Information Security Manager

Role: VAPT Compliance ManagerPosition Overview We are looking for a highly skilledVAPT Compliance Managerto lead and oversee Vulnerability assessment and Penetration Testing activities while ensuring compliance with industry standards, regulatory requirements, and organizational policies. This role bridges the gap between technical security testing and compliance management, ensuring that identified risks are properly addressed and documented.Key ResponsibilitiesGovernance & Compliance Define and enforce policies, procedures, and frameworks for VAPT activities. Ensure compliance with regulatory standards (ISO 27001, PCI-DSS, GDPR, NIST, etc.). Maintain audit-ready documentation of all VAPT processes and outcomes. Liaise with auditors, regulators, and external stakeholders during compliance reviews. VAPT Oversight Plan, coordinate, and manage vulnerability assessments and penetration testing across applications, networks, cloud, and infrastructure. Review and validate findings from internal and external VAPT teams. Ensure remediation plans are aligned with compliance requirements and risk management strategies. Risk Management Prioritize vulnerabilities based on business impact and compliance obligations. Track remediation progress and report risk posture to senior management. Provide guidance on secure development practices and compliance-driven security controls. Leadership & Collaboration Lead cross-functional teams including IT, DevOps, and security engineers to ensure timely resolution of findings. Conduct training and awareness sessions on compliance requirements related to VAPT. Act as the primary point of contact for compliance-related queries in penetration testing engagements.Required Skills & Qualifications Bachelor’s/master’s degree ininformation security , Computer Science, or related field. 6+ years of experience incybersecurity, VAPT, and compliance management . Strong understanding ofregulatory frameworks and industry standards(ISO, PCI-DSS, NIST, GDPR, HIPAA). Hands-on knowledge of penetration testing methodologies and tools (Burp Suite, Metasploit, Nessus, Nmap, etc.) will have more weightage. Certifications such asCISA, CISM, CISSP, OSCP, CEH, PCI-QSAWould be added advantage. Excellent communication, documentation, and stakeholder management skills. Location: Mumbai

Apply Now