IT Manager

About 2070Health

W Health has set up India's first healthcare focused Venture Studio called2070Health - an innovation platform that builds transformative healthcare companies from scratch by discovering disruptive opportunities in whitespaces. Distinct from the accelerator approach, our venture studio is closely involved in idea generation, day-to-day operations, and strategic decisions of growing the new business. Companies incubated in the last 24 months include Elevate Now, Nivaan Care, Reveal Healthtech , BabyMD and Everhope Oncology.

Role Overview

The IT Manager will be responsible for managing and securing the entire IT infrastructure of the organization, ensuring compliance with the Cybersecurity & Cyber Resilience Framework (CSCRF), and supporting employees across multiple office locations. This role covers IT operations, cybersecurity designing, implementation, asset management, networking, hardware/software lifecycle, vendor management, patching, backup, endpoint security, and user support.

The IT Manager will work on designing and implementation of all cybersecurity controls.

Key Responsibilities

• IT Infrastructure & Operations
• End-User & Hardware Management
• Manage and support laptops, desktops, printers, peripherals for :40 staff across multiple cities
• Enforce device hardening and security baselines (as per OS, endpoint, and network hardening policies)
• Ensure secure device provisioning, configuration, updates, and decommissioning
• Network & Connectivity Management
• Manage office networking setups across cities (LAN, WiFi, firewalls, switches, routers)
• Ensure WPA3, VLAN segmentation, RBAC, and secure co-working network controls
• Maintain VPN access, MFA enforcement, bandwidth policies, and network monitoring
• SaaS & Application Support
• Administer critical SaaS tools (email, collaboration tools, cloud storage, CRM, monitoring tools)
• Manage access provisioning, de-provisioning, privilege controls, and license renewals
• Cybersecurity & CSCRF Compliance
• Designing & Implementation of Cybersecurity Controls
• Enforce all policies:
• Risk management
• Asset management
• Authentication & authorization
• Data protection & encryption
• Network security
• Patch management
• Incident response
• VAPT & vulnerability management
• Third-party vendor security
• Backup & disaster recovery
• Identity & Access Management (IAM)
• Apply least privilege and time-bound access principles
• Manage MFA for all critical systems and remote access points
• Review access logs and dormant accounts
• Incident Detection & Response
• Monitor endpoint alerts, email security, network anomalies
• Log, escalate, and document security incidents as per incident management SOP
• Support forensic investigations, RCA, and SEBI reporting requirements
• Patch Management & Updates
• Monitor OEM advisories, deploy updates as per severity timelines:
• Critical: 7 days
• High: 15 days
• Medium/Low: 30 days
• Maintain patch logs, testing records, and change control approvals
• Vulnerability Management
• Coordinate VAPT activities with CERT-In empanelled auditors
• Track remediation progress and ensure revalidation.
• Asset Management & Documentation
• IT Inventory Ownership
• Maintain a detailed asset register for all hardware, software, and cloud resources
• Track asset lifecycle from purchase to disposal
• Validate annual inventories and reconcile with physical assets
• Software Compliance
• Maintain SBOMs for critical systems (as mandated in policy)
• Ensure only licensed and approved software is installed
• Prevent unauthorized devices or applications
• Data Protection, Backup & DR
• Implement daily/weekly backups for critical data and server images
• Manage off-site/cloud backup storage
• Test restore procedures periodically to meet RPO/RTO targets
• Ensure encryption at rest and in transit for all sensitive data
• Vendor & Third-Party Management
• Ensure all IT vendors adhere to cybersecurity requirements
• Manage NDAs, MSAs, SLAs, and third-party audit documentation
• Validate controls from co-working space providers (network segregation, CCTV access, etc.)
• Perform quarterly vendor security reviews
• Support & Employee Training
• Provide L1/L2 support for IT issues, outages, and hardware failures
• Conduct employee cybersecurity awareness training (phishing, data handling, passwords)
  
  

Ensure HODs and teams are aligned with acceptable use policy.

Requirements

Technical Skills

• Strong knowledge of Windows/macOS administration
• Office 365/Google Workspace administration
• Endpoint security tools (AV/EDR)
• VLAN, firewalls, VPNs, WiFi protocols, network segmentation
• Backup/disaster recovery systems
• Hands-on patching, asset management, logging, MFA
• Experience with VAPT coordination & vulnerability remediation
• Familiarity with SEBI cybersecurity requirements (preferred)
  
  

Experience

• 4-8 years in IT administration or IT infrastructure roles
• Multi-location IT operations experience
• Experience working in regulated industries (preferred)
  
  

Behavioral Competencies

• High ownership and accountability
• Strong documentation discipline
• Ability to work independently across distributed teams
• Proactive problem-solving and risk identification
• Confidentiality and ethics benchmark