WOG Technologies
Website:
woggroup.com
Job details:
POSITION OVERVIEW
Job Title
Senior Manager - Information Technology & Cybersecurity
Department
Information Technology
Reporting To
VP IT (ISMS Owner)
Location
WOG Technologies Ltd., Head Office with travel to sites as required
ROLE PURPOSE
WOG Technologies Limited is a high-growth, engineering & technology company with an expanding portfolio in water treatment, wastewater recycling, ZLD systems, biogas and green hydrogen.
The Senior Manager IT & Cybersecurity will lead the entire IT function at WOG under the VP HR, Admin & IT (ISMS Owner). This is a hands-on senior managerial role requiring deep technical capability combined with strong governance and people management skills. The incumbent will serve as IT lead responsible for WOG's Information Security Management System (ISMS), risk IT Risk Control Matrix (RCM), and the full IT operations and cybersecurity posture across WOG Technologies.
KEY RESPONSIBILITIES
1. IT Strategy, Governance & ISMS Ownership
- Own and lead WOG's ISMS as IT Head, aligned with ISO/IEC 27001:2022 principles
- Develop and maintain annual IT strategy, roadmap and AOP budget; submitted to VP IT by November each year
- Own and execute the IT Security Governance Calendar - all daily, weekly, monthly and quarterly governance tasks without exception
- Maintain and update all IT policies, SOPs and risk RCM of WOG annually or upon significant change
- Lead annual ISMS management review; present findings and improvement plans to VP IT and CEO
- Prepare quarterly IT security dashboard and present to VP IT; monthly IT operations report submitted by 7th of each month
- Manage Bell Cooling Towers IT integration: infrastructure setup, M365 onboarding, ISMS alignment and Bell-specific IT policies within 90 days of acquisition handover
2. Cybersecurity - Identity, Endpoint, Email, Network & Data Protection
- Own all cybersecurity controls per risk RCM: MFA (100% coverage), BitLocker (100% devices), patch management (≥95% within SLA), email authentication (SPF/DKIM/DMARC on all domains), DLP via Purview, firewall governance
- Manage Microsoft 365 tenant security: Entra ID, Conditional Access, Microsoft Defender for Business, Secure Score (target ≥70%), SharePoint sharing controls, admin panel governance (≤3 Global Admins at all times)
- Own backup and disaster recovery: ≥99% backup success rate for M365 and Tally; quarterly restore testing; RTO ≤4 hrs and RPO ≤24 hrs for critical systems per CEO-approved targets
- Lead security incident detection, classification and response per P1–P4 framework; P1 escalation to VP IT within 1 hr; 100% incidents logged with zero exceptions
- Enforce and monitor AI tool prohibition policy : zero WOG data uploads to consumer AI tools; DLP active and monitoring for AI detection
- Conduct bi-annual phishing simulations targeting <5% click rate; deliver remedial training to clickers within 5 working days
- Manage vendor and third-party IT access: all vendor accounts in Entra ID with expiry dates and MFA; quarterly review
- Enforce BIOS/UEFI security policy on all senior employee devices: CEO, VPs, Finance Head, HR Head
3. IT Infrastructure & Operations
- Ensure ≥99% uptime for M365, Tally ERP, internet and LAN/WAN across WOG HO and sites; MTTR ≤4 hrs for P1 outages
- Manage full hardware lifecycle: 4-year refresh cycle, 100% asset register accuracy, annual physical verification, secure decommissioning per policy
- Manage software licences: monthly M365 licence audit, zero unlicensed software, licence right-sizing annually; departed employee licences removed within 24 hrs
- Oversee network infrastructure: enterprise firewall (default-deny, quarterly rule review), VLAN segmentation (CORP/GUEST/SERVER), Tally server management, cloud migration evaluation
- Manage IT helpdesk across WOG and Bell: P1 ≤4 hrs, P2 ≤8 hrs, P3 ≤2 working days; ≥85% user satisfaction score
- Drive IT modernisation roadmap (Section 6.2 of IT Security Manual): Intune MDM deployment, Purview DLP, Defender for Business, cloud evaluation for Tally
- Lead and develop Pawan Singh (AM IT) and Saurav Negi (IT Engineer): weekly 1:1s, clear task delegation, performance management
4. IPO Readiness - IT & ISMS
- Build and maintain IPO-ready IT governance: all policies and SOPs version-controlled, ISMS evidence folder audit-ready, RCM current and evidenced
- Ensure IT audit evidence available for inspection without prior notice
- Support internal and external IT audits; close all HIGH/CRITICAL observations within 30 days; maintain Corrective Action Register
- Ensure DPDP Act 2023 compliance: cookie consent, opt-in email lists, data localisation, privacy notices on all data collection forms
- Provide IT section of Board Report and IPO due diligence documentation as required by CEO
- Zero open HIGH or CRITICAL exceptions beyond approved waiver period
5. Security Awareness, Training & Culture
- Deliver annual IT security awareness training for 100% of WOG and Bell employees per Annual Security Awareness Training Calendar
- Conduct IT induction per SOP-IT-01 for all new joiners; obtain signed IT Acknowledgement Forms (Annexure J); extended to Bell employees upon acquisition
- Conduct bi-annual phishing simulations; share results with VP IT; remedial training for all clickers within 5 working days
- Partner with HR and department heads to embed a culture of security consciousness across all levels of the organisation
REQUIRED QUALIFICATIONS & EXPERIENCE
Education
- B.Tech / B.E. / MCA / M.Sc. in Computer Science, Information Technology, or Cybersecurity - mandatory
- MBA or PG Diploma in IT Management - preferred
- ISO/IEC 27001 Lead Implementer or Lead Auditor certification - preferred (or willingness to certify within 12 months of joining)
- CEH, CISSP, CISM, CompTIA Security+ or equivalent cybersecurity certification - preferred
- Microsoft certifications: SC-900, AZ-900, MS-500 (Security Administrator Associate) - highly advantageous
Experience
- Minimum 10-12 years of IT experience with at least 5–6 years in an IT Head, IT Manager, or Senior IT & Cybersecurity role
- Proven hands-on experience with Microsoft 365 administration: Entra ID, Exchange Online, SharePoint, Teams, Defender, Purview / Compliance Centre
- Strong cybersecurity experience: endpoint security, email security, network security, incident response, vulnerability and patch management
- Experience designing and maintaining an ISMS or structured IT security framework — ISO 27001 alignment preferred
- Experience managing IT audits (internal and external) and producing governance documentation for senior leadership
- Experience with backup and DR solutions for M365 and ERP environments - Veeam, AvePoint, or equivalent
- IT team management experience with coaching and performance management
- Acquisition / merger IT integration experience — strong advantage
- Prior experience in an infrastructure, engineering, manufacturing, or multi-site company — preferred
Technical Skills Required
- Microsoft 365: Entra ID (Azure AD), Exchange Online, SharePoint, Teams, OneDrive, Defender for Business, Purview DLP, Sensitivity Labels, Intune MDM, Microsoft Secure Score, Conditional Access, MFA, PIM
- Networking: Firewall governance (Sophos, Fortinet, or equivalent), VLAN segmentation, Wi-Fi management (CORP/GUEST/SERVER segregation), LAN/WAN, VPN
- Endpoint: BitLocker full-disk encryption, Windows Update / WSUS, patch management, Windows 10/11 enterprise administration, BIOS/UEFI hardening
- Security: Incident response (P1–P4 framework), phishing simulation platforms, email authentication (SPF/DKIM/DMARC), DLP, threat monitoring, BEC prevention
- Backup & DR: Third-party M365 backup (Veeam / AvePoint), Tally ERP backup management, RTO/RPO target management, restore testing
- Documentation: SOP development, IT policy writing, risk control matrices, audit evidence management, ISMS governance documentation
- Compliance: DPDP Act 2023, data localisation requirements, data protection, IT internal and external audit support
BEHAVIOURAL COMPETENCIES
- Ownership Mindset: Takes full accountability for IT security posture and governance. Does not wait to be told — anticipates problems before they escalate and acts proactively
- Governance Discipline: Rigorously maintains evidence, logs and documentation. Zero tolerance for undocumented controls or bypassed SOPs. Treats every audit finding as a personal matter
- Clear Communication: Translates complex technical security concepts into plain language for non-technical senior management, the Board, and all-staff communications without over-simplifying
- Judgment Under Pressure: Capable of triaging and leading response to P1 security incidents calmly and decisively, with minimal escalation delay and clear documentation of actions taken
- People Leadership: Develops Team through coaching, clear delegation and regular 1:1s. Sets the team's technical standards and professional culture
- Commercial Awareness: Understands IT budget constraints and optimises cost while maintaining security standards. Frames IT investments in business ROI terms when presenting to leadership
- Integrity: Handles highly sensitive data — payroll records, engineering drawings, financial data, client contracts, IPO-related information — with absolute discretion and professionalism
WHAT THIS ROLE OFFERS
- A rare opportunity to build and lead an enterprise-grade IT security function from a well-documented baseline in a fast-growing company
- Direct access to and visibility with the VP HR, Admin & IT and CEO — IT is treated as a strategic function, not a cost centre
- A lead role in WOG's IT IPO readiness track — working with auditors, legal and finance on a high-visibility organisational milestone
- A full suite of documented policies, SOPs, and a risk governance framework already in place — you are building forward, not starting from scratch
Click on Apply to know more.