Website:
imanedge.com
Job details:
Company Description
iManEdge Digital Services Bharat Pvt. Ltd., incubated under the #StartUpIndia initiative, specializes in delivering innovative digital solutions to Bharat-sensitive sectors such as banking, national governance, public infrastructure, and defence. With a strong commitment to the principles of #MakeInIndia and #AtmanirbharBharat, iManEdge’s mission is to enable organizations and government initiatives to thrive in a secure and trustworthy environment. The company focuses on cutting-edge technologies in cybersecurity, risk management, and sustainable energy, offering AI-driven solutions like predictive behavior analysis, deepfake detection, and cyber-physical security. Headquartered in Nagpur, iManEdge strives to empower clients with improved compliance, resilience, and confidence to excel in a digital-first economy.
Role Description
This is a full-time hybrid role for a Governance Manager based in Nagpur, with some work-from-home flexibility. The Governance Manager will be responsible for overseeing risk management policies, ensuring compliance with legal and regulatory standards, implementing best practices in cybersecurity governance, and developing robust frameworks for organizational resilience. The role involves close collaboration with diverse stakeholders, designing and monitoring governance strategies, and providing timely recommendations for process improvements to meet national and corporate governance objectives. The individual will also play a key role in training employees and fostering a culture of accountability and security within the organization.
WHAT YOU WILL OWN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Documentation & Policy Framework
• Build, own, and maintain complete ISMS and PIMS documentation suites: Information Security Policies, Standard Operating Procedures, Work Instructions, Forms, Templates, and Records — aligned to ISO 27001:2022, ISO 27002:2022, and ISO 27701:2025
• Draft and maintain Statements of Applicability (SoA) against all 93 ISO 27001 Annex A controls and the 78 ISO 27701:2025 Annex A privacy controls
• Develop DPDPA 2023 + DPDP Rules 2025 compliance programmes: Privacy Notices (22-language structure), Consent Architectures, DSAR procedures, Data Breach Notification procedures (Rule 7 dual intimation), 48-hour Erasure Warning workflows (Rule 23), Algorithmic Due Diligence procedures (Rule 13)
• Build and maintain Risk Registers, Risk Treatment Plans, Asset Registers, RoPA (Record of Processing Activities), DPIA frameworks
• Develop client-specific compliance matrices against CERT-In Directions 2022, SEBI CSCRF, NIST CSF 2.0, SCF (Secure Controls Framework), and sector-specific regulations
Client Engagement & Delivery
• Work directly on client premises as required — attend governance meetings, present compliance dashboards to CEOs, MDs, CTOs, and Board members
• Conduct internal awareness sessions, privacy training, and DPDPA employee training for client organisations
• Lead gap assessments: map client current state against ISO 27001/27701 requirements; produce gap assessment reports with prioritised remediation roadmaps
• Support and coordinate internal and external ISMS/PIMS audits; manage auditor queries; drive CAR (Corrective Action Record) closure
• Facilitate Management Reviews, ISMS Steering Committee meetings, and PIMS Governance Committee sessions for clients
Audit Readiness & Regulatory
• Prepare clients for ISO 27001:2022 Stage 1 and Stage 2 certification audits
• Prepare clients for DPBD (Data Protection Board of India) inspections — zero-gap DPDPA compliance posture
• Prepare CERT-In compliance evidence packs
• Monitor regulatory developments (DPDP Rules, CERT-In directions, SEBI CSCRF updates, MeitY advisories) and update client documentation proactively
Qualifications
- Strong understanding of Risk Management, Legal Compliance, Governance Frameworks, and Policy Development processes.
- Experience in Cybersecurity, Application Security, and best practices for Security Architecture Assessment.
- Proficiency in Vulnerability Assessments, Penetration Testing, and Threat Intelligence (CTI).
- Knowledge of Cyber-Physical Security, OT/IoT configurations, CSOC Automation including AI-based solutions, and Incident Response Strategies.
- Proven ability to train teams, foster corporate resilience, and ensure effective stakeholder communication.
- Relevant certifications in Cybersecurity (e.g., CISSP, CISM) or Risk Management (e.g., CRISC) are preferred.
- Excellent problem-solving skills, organizational abilities, and attention to detail.
- Prior work experience in digital solutions or governance roles in any of the Bharat-sensitive sectors is advantageous.
Non-Negotiable (Must Have)
• True, demonstrable knowledge of ISO 27001:2022 — not just awareness, but working knowledge of Clauses 4–10 and all 93 Annex A controls. You should be able to explain what A.5.7 (Threat Intelligence) requires without looking it up.
• Hands-on experience writing or significantly contributing to: at least one ISMS policy suite OR one DPDPA compliance programme OR one ISO 27001 audit preparation exercise
• Working knowledge of DPDPA 2023 and comfort with the DPDP Rules 2025 — you must know what Rule 3, Rule 7, Rule 13, Rule 14, and Rule 23 require
• Excellent written English — you will write documents that face Big 4 auditors and government inspectors
• Strong spoken communication — you will present to CEOs, MDs, and CTOs; you will train employees; you must be comfortable in these rooms
• Willingness to travel to client sites across India when required
- • Immediate or near-immediate availability (within 2 weeks)
Location : Nagpur (preferred) | Remote (exceptional candidates)
Engagement : Full-Time | Contract-to-Hire | Internship (6 months, stipend)
Reporting To : CISO / Co-Founder
Availability : IMMEDIATE JOINERS STRONGLY PREFERRED
Compensation : Competitive for stage; significant upside through ESOPs for the right candidate
HOW TO APPLY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Do not send a generic CV. Send us:
1. A 1-page cover note explaining: (a) one GRC/compliance challenge you have personally solved; (b) what you know about the DPDP Rules 2025 that most people don't; (c) why iManEdge.
2. Your CV — maximum 2 pages.
3. Any samples of documentation, frameworks, or assessments you have contributed to (anonymise client names).
Email: [Dhananjay@imanedge.com] | Subject: GRC Champion — [Your Name] — Available [Date]
We read every application personally. We move fast for the right person.
Click on Apply to know more.