Recloud Consulting
Website:
recloudconsulting.com
Job details:
PURPOSE OF THE ROLE
The Manager / Divisional Manager - IT Security & Governance is responsible for implementing and operating cybersecurity, information security governance, and incident response capabilities across IT and OT environments in a manufacturing setup. The role protects the confidentiality, integrity, and availability of information assets while aligning security controls with business, regulatory, and compliance requirements.
KEY ROLES AND RESPONSIBILITIES
Cyber Security & Incident Response
- Own the full cyber security incident response lifecycle: detection, containment, eradication, recovery, and post-incident review.
- Develop and maintain incident response plans, playbooks, and runbooks.
- Coordinate incident response with SOC, IT, OT, legal, risk, and business stakeholders.
- Conduct tabletop exercises and simulations to test cyber resilience.
Security Operations Center (SOC)
- Oversee in-house or managed SOC operations.
- Ensure effective monitoring of SIEM, EDR, IDS/IPS, and log management platforms.
- Define security use cases, alert thresholds, escalation procedures, and reporting metrics.
- Review SOC performance, KPIs, and incident trends.
Data Protection & Data Privacy
- Implement and govern data protection controls across applications, infrastructure, and endpoints.
- Support compliance with GDPR, TISAX, and applicable local data protection laws.
- Drive data classification, encryption, DLP, and access control frameworks.
- Support Privacy Impact Assessments / DPIA with legal and compliance teams.
IT Audits & Compliance
- Lead and coordinate internal and external IT security audits.
- Ensure ongoing compliance with ISO/IEC 27001, customer security requirements, and regulatory expectations.
- Manage risk assessments, control testing, audit findings, and remediation plans.
- Maintain security policies, standards, procedures, and evidence repositories.
Security Engineering
- Work with IT and OT teams to design and implement secure architectures.
- Review and approve security controls for network, endpoint, IAM, cloud, and hybrid environments.
- Embed security in projects, system changes, and vendor onboarding.
Cyber Insurance, Vendor Management & Roadmap
- Support cyber insurance policy selection, renewal, claims, and alignment with security control requirements.
- Manage security vendors, MSSPs, and technology partners.
- Provide regular security risk and posture reporting to management.
- Work with external advisors / SMEs to create and support a groupwide security strategy and roadmap.
KEY STAKEHOLDERS
Internal Stakeholders
External Stakeholders
Cross Functional Heads / End Users
Application Support Partners
Business Leaders / Apex / MD
Functional Consultants / SMEs; Licensing / Application Providers
REQUIREMENTS
Category
Requirement Summary
Education
Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent.
Mandatory Certification
CISSP or CISM.
Preferred Certifications
ISO 27001 Lead Implementer / Lead Auditor, CISA, GIAC Incident Response / SOC-related certification, and cloud security certifications.
Experience
8+ years of experience in Information Security / Cyber Security roles, including hands-on experience in security governance, SOC operations, incident response, IT/OT security, audits, compliance, and vendor risk management.
REQUIRED EXPERIENCE AREAS
- Incident response and crisis management.
- Security operations and monitoring.
- IT and OT security in a manufacturing environment.
- Regulatory and compliance management, audit and assurance, and ISO 27001 implementation.
- Vendor and third-party risk management.
- Policy, standards, and control frameworks.
- Data protection technologies including encryption, DLP, key management, IAM, network security, and endpoint security.
- Cloud security fundamentals across AWS, Azure, and hybrid environments.
FUNCTIONAL / TECHNICAL COMPETENCIES
Competency
Expected Level
Information Security Governance
3 - Proficient
Vulnerability Management & Patch Governance
3 - Proficient
ISO/IEC 27001 - ISMS implementation, audits, and continuous improvement
3 - Proficient
Security Operations & SOC - SIEM, EDR, XDR, IDS/IPS
3 - Proficient
Cyber Risk Management
3 - Proficient
BEHAVIORAL / LEADERSHIP COMPETENCIES
Competency
Expected Level
Accountability
4 - Advanced
Judgement & Decision Making
3 - Proficient
Problem Solving & Prevention
3 - Proficient
Critical Thinking & Analysis
3 - Proficient
Stakeholder Management & Collaboration
3 - Proficient
IDEAL CANDIDATE SUMMARY
The ideal candidate is a cybersecurity and governance professional with strong experience in SOC operations, incident response, IT/OT security, ISO 27001 compliance, audits, data protection controls, and third-party risk management. The candidate should be able to work with senior leadership, plant and business teams, IT/OT stakeholders, vendors, and external advisors to strengthen enterprise security posture and support a groupwide security roadmap.
Click on Apply to know more.