Deputy Manager - Cybersecurity SME
Experience : 4- 9 years
Location : Hyderabad
Job Description
This role ensures Granules cybersecurity maturity through governance, policy design, audit readiness, and compliance across IT and OT landscapes. The SME will align global operations (India, US, Europe) with ISO 27001, NIST CSF, and ISA/IEC 62443 frameworks, ensuring continuous risk-based governance for both business systems and manufacturing infrastructure.
Key Responsibilities
- Lead ISO 27001 ISMS implementation and surveillance audits across global IT and OT environments.
- Map security practices to NIST Cybersecurity Framework and define measurable maturity goals.
- Maintain cybersecurity policies, procedures, and control libraries covering IT, OT, and cloud systems.
- Conduct risk assessments, business impact analyses, and GRC reviews for ERP, MES, SCADA, and IoT systems.
- Ensure compliance with regulatory frameworks (21 CFR Part 11, GxP, DPDP, GDPR, HIPAA).
- Support cyber risk reporting and KPI dashboards for CIDO and Board-level visibility.
- Collaborate with Quality, Engineering, and IT teams to embed security in validation and change control processes.
- Drive supplier and third-party security assessments aligned with NIST and ISO standards.
- Develop and maintain Business Continuity and Disaster Recovery governance aligned with ISO 22301.
- Conduct internal awareness sessions and coordinate audits across global plants and business & Experience :
- Bachelors/Masters in Information Security, Computer Science, or equivalent.
- 4 to 8+ years in cybersecurity governance and compliance in manufacturing or pharmaceutical domains.
- Hands-on experience implementing ISO 27001, NIST 2.0 CSF, and ISA/IEC 62443 in both IT and OT contexts.
- Certifications preferred : ISO 27001 LA, CISA, CISM, CRISC, or ISA/IEC 62443 CM.
Key Competencies
- Deep understanding of risk and compliance across IT-OT ecosystems.
- Strong documentation, audit management, and cross-functional collaboration skills.
- Ability to articulate policy-level risks and controls to both technical and executive stakeholders.
(ref:hirist.tech)
