Information Security Manager

Role: VAPT Compliance Manager

Position Overview

We are looking for a highly skilled VAPT Compliance Manager to lead and oversee Vulnerability assessment and Penetration Testing activities while ensuring compliance with industry standards, regulatory requirements, and organizational policies. This role bridges the gap between technical security testing and compliance management, ensuring that identified risks are properly addressed and documented.

Key Responsibilities

Governance & Compliance

• Define and enforce policies, procedures, and frameworks for VAPT activities.
• Ensure compliance with regulatory standards (ISO 27001, PCI-DSS, GDPR, NIST, etc.).
• Maintain audit-ready documentation of all VAPT processes and outcomes.
• Liaise with auditors, regulators, and external stakeholders during compliance reviews.

VAPT Oversight

• Plan, coordinate, and manage vulnerability assessments and penetration testing across applications, networks, cloud, and infrastructure.
• Review and validate findings from internal and external VAPT teams.
• Ensure remediation plans are aligned with compliance requirements and risk management strategies.

Risk Management

• Prioritize vulnerabilities based on business impact and compliance obligations.
• Track remediation progress and report risk posture to senior management.
• Provide guidance on secure development practices and compliance-driven security controls.

Leadership & Collaboration

• Lead cross-functional teams including IT, DevOps, and security engineers to ensure timely resolution of findings.
• Conduct training and awareness sessions on compliance requirements related to VAPT.
• Act as the primary point of contact for compliance-related queries in penetration testing engagements.

Required Skills & Qualifications

• Bachelor’s/master’s degree in information security, Computer Science, or related field.
• 6+ years of experience in cybersecurity, VAPT, and compliance management.
• Strong understanding of regulatory frameworks and industry standards (ISO, PCI-DSS, NIST, GDPR, HIPAA).
• Hands-on knowledge of penetration testing methodologies and tools (Burp Suite, Metasploit, Nessus, Nmap, etc.) will have more weightage.
• Certifications such as CISA, CISM, CISSP, OSCP, CEH, PCI-QSA Would be added advantage.
• Excellent communication, documentation, and stakeholder management skills.
• Location: Mumbai