Job Title: General Manager - IT Infrastructure, Network & Communications

Department: Information Technology

Reporting To: CTO

Industry Focus: Quick Service Restaurants (QSR) / Food & Beverage (F&B)

Experience: 15+ Years

Technical Key Responsibility Areas (KRA):

1. Data Center & Infrastructure Management:

- Full-stack management of in-house, co-located, and outsourced data centers including power, cooling, racks, structured cabling, and environmental monitoring systems.

- Plan, size, and scale compute and storage capacity (SAN/NAS), virtualization clusters (VMware ESXi), and HA failover for critical applications (e.g., SAP ECC/HANA, MS Dynamics).

- Define hypervisor configurations, resource pools, clustering, DRS/HA policies, and vMotion strategy.

- Implement and test DR strategies using tools like Veeam, Zerto, and Commvault across Tier 3+ DC/DR setups.

2. Core Network & WAN Infrastructure:

- Architect and manage MPLS/SD-WAN network designs supporting 99.99% uptime across 300+ restaurant and corporate locations.

- Deep experience with protocols: BGP, OSPF, EIGRP, VRRP, HSRP, STP, VRF segmentation.

- Core device configuration and administration: Cisco Catalyst 3750/4500/9400, Nexus 7K/9K, Juniper EX series, SonicWALL, FortiGate UTM.

- Manage L2/L3 switch fabric, trunking (802.1Q), QoS policies, link aggregation (LACP), and redundant routing via HSRP/VRRP.

3. Perimeter Security & Enterprise Firewalling:

- Define and enforce firewall rulesets (NAT, PAT, ACLs) and policies on SonicWALL, Cisco ASA, FortiGate, and Check Point platforms.

- Centralized management and threat detection using UTM appliances and NGFW with Intrusion Detection/Prevention (IDS/IPS).

- VPN infrastructure management: IPsec tunnels for site-to-site, SSL VPN for remote access (SonicWALL, Cisco AnyConnect).

- Security hardening of router/switch configurations and OS image compliance for patching and version control.

4. Virtualization & Cloud Services:

- Lead infrastructure-as-a-service (IaaS) strategies on Azure/AWS: VNet design, ExpressRoute/VPN Gateway configuration, NSG/UDR planning.

- Migrate workloads from on-prem to cloud (Lift & Shift), implement cloud backup using Azure Backup or AWS Glacier.

- VM and containerized environment administration using vSphere, vCenter, Docker (Swarm/K8s optional).

- Integrate Active Directory Federation Services (ADFS), Azure AD Connect, SSO/MFA security policies.

5. End-User & Outlet IT Management:

- Design, configure, and monitor thin client and POS networks with restricted VLAN segmentation and DHCP relay strategies.

- Oversee wireless controller and AP deployments (Cisco WLC, Aruba Central), guest network isolation, and 802.1X authentication.

- Automate endpoint configuration via SCCM/Intune, monitor compliance, and manage patching across endpoints.

- Ensure smooth functioning of retail/outlet technology stack: POS, KDS, kiosks, customer Wi-Fi, and order tablets.

6. Network Monitoring & Fault Management:

- Deploy and administer monitoring platforms (SolarWinds, PRTG, Nagios) for real-time alerts, link availability, SNMP polling, and NetFlow analysis.

- Set up SLA compliance metrics and auto-ticketing via integration with ITSM tools (ServiceNow/FreshService).

- Troubleshoot escalated L2/L3 incidents, link flaps, routing loops, high CPU/memory on core devices.

- Manage proactive monitoring scripts for packet loss, jitter, throughput, and MTTR reduction.

7 . Policy, Audit & Compliance:

- Implement and maintain ITGC/ISO27001-aligned infrastructure processes and documentation.

- Ensure compliance with PCI-DSS for payment environments, endpoint encryption, NAC enforcement, and log retention.

- Prepare documentation for security audits, process SOPs, DR drills, RCA reports, change and patch management logs.

8. Strategic Planning, Budgeting & Optimization:

- Annual CAPEX/OPEX planning for IT Infrastructure spend with a focus on ROI, scalability, and vendor negotiation.

- Design policies for asset lifecycle management, EOL/EOS tracking, and hardware refresh cycles.

- Optimize licensing, WAN bandwidth planning, and datacenter power/cooling efficiency metrics (PUE/DCiE).

9. Software Asset Management & Licensing Compliance:

- End-to-end ownership of software licensing lifecycle: procurement, activation, allocation, renewal, and decommissioning.

- Maintain centralized inventory

- Ensure compliance with OEM contracts for Microsoft, VMware, Adobe, and security vendors.

- Monitor and audit software deployments to prevent unauthorized installations and ensure EULA adherence.

- Conduct internal audits and prepare for external vendor audits.

- Optimize license usage through metrics (user/device ratio, license utilization reports) to reduce costs.

- Managing Mailing solutions.

10. Backup, Archival & Disaster Recovery Management:

- Design and implement a comprehensive backup and DR strategy for core infrastructure (DC/DR/Cloud).

- Manage enterprise backup solutions across virtualized, physical, and cloud instances.

- Define RTO/RPO for business-critical applications (e.g., POS, ERP, CRM, AD, File Servers, Email).

- Automate snapshot and image-level backups for VMware, Hyper-V, and Azure/AWS workloads.

- Enforce data retention and archival policies (tiered storage, cold/archive storage in cloud - Azure Blob, AWS Glacier).

- Periodically test backup restoration integrity and DR readiness with scheduled drills.

11. Vendor & ISP Coordination:

- Handle link provisioning and fault escalation with ISPs: Airtel, Tata Comm, Sify, Vodafone, etc., for ILL/MPLS/PRI/BRI/Local Loop circuits.

- Track and enforce SLAs, MTTR, and uptime guarantees across service contracts using regular performance reports and incident RCAs.

Certifications (Preferred):

- Networking & Security: CCNA, CCNP, Fortinet NSE4, SonicWALL CSSA

- Microsoft/Cloud: Microsoft Certified: Azure Solutions Architect, AWS Solutions Architect Associate

- Virtualization & Infra: VMware VCP, ITIL v4, PMP (optional)