Head of Information Security (HIS)
About the role
The Head of Information Security (HIS) is responsible for establishing and maintaining the enterprise vision, strategy for information security, and program to ensure information assets and technologies are adequately protected. The role ensures alignment with business objectives, regulatory requirements, and industry standards and certifications.
Key Responsibilities
ISMS Governance & Leadership - Establish, implement, maintain, and continually improve the ISMS; define information security policies and standards; ensure integration of ISMS into organizational processes.
Risk Management - Identify, assess, and manage information security risks; define risk appetite in consultation with senior management; maintain the risk register and ensure timely risk treatment; update the information security risk posture to the Information Security Committee.
Compliance & Regulatory Oversight - Ensure compliance with applicable laws, regulations, and standards; drive compliance certification and surveillance audits; coordinate internal and external audits; conduct vulnerability assessment and penetration testing, and ensure remediation of identified vulnerabilities; ensure third-party/vendor security compliance.
Security Architecture & Controls - Define and enforce security architecture across IT and business systems; ensure implementation of appropriate information security controls.
Incident Management - Establish and maintain an incident response framework; lead response to major security incidents and breaches; ensure root cause analysis and corrective actions; report significant incidents to leadership and the Information Security Committee.
Security Operations - Oversight Security Operations Center (SOC) operations; monitor threats, vulnerabilities, and security events; ensure timely detection and response to threats.
Business Continuity & Resilience - Align with Business Continuity Management (BCM) and Disaster Recovery (DR) standards and build cybersecurity resilience into the Business Continuity Management System (BCMS) process; participate in crisis management.
Security Awareness & Training - Develop organization-wide security awareness programs; ensure employees understand security policies and responsibilities; promote security culture.
Third-Party & Supply Chain Security - Assess and manage vendor/security risks; ensure contractual security requirements are defined and enforced; conduct vendor audits and reviews.
Reporting & Committees Engagement - Provide regular updates to committees on information security posture, information security risk exposure, security incident trends, and information security compliance status; alignment of security risks with business operations.
Budget & Resource Management - Develop and manage a cybersecurity budget; optimise investments in security tools and resources; ensure cost-effective risk mitigation.
What We Offer
Opportunity to work at the intersection of technology, finance, and policy in one of India’s most transformative digital ecosystems.
Exposure to leading financial institutions, regulators, and innovators shaping the future of consent-based data sharing.
A collaborative and purpose-driven work environment that values initiative and learning.
Key Skills & Competencies
Curious to learn about the AA ecosystem and its stakeholder landscape.
Strong knowledge of ISO 27001 and cybersecurity frameworks.
Information security Risk management expertise.
Leadership and stakeholder management.
Incident response and crisis management.
Regulatory knowledge (e.g., GDPR, local data protection laws).
How To Apply
Join us in our mission to promote financial inclusion and empower individuals across India through the Account Aggregator ecosystem. Apply now to become a part of our dedicated team!
Please submit your resume and cover letter to careers@sahamati.org.in. Please indicate “Head of Information Security (HIS)” in the subject line. Applications will be accepted on a rolling basis, till an appropriate candidate is finalized.
Location: Bengaluru (On-site)