEADERSHIP COMPETENCIES

Competency

Expected Level

Accountability

4 - Advanced

Judgement & Decision Making

3 - Proficient

Problem Solving & Prevention

3 - Proficient

Critical Thinking & Analysis

3 - Proficient

Stakeholder Management & Collaboration

3 - Proficient

IDEAL CANDIDATE SUMMARY

The ideal candidate is a cybersecurity and governance professional with robust experience in SOC operations, incident response, IT/OT security, ISO 27001 compliance, audits, data protection controls, and third-party risk management. The candidate should be able to work with senior leadership, plant and business teams, IT/OT stakeholders, vendors, and external advisors to strengthen enterprise security posture and support a groupwide security roadmap.

Apply on Kit Job: kitjob.in/job/4mqo1g

📌 Manager / Divisional Manager - IT Security & Governance (India)
🏢 Recloud Consulting
📍 India