Information Security Manager

Company: Vermont Information Processing India Pvt. Ltd.

VIP is the leading technology supplier for brewers, distributors, wineries, soda bottlers, and other

companies in the beverage industry. From helping distributors improve their warehouse, delivery, and

sales operations, to empowering suppliers to know where their products are and how they are selling,

VIP has the technology and expertise to help your business thrive.

Visit us at: https://www.vtinfo.com/

Headquarters: Colchester, VT, USA

Location in India: Santacruz East, Mumbai

Company Strength: 900+

Department: Information Security

Reports To: Information Security Officer

Job Location: Mumbai, India (Overlap with US East coast)

Role Overview:

We are looking for a hands-on Information security manager who can lead, manage, and continuously

improve security controls across our environment. You will play a critical role in internal and external

audits, identifying security risks, reviewing processes, analyzing vulnerabilities and supporting the

overall security practices in the organization. The ideal candidate has a deep understanding of SOC best

practices and audit requirements.

Key Responsibilities

Cloud & Infrastructure Security

• Execute and review internal audits
• Execute and plan annual external vulnerability assessment and penetration testing
• Cloud security assessments analysis
• Usage reviews and budget alerts

Solution development & Operations

• Execute and review internal audits related to SDLC
• Execute and plan annual external vulnerability assessment and penetration testing
• Contract reviews
• SLA compliance
• Project Management compliance

Network security

• Execute and review internal audits
• Execute and plan annual external vulnerability assessment and penetration testing
• IT Infra security assessment
• Periodic review of firewall and router rules

Information security

• Reviewing and enforcing the Information Security Management
• Framework and Policy
• Periodic review of policies, procedures, process flows, and supporting documentation
• Reviewing requested exceptions to Information Security Policies,
• Standards and Procedures
• Own and facilitate steering committee meetings
• Risk assessment and mitigation
• Analyzing current and new application technology risks and recommending Information Security Controls to target these risks
• Evaluating if security tools deployed in the organization are adequately protecting the environment and identifying any need to add more security tools/systems
• Providing guidance in conducting Business Continuity Planning
• (BCP)/Disaster Recovery (DR) tests periodically
• Conducting and monitoring security awareness trainings, and reviewing the information security awareness and training program for staff
• Identify improvement areas and plan for completion

Audits

• Conduct internal audits
• Facilitate and plan for SOC audits & ISO certifications
• Facilitate and plan for third party audits requested by customers
• Manage vendor compliances
• Manage and plan for external VAPT
• Facilitate access management reports (Access Recon) to ensure that only authorized users have access to sensitive data, systems, and facilities

Minimum Qualifications

Technical Skills

o 5-8 years in an Information Security Manager or related role.

o Experience in IT Audit and Information Security, SOC1 and SOC2 audits and ISO 27001 etc. In-depth knowledge of OWASP, VAPT, etc.

o Expert-level AWS services audit knowledge (compute, storage, networking, IAM, CloudTrail, Guard Duty, AWS Security Hub); working knowledge of Azure or GCP is a plus.

o Strong knowledge of best practices for securing cloud resources and implementing robust controls that consider business needs.

o Good audit knowledge of CNAPP platforms (Wiz, Orca, Prisma Cloud, CrowdStrike), CSPM integrations, and related cloud security toolsets.

o Strong understanding of IP networking concepts (TCP/IP, routing, VPN, DNS, load balancing, Zero Trust architecture).

o Solid grasp of IAM for both on-prem AD and cloud IdPs.

Education

o Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field (preferred; equivalent experience considered).

Certifications (preferred in each category)

o Networking: CCNA/CCNP, CCIE, CompTIA Network+, etc.

o Security: CISM, CISA, GIAC Cloud Security Certifications, GCIH, GNFA, CISSP etc.

o Cloud: AWS Solutions Architect Associate/Professional or Security Specialty

Soft Skills

o Clear, concise communicator able to translate technical risks to non-technical stakeholders.

o Proven collaborator across technical, operations, and compliance teams.

o Comfortable leading cross-functional projects.

o Problem solving skills, and analytical ability

o Self-starter who thrives in a fast-moving, high-autonomy environment.

Nice-to-Have Experience

Security testing familiarity: bug bounty management, red team coordination, and/or

penetration testing.

Application security experience with SAST, SCA, and DAST familiarity.

Experience interpreting forensic artifacts using a variety of security toolsets.

Good understanding of the IR (Incident Response) process and able to assist in incident response (e.g.: experience on IR teams or DFIR (Digital Forensics and Incident Response) responsibilities).