Job Title

About the Company Granules India Limited is one of the vertically integrated, high-growth pharmaceutical manufacturing company in India. Based out of Hyderabad, India, it is into manufacturing Active Pharmaceutical Ingredients (APIs), Pharmaceutical Formulation Intermediaries (PFIs) and Finished Dosages (FDs). About the Role This role ensures Granules’ cybersecurity maturity through governance, policy design, audit readiness, and compliance across IT and OT landscapes. The SME will align global operations (India, US, Europe) with ISO 27001, NIST CSF, and ISA/IEC 62443 frameworks, ensuring continuous risk-based governance for both business systems and manufacturing infrastructure. Responsibilities Lead ISO 27001 ISMS implementation and surveillance audits across global IT and OT environments. Map security practices to NIST Cybersecurity Framework and define measurable maturity goals. Maintain cybersecurity policies, procedures, and control libraries covering IT, OT, and cloud systems. Conduct risk assessments, business impact analyses, and GRC reviews for ERP, MES, SCADA, and IoT systems. Ensure compliance with regulatory frameworks (21 CFR Part 11, GxP, DPDP, GDPR, HIPAA). Support cyber risk reporting and KPI dashboards for CIDO and Board-level visibility. Collaborate with Quality, Engineering, and IT teams to embed security in validation and change control processes. Drive supplier and third-party security assessments aligned with NIST and ISO standards. Develop and maintain Business Continuity and Disaster Recovery governance aligned with ISO 22301. Conduct internal awareness sessions and coordinate audits across global plants and business functions. Qualifications Bachelor’s/Master’s in Information Security, Computer Science, or equivalent. 4 to 8+ years in cybersecurity governance and compliance in manufacturing or pharmaceutical domains. Hands-on experience implementing ISO 27001, NIST 2.0 CSF, and ISA/IEC 62443 in both IT and OT contexts. Certifications preferred: ISO 27001 LA, CISA, CISM, CRISC, or ISA/IEC 62443 CM. Required Skills Deep understanding of risk and compliance across IT-OT ecosystems. Strong documentation, audit management, and cross-functional collaboration skills. Ability to articulate policy-level risks and controls to both technical and executive stakeholders. Experience in cybersecurity governance and compliance in manufacturing or pharmaceutical domains.