Cyber Security Manager
Job in
530001, Visakhapatnam, Andhra Pradesh, India
Listed on 2026-02-04
Listing for:
Herspiegel
Full Time
position Listed on 2026-02-04
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
Cyber Security Manager
Location:
India
Employment Type:
Permanent – Full Time (1 FTE)
Reports To:
Global Vice President of Information Technology
Herspiegel is a global life sciences consultancy that guides pharmaceutical and biotech companies through their most decisive moments—powering commercial success and expanding patient access. From early asset strategy to launch readiness and market optimization, we help clients navigate complexity and seize opportunity. Our integrated approach brings together scientific insight, evidence strategy, deep market intuition, and executional precision to ensure brands are built to lead.
Position Summary
The Cyber Security Manager is responsible for the hands-on execution and continuous improvement of the organisation’s cyber security controls , with a focus on identity, endpoint, and cloud security.
The role owns the technical delivery of security controls and remediation activities , including Zero Trust implementation, MFA and Conditional Access hardening, Microsoft Defender baselines, and closure of penetration-test and audit findings.
Strategic security ownership, enterprise risk acceptance, audit accountability, and executive reporting remain with the VP of IT. This role exists to ensure that security strategy is translated into effective, timely, and sustainable technical controls that cannot be delivered at sufficient pace or depth by MSPs alone.
Key Responsibilities
Security Engineering & Control Execution
Implement and continuously improve Zero Trust security controls across identity, endpoints, and cloud workloads.
Design, deploy, and maintain Conditional Access and MFA policies , including privileged access controls.
Implement and tune Microsoft Defender baselines across endpoints, identities, and cloud services.
Harden security configurations in line with Microsoft and industry best practice.
Audit, Pen-Test & Control Remediation
Own the technical remediation of penetration test findings, vulnerability assessments, and internal/external audit actions.
Ensure timely closure of security findings, with clear evidence suitable for SOC 2/ISO 27001 and other audits.
Work with IT Operations and MSPs to embed remediations into BAU processes.
SOC 2/ISO 27001 & Security Control Implementation
Implement and operate the technical security controls required for SOC 2/ISO 27001 readiness and ongoing compliance.
Support evidence collection by ensuring controls are consistently implemented and monitored.
Act as the technical subject matter expert for security tooling and control operation.
Customer, Contractual & Supplier Security Assurance
Provide technical input to customer security questionnaires, due diligence requests, and assurance artefacts, validating that responses accurately reflect implemented security controls.
Provide security input into customer and supplier contracts , including MSAs, SOWs, DPAs, and security schedules, ensuring commitments are technically achievable and aligned to the organisation’s security posture.
Provide technical input into supplier security reviews and risk assessments led by the Cyber GRC Lead, including validation of security controls, architectures, and remediation feasibility.
Work with Legal, Procurement, and IT Operations to ensure contractual security requirements are reflected in technical controls and operational practices.
Security Awareness & Phishing Resilience
Own the operational delivery of the organisation’s cyber security awareness programme.
Manage and administer the KnowBe4 platform , including content selection, campaign scheduling, and reporting.
Design and run phishing simulation campaigns , tracking user behaviour, failure rates, and repeat risk.
Work with IT, L&D and People teams to ensure campaigns are delivered effectively and aligned with onboarding and refresher processes.
Analyse results and provide actionable insights to improve security posture and reduce human risk.
Support audit and customer assurance by providing evidence of training completion and phishing resilience metrics.
Identity, Endpoint & Cloud Security
Own the technical security posture of Entra , endpoints, and Microsoft 365…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×