Remediation Manager

Job Title:

Lead Assessment & Remediation Manager

Job Grade (refer to JE)

G9B / G10

Function:

Cyber Security

Sub-function:

Lead Assessment & Remediation Manager

Manager’s Job Label:

IT Security Governance

Skip Level Manager’s Label:

CISO

Function Head Title:

CISO

Location:

Mumbai

No. of Direct Reports (if any)

NA

Business Unit:

IT

Job Summary

At Sun Pharma, we commit to helping you “Create your own sunshine”— by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.

Are You Ready to Create Your Own Sunshine?

As you enter the Sun Pharma world, you’ll find yourself becoming ‘Better every day’ through continuous progress. Exhibit self-drive as you ‘Take charge’ and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we ‘Thrive together’ and support each other’s journeys.”

Areas Of Responsibility

The Lead Assessment and Remediation Manager is responsible for overseeing the Sun Pharma’s end-to-end process for identifying, assessing, and driving the remediation of vulnerabilities, control gaps, and compliance deficiencies across the enterprise. This role ensures risks are accurately documented, prioritized, and remediated in a timely and sustainable manner, minimizing exposure and ensuring regulatory adherence.

Assessment and Analysis

• Lead Control Assessment: Design, implement, and manage the execution of risk, control, and vulnerability assessments across IT infrastructure, applications, and business processes.
• Gap Identification: Review audit findings, penetration test results, regulatory requirements, and security scanning reports to identify, document, and categorize control deficiencies and emerging risks.
• Risk Reporting: Translate technical and non-technical findings into clear, business-focused risk statements, including root cause analysis and potential impact.

Remediation Management

• Program Ownership: Own the remediation lifecycle, ensuring identified issues are formally logged, assigned, and tracked through closure.

• Stakeholder Coordination: Collaborate closely with IT, Engineering, Product, Legal, and Business teams to agree on remediation plans, timelines, and resource allocation.
• Prioritization: Develop and enforce a risk-based prioritization methodology for remediation efforts based on severity, regulatory impact, and business criticality.
• Quality Assurance: Validate and test remediation evidence to ensure control gaps are closed effectively, sustainably, and according to established standards.

Governance and Strategy

• Metrics and Reporting: Develop and maintain key performance indicators (KPIs) and key risk indicators (KRIs) related to assessment and remediation status, providing regular, executive-level reports on the overall risk posture.

• Process Improvement: Continuously mature the Assessment and Remediation program, incorporating automation, best practices, and lessons learned to improve efficiency and effectiveness.
• Policy Compliance: Ensure all assessment and remediation activities comply with internal policies, industry standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., Indian IT Act, DPDP Act, US FDA 21 CFR Part 11, GDPR, HIPAA, SOX, SOC2 Type II etc.)

Travel Estimate

10%

Job Scope

Internal Interactions (within the organization)

Cyber Security Team, IT Infrastructure Team, Cloud Infrastructure Team, DevOps Team, Applications Team, Plant Operations Team, Business Stakeholders

External Interactions (outside the organization)

Vendor Management, OEMs, Security Service Providers, Cloud Security Service Providers

Geographical Scope

Global

Financial Accountability (cost/revenue with exclusive authority)

NA

Job Requirements

Educational Qualification

Bachelor’s degree in technical field (Computer Science, Engineering, Computer Application, Information Security), BSc IT. Master’s is preferred

Specific Certification

Preferred Certifications (one or more)

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Ethical Hacker (CEH)

Experience

8+ years of experience in Risk Management, Information Security, Internal Audit, or Compliance, with at least 3 years in a dedicated assessment and remediation managerial role.

Skill (Functional & Behavioural):

• Proven experience leading an enterprise-wide issue management or risk remediation program.
• Strong understanding of control frameworks (e.g., COBIT, NIST CSF, ISO 27001).
• Exceptional written and verbal communication skills, with the ability to articulate complex security and risk issues to technical and non-technical audiences, including executive leadership.
• Demonstrated ability to manage multiple complex projects concurrently and meet deadlines.

Your Success Matters to Us

At Sun Pharma, your success and well-being are our top priorities! We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let’s create a brighter future together!