About the Job
About
Aligned Automation
At
Aligned Automation, we live by our "Better
Together" philosophy to build a better world. As a strategic service
provider to Fortune 500 companies, we help digitize enterprise operations and
drive impactful business strategies. Our purpose goes beyond projects—we strive
to deliver meaningful, sustainable change that shapes a more optimistic and
equitable future.
Our
culture is deeply rooted in our 4Cs—Care, Courage, Curiosity,
and Collaboration—ensuring that each employee is empowered to grow,
innovate, and thrive in an inclusive workplace.
Role Summary
The Manager – IT is responsible for overseeing end-to-end IT operations encompassing helpdesk management, infrastructure, security, compliance, and team leadership. This role drives IT strategy, ensures platform reliability, manages endpoint and identity security, and delivers actionable reporting to support business decisions. The incumbent will own the full IT lifecycle — from procurement and licensing to endpoint protection, virtualization, backup, and ISO 27001:2022 compliance.
Key Responsibilities
1. IT Operations & Helpdesk Management
■ Lead and manage IT helpdesk ensuring SLA-driven incident and service request resolution.
■ Define, monitor, and report on SLAs, KPIs, and service quality metrics.
■ Implement and optimise ITSM ticketing systems and automation workflows.
■ Manage user onboarding / offboarding, access provisioning, and endpoint support.
■ Oversee laptop, desktop, and workstation lifecycle — procurement, imaging, patching, refresh, and decommissioning.
2. IT Security & Endpoint Protection
■ Design and operate a layered endpoint security architecture covering:
◦ XDR (Extended Detection & Response) – deploy, tune, and manage XDR platforms across all endpoints and servers.
◦ MDR (Managed Detection & Response) – coordinate with MDR service providers for 24×7 threat monitoring, triage, and incident response.
◦ NDR (Network Detection & Response) – implement and oversee NDR solutions for east-west and north-south traffic analysis.
■ Conduct periodic vulnerability assessments, patch gap analysis, and threat-hunting exercises.
■ Manage DLP, email security (anti-phishing, anti-spam), and web filtering policies.
■ Respond to security incidents, perform root-cause analysis, and implement corrective actions.
■ Maintain and exercise an Incident Response Plan (IRP) aligned to ISO 27001:2022 Annex A controls.
3. Identity & Access Management (AD / Azure AD)
■ Administer and maintain on-premises Active Directory (AD DS) – OUs, GPOs, DNS, DHCP, and trust relationships.
■ Manage Microsoft Entra ID (Azure AD) – conditional access, MFA, SSO, SSPR, and identity protection policies.
■ Implement hybrid identity solutions (Azure AD Connect / Entra Connect Sync) ensuring seamless SSO.
■ Govern privileged access with PAM/PIM, role-based access control (RBAC), and regular access reviews.
■ Enforce Zero Trust principles across identity, device, and network access.
4. Patch Management
■ Own and operate an enterprise patch management program covering OS, applications, firmware, and middleware.
■ Define patch cycles (critical, high, medium, low) with SLA targets aligned to CVE severity.
■ Use tools such as WSUS, Microsoft Endpoint Configuration Manager (MECM/SCCM), Intune, or third-party patch management platforms.
■ Maintain patch compliance dashboards and present monthly posture reports to leadership.
■ Coordinate maintenance windows to minimise production impact.
5. Software Licensing & Asset Management
■ Manage the full software licensing estate — Microsoft EAs, OEM, SaaS subscriptions, and open-source usage.
■ Maintain a Software Asset Management (SAM) register ensuring compliance with vendor licence terms.
■ Optimise licence consumption, identify unused allocations, and drive cost savings.
■ Liaise with vendors and procurement for renewal negotiations, audit responses, and true-ups.
■ Track hardware assets through the full lifecycle: procurement → allocation → maintenance → disposal (ITAD).
6. Virtualisation (VMware vSphere)
■ Design, deploy, and manage VMware vSphere / vCenter environments (ESXi hosts, clusters, datastores, DRS/HA).
■ Plan and execute VM provisioning, migration (vMotion, Storage vMotion), and decommissioning.
■ Manage vSAN, NSX-T, or traditional SAN/NAS storage tiers integrated with vSphere.
■ Maintain hypervisor patching and perform capacity planning for compute and storage growth.
■ Evaluate and adopt complementary virtualisation technologies (Hyper-V, containers, VDI) as required.
7. Backup & Disaster Recovery (Nakivo & others)
■ Administer and optimize Nakivo Backup & Replication (or equivalent: Veeam, Commvault) for VMs, physical servers, Microsoft 365, and NAS.
■ Define and enforce backup policies aligned to business RPO/RTO requirements.
■ Conduct scheduled and ad-hoc recovery tests; document and report test outcomes.
■ Manage offsite / cloud backup repositories and ensure encrypted, immutable backup copies.
■ Maintain and rehearse a Business Continuity and Disaster Recovery (BCDR) plan.
8. Infrastructure & Network Management
■ Oversee server infrastructure (physical & virtual), storage, and cloud platforms (Azure / AWS / GCP).
■ Manage enterprise LAN/WAN, VPN (IPSec / SSL), P2P, and ILL connectivity.
■ Administer and harden network devices —Access switches, firewalls, Access points (Aruba, Cisco), and wireless controllers.
■ Manage DNS, DHCP, and IP address management for corporate and cloud environments.
■ Enforce network segmentation, VLANs, and micro-segmentation for security isolation.
9. Microsoft 365 Administration
■ Administer the full Microsoft 365 tenant — Exchange Online, Teams, SharePoint Online, OneDrive, and Intune MDM/MAM.
■ Manage licence assignment, tenant security policies, data retention, eDiscovery, and DLP within M365 Purview.
■ Configure and harden M365 Secure Score, Defender for Office 365, and Defender for Endpoint.
■ Oversee Teams governance, guest access policies, and telephony (Teams Phone / Direct Routing) if applicable.
■ Manage Microsoft Intune for endpoint enrolment, compliance policies, and app deployment.
10. Compliance & Audit – ISO 27001:2022
■ Own the Information Security Management System (ISMS) in alignment with ISO 27001:2022 requirements.
■ Maintain and continuously improve ISMS documentation — risk register, SoA, policies, procedures, and controls.
■ Drive internal audits, management reviews, and corrective action plans; liaise with external certification bodies.
■ Conduct information security risk assessments, threat modelling, and treatment plans.
■ Ensure compliance with applicable data protection regulations (DPDP Act, GDPR as applicable) and customer contractual security requirements.
■ Track and close audit findings and non-conformances within agreed timescales.
11. IT Procurement & Vendor Management
■ Manage end-to-end procurement of hardware, software, cloud services, and managed services.
■ Evaluate vendors, issue RFPs/RFQs, negotiate contracts, and manage SLAs.
■ Optimise IT expenditure and ensure adherence to procurement policies and budget.
■ Manage annual IT budget, forecasting, and cost allocation reporting.
12. Team Management & Development
■ Lead, mentor, and develop a multi-functional IT team (L1/L2/L3 support, sysadmins, network, security engineers).
■ Define team structure, roles, responsibilities, and KPIs; conduct regular performance reviews.
■ Identify skill gaps and drive training, certification, and professional development plans.
■ Foster a culture of accountability, continuous improvement, and collaborative problem-solving.
■ Act as primary IT escalation point for critical incidents and executive stakeholders.
13. IT Strategy, Governance & Reporting
■ Define and execute IT roadmap aligned with business objectives and digital transformation goals.
■ Establish IT policies, standards, and governance frameworks (ITIL, COBIT).
■ Prepare and present IT dashboards covering uptime, ticket metrics, security posture, patch compliance, and spend.
■ Provide data-driven insights for cost optimisation, capacity planning, and technology investment.
Qualifications & Experience
Education
■ Bachelor's degree in IT, Computer Science, Electronics, or related field (Master's preferred).
■ Relevant postgraduate qualification (MBA – IT, M.Tech, MCA) is an advantage.
Experience
■ 10–15 years of progressive experience in IT operations, infrastructure, and security.
■ Minimum 5 years in a team lead or management role overseeing multi-discipline IT teams.
■ Hands-on experience administering VMware vSphere / vCenter environments.
■ Proven track record with endpoint security tools — XDR, MDR, and/or NDR platforms.
■ Practical experience managing Active Directory on-premises and Microsoft Entra ID (Azure AD).
■ Working experience with backup solutions (Nakivo, Veeam, or equivalent) and tested DR processes.
■ Demonstrated ownership of ISO 27001 ISMS implementation or certification cycle.
■ Microsoft 365 tenant administration experience including Intune, Defender, and Exchange Online.
■ Solid understanding of enterprise networking — switching, routing, firewalls, VPN, SD-WAN.
■ Experience with cloud platforms (Azure preferred; AWS/GCP a plus).
■ Familiarity with ITIL processes and frameworks.
Technical Skills Matrix
Domain Technologies & Tools
Endpoint Security Sophos/CrowdStrike /SentinelOne / Microsoft Defender XDR · MDR services · NDR
Identity & Access On-Prem AD, Azure AD / Entra ID, Azure AD Connect, MFA, PIM/PAM, Conditional Access
Patch Management WSUS, SCCM, Microsoft Intune, ManageEngine Patch Manager
Virtualisation VMware vSphere, vCenter, ESXi, vSAN, vMotion, DRS/HA
Backup & Recovery Nakivo Backup & Replication, Veeam, Azure Backup, Offsite / Immutable storage
Microsoft 365 Exchange Online, Teams, SharePoint Online, OneDrive, Intune, Defender for O365 & Endpoint, Purview
Networking Cisco / Aruba switching, firewalls, VPN, P2P, ILL
Cloud Platforms Microsoft Azure (IaaS/PaaS), AWS, compute, storage, networking, IAM
Compliance & Audit Licensing, Asset management, ISO 27001:2022 ISMS, SOC2, risk assessments, internal audits
Monitoring & ITSM Manage Engine Service Desk Plus or other.
Scripting PowerShell, Bash; basic Python for automation
