Senior Manager / Chief Manager– SOC and Access Management

About GeM

Government eMarketplace (GeM) is a unified digital platform that facilitates end-to-end procurement of goods and services

by various government departments, organizations, and public sector undertakings (PSUs). Our Honourable Prime Ministers concerted efforts to harness the power of digital platforms to achieve Minimum Government, Maximum Governance led to the genesis of GeM in 2016.

GeM provides a paperless, cashless and contactless ecosystem for government buyers to directly purchase products and services from pan-India sellers and service providers through an online platform. GeM covers the entire gamut of procurement process, right from vendor registration and item selection by buyers to receipt of goods and facilitation of timely payments. GeM has envisioned to utilise the agility and speed that come along with a digital platform created with a strategic intent to reinvigorate public procurement systems and bring about a lasting change for the underserved as well as the nation.

Built on the pillars of Efficiency, Transparency and Inclusivity, GeM has emerged as a digital tool in nations interest, aimed at catalyzing excellence in public procurement. To know more about us, please visit- https://gem.gov.in/

You may also follow us on social media platforms like Twitter, LinkedIn, Koo App, YouTube, Facebook

GeM invites applications from eligible candidates for recruitment to the following position(s) on Contractual Basis:

This is a contractual engagement under the Project Management Unit (PMU) for an initial period of 5 years, extendable based on performance and organizational requirements.

Eligible applicants can apply by submitting their applications including CV by 17-Feb-26.

GeM selection committee reserves the right to relax or extend the eligibility criteria and educational qualifications. The crucial date for determining eligibility will be the last date of receipt of applications. No applications shall be entertained under any circumstances after the stipulated date. Incomplete applications without application form shall not be considered. GeM reserves the right to shortlist candidates for interview. Applicants should note that mere fulfilment of minimum eligibility criteria may not ensure consideration for short listing for interview. GeM will not entertain any correspondence on this subject and decisions of GeM will be final in all matters.

JOB SPECIFICATION

JOB SUMMARY

We are seeking an experienced Senior Manager or Chief Manager for Security Operations Centre (SOC) and Access Management with a minimum of 8+ years of experience in building Security Operation Centre and establishing access management controls as per industry best practices. The ideal candidate will have required skills in manage the SOC operations to improve the detection capability and contributing in improving the overall SOC maturity. The candidate will be responsible for ensuring the SIEM tool is configured as per best practices and as per custom environment or organisation to detect the threats contextual to organisation. This role will oversee the access management solution and processes deployed improving the overall lifecycle of access identity from provisioning to

deprovisioning.

ROLE AND RESPONSIBILITY

Security Operations Centre (SOC) Management

• SIEM Platform Optimization: Fine-tune SIEM ingestion devices and the use cases to reduce noise and improve False positive ratio. Implement SOAR integrations and configuring playbooks for automated incident response and ticketing. Conduct regular health checks and performance tuning of SOC tools.
• MITRE ATT&CK Mapping: Align detection rules with MITRE tactics and techniques using AI-powered tagging tools. Maintain MITRE coverage dashboards and ensure completeness across analytics rules.
• SLA Tracking & Governance: Define and monitor SLAs for incident triage, escalation, and closure. Conduct weekly governance reviews with SOC partners to assess KPIs and incident trends. Develop playbooks and runbooks for consistent incident handling. Reduction in MTTD and MTTR.
• Threat Intelligence & Analysis: Utilize advanced threat intelligence tools to monitor and evaluate emerging threats. Collaborate with internal and external teams to implement countermeasures.
• Security Posture Enhancement: Contribute to strengthening the organization s overall security posture by recommending new technologies, processes, and methodologies to enhance SOC capabilities.
• Implement and manage Database Access Monitoring to track and analyse user activity across critical databases. Monitor query execution, access patterns, and privilege usage. Detect unauthorized access attempts and suspicious behaviour. Ensure logging and alerting are in place for compliance and audit readiness.
• Collaboration with Other Teams: Work closely with IT, Application, and Network teams to ensure a unified approach to cybersecurity and incident management. Develop, track, and report SOC performance metrics, including response times, incident resolution, and overall, SOC health.

Access Management

• Design Architecture:
• Develop and maintain scalable architectures for non-human identity lifecycle management, including provisioning, rotation, and decommissioning. Define IAM architecture, including identity lifecycle management, single sign-on(SSO), multi-factor authentication (MFA), and privileged access management (PAM).
• Access Governance
• Responsible for ensuring governance of the lifecycle of access identity including provisioning deprovisioning, privilege access management and day to day operations of access management to ensure organisational compliances.
• Implementation Automation:
• Automate identity provisioning and deprovisioning processes for applications, devices, and services, servers, third party components using IAM tools and scripts. Configuring self service workflows for access provisioning as per defined RBAC in an automated manner.
• Access Management:
• Define and enforce policies for authentication and authorization of human as well as non-human identities, including privileged access management (PAM) for service accounts and secrets management. Implement role-based access control (RBAC) and attribute-based access control (ABAC) mechanisms
• Integration:
• Integrate IAM solutions with cloud platforms, third party solutions, CI/CD pipelines, DevOps tools, and third-party APIs to ensure seamless identity management.
• Security Compliance:
• Implement security controls, auditing, and monitoring for non-human identities to ensure compliance with regulatory requirements and internal policies. Establish IAM policies, procedures, and standards to enforce security best practices
• Knowledge of the following core concepts:
• Principle of least privileged access
• Principle of revocation of rights
• Principle of Just In Time access
• Securing Active Directory Familiarity with compliance regulations and CSA (cloud security alliance) / CIS Critical Security Controls /NIST frameworks and standards.
• Candidate should have excellent troubleshooting capabilities and be experienced in diagnostic/tracing tools.
• Any other responsibility as may be assigned from time to time.

EXPERIENCE

• Minimum of 8 years of progressive experience in Information Security, SOC Management and Access Management.
• At least 4 years of experience in managing SOC and Access Management for any organisation.
• Strong understanding of SOC operations and SIEM optimization.
• MITRE ATT&CK mapping and threat modelling.
• Understanding of secure network architecture, segmentation and defence in depth.

REQUIREMENTS

• Ability to analyse complex security issue sand clearly communicate them to non-technical stakeholders.
• Managing Access Management and access governance.
• Conduct assessments of clients' current IAM environments, identify gaps, and recommend solutions to enhance security posture.
• Oversee the deployment and integration of IAM technologies, ensuring seamless interaction with existing systems and processes.
• Threat intelligence (brand/dark web).

EDUCATION REQUIREMENTS

• Bachelors or Masters degree in Engineering/ Technology/Computer

Science/Information Technology/any related field from a reputed university.

GOOD TO HAVE SKILLS

• Experience in conducting risk assessments, audits, and policy development.
• Risk-based thinking and attention to detail
• Strong problem-solving and analytical skills
• Ability to influence and drive compliance culture
• Basic understanding of Cloud Security technologies and experience in e- commerce domain will be an added advantage.
• Vendor / contract management of IT partners through SLAs, KPIs.
• Strong analytical and problem-solving skills, with the ability to evaluate complex systems and make data-driven decisions.
• Experience with Dashboarding and reporting Management
• Good Communication skills.