Job Title: Cyber Security Manager Location: India Employment Type: Permanent – Full Time (1 FTE) Reports To: Global Vice President of Information Technology Herspiegel is a global life sciences consultancy that guides pharmaceutical and biotech companies through their most decisive moments—powering commercial success and expanding patient access. From early asset strategy to launch readiness and market optimization, we help clients navigate complexity and seize opportunity. Our integrated approach brings together scientific insight, evidence strategy, deep market intuition, and executional precision to ensure brands are built to lead. Position Summary The Cyber Security Manager is responsible for the hands-on execution and continuous improvement of the organisation's cyber security controls, with a focus on identity, endpoint, and cloud security. The role owns the technical delivery of security controls and remediation activities, including Zero Trust implementation, MFA and Conditional Access hardening, Microsoft Defender baselines, and closure of penetration-test and audit findings. Strategic security ownership, enterprise risk acceptance, audit accountability, and executive reporting remain with the VP of IT. This role exists to ensure that security strategy is translated into effective, timely, and sustainable technical controls that cannot be delivered at sufficient pace or depth by MSPs alone. Key Responsibilities Security Engineering & Control Execution - Implement and continuously improve Zero Trust security controls across identity, endpoints, and cloud workloads. - Design, deploy, and maintain Conditional Access and MFA policies, including privileged access controls. - Implement and tune Microsoft Defender baselines across endpoints, identities, and cloud services. - Harden security configurations in line with Microsoft and industry best practice. Audit, Pen-Test & Control Remediation - Own the technical remediation of penetration test findings, vulnerability assessments, and internal/external audit actions. - Ensure timely closure of security findings, with clear evidence suitable for SOC 2/ISO 27001 and other audits. - Work with IT Operations and MSPs to embed remediations into BAU processes. SOC 2/ISO 27001 & Security Control Implementation - Implement and operate the technical security controls required for SOC 2/ISO 27001 readiness and ongoing compliance. - Support evidence collection by ensuring controls are consistently implemented and monitored. - Act as the technical subject matter expert for security tooling and control operation. Customer, Contractual & Supplier Security Assurance - Provide technical input to customer security questionnaires, due diligence requests, and assurance artefacts, validating that responses accurately reflect implemented security controls. - Provide security input into customer and supplier contracts, including MSAs, SOWs, DPAs, and security schedules, ensuring commitments are technically achievable and aligned to the organisation's security posture. - Provide technical input into supplier security reviews and risk assessments led by the Cyber GRC Lead, including validation of security controls, architectures, and remediation feasibility. - Work with Legal, Procurement, and IT Operations to ensure contractual security requirements are reflected in technical controls and operational practices. Security Awareness & Phishing Resilience - Own the operational delivery of the organisation's cyber security awareness programme. - Manage and administer the KnowBe4 platform, including content selection, campaign scheduling, and reporting. - Design and run phishing simulation campaigns, tracking user behaviour, failure rates, and repeat risk. - Work with IT, L&D and People teams to ensure campaigns are delivered effectively and aligned with onboarding and refresher processes. - Analyse results and provide actionable insights to improve security posture and reduce human risk. - Support audit and customer assurance by providing evidence of training completion and phishing resilience metrics. Identity, Endpoint & Cloud Security - Own the technical security posture of Entra ID, endpoints, and Microsoft 365 services. - Reduce exposure to identity-based and endpoint-based attacks through proactive control improvements. - Support secure onboarding of new systems, users, and integrations. Collaboration & Enablement - Work closely with IT Operations to ensure security controls are operationally sustainable. - Provide technical guidance to MSPs, challenging weak implementations where required. - Support incident response activities from a technical security perspective. Decision Authority - The Cyber Security Manager is authorised to make technical security decisions required to implement approved controls and remediate findings. - Security strategy, risk acceptance, control exceptions, audit sign-off, and executive reporting remain the responsibility of the Global VP of IT. - Where remediation introduces material user impact, cost, or risk trade-offs, decisions are escalated to the Global VP of IT. - Security awareness strategy, risk tolerance, and disciplinary escalation thresholds remain with the Global VP of IT. Required Skills & Experience Experience - Proven experience in a hands-on cyber security engineering or security management role. - Demonstrable experience implementing Zero Trust, identity security, and endpoint protection controls. - Experience remediating audit and penetration-test findings in regulated or security-conscious environments. Technical Skills - Strong expertise in Microsoft security tooling (Entra ID, Defender for Endpoint, Defender for Identity, Microsoft 365 security controls). - Deep understanding of MFA, Conditional Access, privileged access, and endpoint hardening. - Familiarity with SOC 2, ISO 27001, and common audit control expectations. Professional Attributes - Execution-focused, detail-oriented, and comfortable owning technical outcomes. - Able to operate independently while aligning to strategic direction. - Confident challenging MSPs and translating audit findings into technical fixes. Education, Qualifications & Certifications Education - Bachelor's degree in Information Security, Computer Science, Information Technology, or a related technical discipline (preferred). - Equivalent professional experience will be considered in lieu of formal education. Professional Certifications (Strongly Preferred) One or more of the following, demonstrating senior hands-on security capability: - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - Microsoft Certified: Security Operations Analyst Associate (SC-200) - Microsoft Certified: Identity and Access Administrator Associate (SC-300) Additional / Desirable Certifications - Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) or higher - ISO/IEC 27001 Lead Implementer or Lead Auditor - GIAC, OSCP, or equivalent technical security certifications - ITIL Foundation (useful for operating in structured IT environments) Active pursuit of relevant Microsoft or security certifications during employment is encouraged.
Job Title
Cyber Security Manager