InfoSec - Program Lead

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock.  The Zoetis Tech & Digital (ZTD) Global ERP organization is as a key building block of ZTD comprising of enterprise applications and systems platforms.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The ZICC Information Security (InfoSec) Program Lead is responsible for overseeing Security Operations, Vulnerability Management, Threat Intelligence, Data Protection, Security Awareness and Operational Technology (OT) security at the Zoetis India Capability Center (ZICC).  Serving as the local lead for these functions, this position will manage a team of 25-30 colleagues, driving security initiatives in alignment with global strategies. The ideal candidate must have strong technical expertise in these areas while collaborating with global teams to ensure effective execution.

This role will focus on leadership of the program as it relates to threat detection, incident response and risk mitigation, including triaging and remediating security incidents, conducting proactive security scanning and improving security monitoring, automation and defense capabilities across enterprise environments.  Additionally, the program lead will work closely with IT, business teams and manufacturing environments, supporting service leads in executing security initiatives, assessing risks and strengthening data protection strategies.  By fostering cross-functional collaboration, this role ensures security strategies align with business objectives while proactively addressing emerging cyber threats.

POSITION RESPONSIBILITIES 
    
•    Oversee 24/7/365 SOC operations, ensuring timely threat detection, triaging, response and remediation, while collaborating with Threat Intel, Vulnerability Management and Incident Response teams to proactively mitigate emerging threats and vulnerabilities that pose a risk to Zoetis.
•    Lead and mentor a team of L1 and L2 security analysts and engineers, fostering professional growth and ensuring operational excellence across Security Operations, Vulnerability Management and Data Protection.
•    Provide security reporting, KPIs and dashboards to senior leadership, tracking performance across service lines (SOC, Vulnerability, DLP, CASB, OT, Threat Intel) while identifying areas for improvement.
•    Manage all aspects of security incident investigations within the SOC, ensuring rapid containment, remediation and recovery, while working in collaboration with Threat Intelligence, OT Security and DLP teams to triage incidents and mitigate risks across IT and OT environments.
•    Perform root cause analysis and forensic investigations, collaborating with IR/SOC team to improve incident response effectiveness and prevent future occurrences.
•    Develop and refine security policies, procedures and playbooks to standardize operations across Security Operations, Data Protection, Vulnerability Management and OT Security, ensuring alignment with industry best practices.
•    Oversee the deployment, integration and continuous tuning of security technologies, including SIEM, EDR, SOAR and DLP, CASB solutions, ensuring alignment with SOC and Data Protection strategies.
•    Optimize SIEM content development, ensuring high-fidelity alerts that support SOC, Threat Intelligence and OT Security initiatives while reducing false positives.
•    Ensure effective log ingestion, correlation and analysis from critical infrastructure, applications, cloud and OT environments, supporting SOC and OT Security efforts.
•    Lead SIEM integrations with EDR, SOAR, threat intelligence platforms and DLP solutions, improving automated response, data protection and security visibility.
•    Drive vulnerability scanning initiatives in coordination with the Vulnerability Management lead, integrating findings into threat detection, risk mitigation and remediation workflows.
•    Identify and implement automation opportunities, streamlining SOC workflows, security awareness and remediation through SOAR and automation frameworks.
•    Improve threat hunting methodologies, detection engineering and proactive security monitoring, leveraging insights from Threat Intelligence and SOC teams to enhance detection efficacy.
•    Ensure effective coordination with Threat Intelligence team, integrating intelligence feeds into SIEM/SOAR and EDR platforms to proactively detect and defend against emerging threats.
•    Collaborate with Zoetis leads and external vendors to conduct red/purple team exercises and tabletop simulations, working closely with SOC and Vulnerability Management teams to strengthen detection, response and overall security preparedness.
•    Support Security Awareness initiatives, working with the Security Awareness team to drive ethical phishing simulations, targeted training and awareness campaigns that reduce risk and improve user security behavior.
•    Collaborate with IDAM, IT, Infrastructure, Cloud and Networking teams to integrate security controls, enhance vulnerability remediation and embed security best practices into system architecture and security operations.
•    Evaluate and recommend new security tools and technologies, assessing their impact on SOC, Vulnerability Management, Threat Intelligence and Data Protection strategies.    100%

ORGANIZATIONAL RELATIONSHIPS

•    Take direction from the US-Based Head of Information Security
•    Close interaction with the US-based InfoSec team
•    Part of global Technology Risk Management organization, reporting to CISO
•    Interacting with ZTD Infrastructure teams, especially Platform Services, IT Service Desk & Site Services, Global Network Services and Digital Workplace Services teams. 
•    Interacting with external vendors or partners who provide software, services, or APIs that need to be integrated with IDAM systems. This collaboration includes establishing integration requirements, negotiating contracts and facilitating technical integration.
•    Work with implementation partners who may be responsible for deploying, configuring, or maintaining integrated solutions within the client's IT landscape.

Supervision
Approximately 25-30 ZICC colleague members of the InfoSec team.

EDUCATION AND EXPERIENCE 

Education:
•    University Degree in Computer Science/ Information Systems/Business Administration or science related field is required 
•    MS or advanced security/identity courses or other applicable certifications (CISM, CISSP, CrowdStrike, Palo Alto, Tenable, Symantec, Netskope, CASB etc.) is desirable 
Experience:
•    13+ years of hands-on experience in Security Operations, security engineering and security architecture, with a proven track record of leading complex security investigations, designing security monitoring frameworks, optimizing security operations at scale and driving strategic improvements across SOC, Vulnerability Management, OT Security, DLP and Security Awareness initiatives.
•    Extensive expertise in SIEM, EDR, SOAR and DLP/CASB technologies, including hands-on experience with CrowdStrike SIEM, CrowdStrike IDP, FireEye, Palo Alto, Tenable, Symantec DLP, Netskope and other enterprise security platforms, ensuring seamless integration with SOC, OT Security and Data Protection strategies.
•    Advanced threat detection and incident response skills, including knowledge of malware analysis, adversary emulation and behavioral analytics to detect and mitigate sophisticated cyber threats across IT environments.
•    Experience leading Vulnerability Management initiatives, aligning scanning programs with SOC threat detection, risk mitigation and remediation workflows, while ensuring effective prioritization and reporting of vulnerabilities based on threat intelligence and business impact.
•    Experience with OT Security, working closely with IT, Engineering and Operations teams to secure industrial control systems (ICS), SCADA environments and critical infrastructure, ensuring visibility, threat monitoring and risk mitigation in alignment with SOC and incident response workflows.
•    Strong background in Data Loss Prevention (DLP) strategy and implementation, integrating DLP policies and controls with SOC monitoring to detect and prevent data exfiltration, insider threats and unauthorized access across endpoints, cloud and email security solutions.
•    Expertise in security awareness and phishing simulation programs, working alongside Security Awareness teams to drive ethical phishing campaigns, targeted training and user behavior analytics that reduce risk and improve organizational security culture.
•    Experience collaborating with red/purple teams to validate and refine detection capabilities, develop custom detection rules and improve defensive strategies through adversary simulation exercises that enhance SOC, OT Security and DLP defenses.
•    Strong background in threat intelligence integration, including IOC/IOA enrichment, threat modeling and developing proactive threat detection use cases based on MITRE ATT&CK, leveraging intelligence feeds to enhance SOC, OT and vulnerability response capabilities.
•    Deep proficiency in security automation, including designing and implementing SOAR workflows, automating vulnerability remediation processes and leveraging API integrations to reduce manual workload and improve SOC, DLP and OT Security efficiency.
•    Expert knowledge of log analysis and correlation, leveraging big data analytics techniques to extract meaningful security insights from large-scale log sources across IT, OT, cloud and enterprise environments, ensuring effective SOC monitoring and incident response.
•    Experience in policy, governance and compliance frameworks, including ISO 27001, NIST, CIS and industry-specific regulatory requirements, ensuring alignment with security, vulnerability management and data protection best practices.
•    Extensive experience managing security tool lifecycles, including policy tuning, rule development, agent deployment and performance optimization for endpoint security, network security, OT security and DLP solutions, ensuring alignment with enterprise risk management and security operations goals.
•    Experience working in regulated industries (pharmaceutical, healthcare), with an understanding of the unique security challenges, data protection regulations and compliance requirements across SOC, OT Security, DLP and Vulnerability Management disciplines.

TECHNICAL SKILLS REQUIREMENTS•    Expert-level ability to analyze and interpret complex security events across SOC, Vulnerability Management, OT Security, and Threat Intelligence, correlating data from multiple security tools (SIEM, EDR, IDS/IPS, DLP, vulnerability scanners) to identify emerging threats, minimize false positives, and enhance detection accuracy.
•    Deep experience in security automation and orchestration (SOAR), including designing, deploying, and optimizing automated incident response workflows, vulnerability remediation processes, and data protection controls, improving operational efficiency across SOC, Vulnerability, OT Security, Security Awareness, Threat Intel and DLP.
•    Proficiency in developing, tuning, and maintaining threat detection rules, anomaly-based detections, and behavioral analytics in SIEM and EDR platforms, ensuring high-fidelity alerting for SOC, OT Security, and Threat Intelligence initiatives while reducing noise.
•    Advanced knowledge of threat modeling, IOC/IOA management, and adversary tactics (MITRE ATT&CK, Cyber Kill Chain), leveraging intelligence to strengthen proactive threat hunting, vulnerability prioritization, and security awareness training efforts.
•    Hands-on experience with incident response and forensic analysis, including triaging escalated incidents, root cause analysis, malware analysis, and memory/network forensics, ensuring rapid containment and remediation across IT and OT environments.
•    Expertise in log aggregation, parsing, and correlation across enterprise and OT environments, leveraging advanced query languages (CrowdStrike KQL, Cribl) to optimize log ingestion, threat detection, vulnerability reporting, and security awareness insights.
•    Strong leadership in SOC governance and strategic security operations planning, ensuring maturity across SOC, Threat Intelligence, and Vulnerability Management by driving KPI tracking, process improvements, and alignment with cybersecurity frameworks (NIST, CIS, ISO 27001).
•    Deep understanding of identity-based threats, privileged access abuse, lateral movement detection, and risk-based authentication, integrating these capabilities into SOC.
•    Proven experience integrating security tools (SIEM, EDR, SOAR, Firewalls, Threat-Intel Feeds, DLP, vulnerability scanners) through APIs and automation frameworks, driving a more cohesive, proactive security posture across SOC, OT Security, and Data Protection programs.
•    Ability to assess and continuously improve SOC, Vulnerability, and OT Security efficiency, optimizing incident response workflows, security playbooks, escalation protocols, and collaboration processes across IT and security teams.
•    Experience handling security tool lifecycle management, ensuring the availability, performance, and continuous enhancement of SIEM, EDR, DLP, and OT Security platforms, while driving operational efficiency and risk reduction.
•    Strong leadership, coaching, and mentorship abilities, with experience guiding global teams, upskilling analysts, and fostering collaboration across SOC, Vulnerability Management, Threat Intelligence, Security Awareness, and OT Security teams.
•    Ability to thrive in high-pressure, mission-critical environments, leading security operations with resilience, precision, and a proactive mindset to defend against evolving cyber threats.
•    Deep understanding of threat modeling, IOC management, advanced detection techniques, and how they intersect with security awareness programs to improve user education and response preparedness.
•    Ability to work in a fast-paced, high-pressure environment, prioritizing SOC, Vulnerability, and Data Loss Prevention tasks effectively to align with business risk and security objectives.
•    Strong leadership and communication skills, with experience working in a global, matrixed organization, ensuring alignment across Security Operations, Threat Intelligence, Security Awareness, Vulnerability Management, and Identity & Access Management (IDAM).
•    Ability to foster cross-functional collaboration between security, IT, OT, and business teams, ensuring a unified approach to threat detection, risk mitigation, identity governance, and enterprise-wide security awareness.

PHYSICAL POSITION REQUIREMENTS 

 Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)