Associate Manager - Information & Cyber Security

Job Description

Key Responsibilities

Governance & Compliance

• Manage and maintain Information Security policies, standards, procedures, and guidelines.
• Ensure compliance with industry standards such as SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and client contractual requirements.
• Monitor compliance obligations and track remediation of identified gaps.
• Support the implementation and continuous improvement of the Information Security Management System (ISMS).

Risk Management

• Conduct enterprise and information security risk assessments.
• Maintain the risk register and track mitigation plans.
• Facilitate risk reviews with business and technology stakeholders.
• Perform third-party/vendor risk assessments and due diligence reviews.

Audit & Assurance

• Coordinate internal and external audits, including SOC 2, ISO 27001, and client audits.
• Manage audit evidence collection and control validation activities.
• Track audit findings and ensure timely closure of corrective actions.
• Support the preparation of bridge letters, compliance reports, and audit responses.

Client Security & Regulatory Requirements

• Respond to client security questionnaires and due diligence requests.
• Support client assessments and security reviews.
• Manage contractual security obligations and compliance commitments.
• Collaborate with delivery and business teams to address client security concerns.

Security Awareness & Metrics

• Drive security awareness and compliance training programs.
• Develop and present security metrics, KRIs, and compliance dashboards to management.
• Prepare monthly and quarterly governance reports for leadership review.

Incident & Control Management

• Support security incident governance activities and post-incident reviews.
• Monitor compliance with access management, vulnerability management, endpoint security, and other security controls.
• Track remediation of control deficiencies and compliance exceptions.

Required Qualifications

• 5–8 years of experience in Information Security, Risk Management, Compliance, or Audit.
• Strong understanding of information security frameworks and standards.

Preferred Certifications

• ISO 27001 Lead Auditor/Lead Implementer
• CISA
• CRISC
• CISM

Required Skills

• Knowledge of SOC 2, ISO 27001, NIST, GDPR, HIPAA, and vendor risk management.
• Experience managing audits and compliance programs.
• Strong risk assessment and control evaluation skills.
• Excellent stakeholder management and communication abilities.
• Experience with GRC tools and compliance tracking platforms.
• Strong analytical, reporting, and documentation skills.

Key Competencies

• Leadership and team collaboration
• Risk-based decision making
• Attention to detail
• Problem-solving and analytical thinking
• Client-facing communication
• Project and stakeholder management

Mandatory Competencies