Head of Information Security

About the Role:

The Head of Information Security will lead the enterprise-wide security function, safeguarding patient data, clinical systems, and IT infrastructure across multiple hospital units and legal entities. This role sets the security strategy, manages a skilled team, and ensures resilience against evolving cyber threats while maintaining compliance with healthcare regulations and international standards. The position is also accountable for building a strong culture of security awareness and ensuring business continuity in a digital healthcare environment.

Location: HSR Layout, Bangalore

Experience:

• 13 - 16 years of progressive information security leadership experience, with at least 7–8 years in senior management/team leadership roles.
• Proven track record of building and managing enterprise-wide security programs across multi-entity, multi-site organizations.
• Experience in healthcare/critical infrastructure environments strongly preferred.

Qualifications:

• B.E/B.Tech/MS in Information Security, Computer Science, or related field.
• Certifications (preferred): ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISA, CISM, CEH.
• Strong understanding of information security frameworks, encryption, IAM, SIEM, cloud security, and medical IT environments.

Key Delievrables:

1. Strategy & Governance

• Define and implement enterprise information security strategy aligned with business and regulatory needs.

• Establish and enforce group-wide security policies, standards, and controls.

• Maintain the Information Security Risk Register and oversee ISO 27001, HIPAA, NABH, and JCI audits.

• Report security posture and risks to the CIO and leadership team.

2. Risk & Incident Management

• Lead incident response, including investigation, remediation, and prevention.

• Oversee vulnerability assessments, penetration testing, and closure of gaps.

• Ensure effective Business Continuity and Disaster Recovery (BC/DR) programs.

3. Technology & Vendor Oversight

• Drive deployment and optimization of security solutions (SIEM, IAM, encryption, endpoint protection, DLP, CASB).

• Ensure security by design across digital and clinical IT initiatives.

• Integrate security controls into vendor management, procurement, and third-party agreements.

• Lead vendor security audits across IT MSPs, SaaS platforms, and medical tech providers.

4. Team Leadership & Culture Building

• Build and manage a high-performing security team with clear roles and performance oversight.

• Drive training, drills, and organization-wide awareness in partnership with HR/L&D.

• Collaborate with clinical, non-clinical, and admin leaders to strengthen accountability.

• Act as the primary security advisor to the Executive Leadership Team.

Skills Required:

• Deep expertise in risk management, incident response, and regulatory compliance.
• Strong technical foundation across security architecture, cloud security, IAM, SIEM, data protection, and IoMT.
• Proven ability to manage large-scale audits, certifications, and cross-border compliance.
• Strong leadership skills to build, develop, and retain high-performing teams.
• Strategic, solution-oriented mindset with high integrity and focus on data privacy and patient safety.