About Birlasoft:
Birlasoft is a global technology company enabling next-generation digital transformation through expertise in Cloud, AI, Data, and enterprise solutions. Combining industry proficiency with advanced digital capabilities, it helps businesses accelerate change with speed, scale, and purpose, delivering future-ready solutions that enhance agility, resilience, and customer experience. Part of the CKA Birla Group and led by Chairman Mrs. Amita Birla, Birlasoft's nearly 12,000 professionals drive innovation while building a diverse, inclusive, and learning-oriented culture. With a strong focus on sustainability and long-term value creation, Birlasoft transforms enterprises and communities, earning its reputation as a trusted partner and one of the best places to work.
About the Job :
The role is responsible for driving enterprisewide information security, risk management, and compliance programs, ensuring alignment with global standards and customer requirements. The incumbent will lead external audits, internal audits, governance risk activities, and crossfunctional compliance support, while acting as a key stakeholder for clients, regulators, and senior leadership.
Role: Deputy Manager Information Security
Location: Noida / Pune
Educational Bachelor's degree in science, Information Systems, Cyber Security, or related field
Experience : 7-9Years
Role & responsibilities:
Information Security & Risk Management
- Own and continuously improve the Information Security Risk Management framework, including risk identification, assessment, treatment, and monitoring across business units.
- Maintain and govern the enterprise risk register, KRIs, and mitigation tracking in alignment with organizational risk appetite.
- Provide expert guidance on security risk scenarios, emerging threats, and control effectiveness.
External Audit & Compliance Management
- Lead and manage external audits and certifications, including:
- ISO/IEC 27001:2022
- ISO/IEC 27701:2019
- SOC 2 Type 2
- NIST CSF
- PCI DSS
- Act as the single point of contact for certification bodies, auditors, and customer assessors.
- Ensure timely closure of audit findings, nonconformities, and observations with sustainable corrective actions.
GRC & Policy Governance
- Define, review, and enforce information security, privacy, and risk governance policies, standards, and procedures.
- Support enterprise GRC initiatives, including regulatory mapping, control rationalization, and compliance reporting.
- Align internal controls with contractual obligations (MSAs, DPAs, client security clauses).
Internal Audit Departmental Audits
- Plan, execute, and report internal audits for IT and nonIT departments in line with ISO standards and organizational policies.
- Prepare and maintain the annual internal audit calendar and audit programs.
- Track audit findings, validate remediation, and report status to senior management.
Client & Stakeholder Management
- Support customer security audits, questionnaires, and duediligence assessments.
- Provide risk and compliance inputs for RFPs, proposals, and client governance forums.
- Engage with senior leadership to present risk posture, audit outcomes, and improvement roadmaps.
Continuous Improvement & Awareness
- Drive continuous improvement initiatives for ISMS, PIMS, and control maturity.
- Support security awareness and compliance training initiatives across the organization.
Skills Required :
- 7-9 years of experience in Information Security, Risk Management, Compliance, or Internal/External Audits.
- Handson experience managing ISO 27001, ISO 27701, SOC 2, NIST CSF, and PCI DSS audits.
- Proven exposure to enterprise GRC frameworks and multiclient audit environments.
- Strong understanding of risk management, audit methodologies, and compliance frameworks
- Reports on Information Security / GRC Leadership
- Works closely with IT, Legal, HR, Procurement, Delivery, and Client Governance teams
Certifications (Preferred / Mandatory)
- ISO/IEC 27001 Lead Auditor / Lead Implementer (Mandatory or strong preference)
- One or more of: CISA, CISSP, CRISC
