Head of Information Security

Role Title

Head of Information Security

Team

Technology

Location

Pune, Maharashtra | Hybrid

Experience

1218 years of progressive experience in information security, cybersecurity, risk management, or IT security.

Reports to

Chief Technology Officer

About PharmaACE

PharmaACE is a global life sciences analytics, technology, and consulting company helping pharmaceutical and biotech organizations solve complex commercial challenges through data, AI, and advanced decision intelligence. We combine deep domain expertise with scalable technology platforms to help clients forecast launches, optimize commercialization strategies, understand markets, measure performance, and unlock growth opportunities across the product lifecycle.

With 1,000+ professionals across the US, India, Canada, and Europe, PharmaACE operates at the intersection of healthcare, analytics, and enterprise technology. Our teams build and deliver AI-powered products, advanced forecasting solutions, data platforms, and intelligent commercial analytics capabilities that support some of the worlds leading life sciences organizations.

Opportunity Overview

PharmaACE is seeking a strategic and hands-on Head of Information Security to lead the organizations global information security, cybersecurity, governance, risk, and compliance (GRC) function.

This role will be responsible for defining and executing the enterprise-wide information security strategy across business operations, client delivery environments, cloud infrastructure, internal systems, and corporate applications. The individual will work closely with executive leadership, technology teams, delivery leaders, legal, HR, and clients to ensure PharmaACE maintains a strong security posture aligned with global regulatory requirements and client expectations.

The ideal candidate will bring strong experience from consulting, analytics, technology services, or pharmaceutical services organizations, with expertise in cybersecurity operations, cloud security, risk management, audit readiness, client security assessments, and enterprise compliance frameworks.

What You'll Work On

Key Responsibilities

1. Information Security Strategy & Leadership

• Define and execute PharmaACEs enterprise information security strategy, roadmap, and governance framework.
• Build a scalable and resilient security program aligned with business growth, client expectations, and regulatory requirements.
• Partner with executive leadership to embed security into business operations, technology architecture, and client delivery models.
• Establish organization-wide security standards, policies, controls, and procedures.
• Drive a culture of security awareness and accountability across the organization.

2.Governance, Risk & Compliance (GRC)

• Lead enterprise information security governance and compliance initiatives.
• Own and manage certifications and compliance programs including ISO 27001, SOC 2, GDPR, HIPAA, and other applicable frameworks.
• Conduct enterprise-wide risk assessments, vulnerability assessments, and security audits.
• Ensure alignment with pharmaceutical and healthcare industry data protection requirements.
• Manage internal and external audits, client security reviews, and remediation programs.
• Develop risk mitigation strategies and monitor closure of identified gaps.

3. Cybersecurity Operations

• Oversee security operations including threat detection, monitoring, incident response, and vulnerability management.
• Lead cybersecurity incident management, investigation, containment, and recovery activities.
• Establish and maintain incident response plans, disaster recovery processes, and business continuity security protocols.
• Drive proactive threat intelligence and security monitoring initiatives.
• Ensure endpoint, network, application, and cloud security controls are effectively implemented.

4.Cloud & Infrastructure Security

• Lead security architecture and controls for cloud environments including Azure, AWS, and GCP.
• Ensure secure implementation of enterprise collaboration tools, SaaS platforms, and remote work infrastructure.
• Partner with infrastructure and engineering teams to embed security-by-design principles.
• Drive identity and access management (IAM), privileged access management (PAM), and zero-trust initiatives.

5.Client & Delivery Security

• Support client-facing security discussions, assessments, audits, and due diligence activities.
• Respond to client security questionnaires, RFPs, and compliance requirements.
• Ensure secure delivery practices across consulting, analytics, AI, and technology engagements.
• Build trust with global pharmaceutical and healthcare clients by strengthening security maturity and transparency.

6.Security Awareness & Training

• Develop and lead organization-wide security awareness programs.
• Conduct phishing simulations, security training, and awareness campaigns.
• Promote a strong security culture across employees, contractors, and partners.

7.Vendor & Third-Party Risk Management

• Establish vendor security assessment and third-party risk management processes.
• Evaluate security posture of external partners, vendors, and service providers.
• Ensure contractual and operational security compliance with third parties.

8.Team Leadership

• Build, mentor, and scale a high-performing information security team.
• Drive capability development across cybersecurity, governance, risk, and compliance functions.
• Manage security budgets, vendor relationships, and technology investments.
• Provide regular updates to leadership on security posture, risks, incidents, and strategic initiatives.

Key Competencies

• Strategic Leadership
• Risk Management & Decision Making
• Cybersecurity Operations
• Governance & Compliance
• Cloud Security
• Stakeholder Management
• Incident Response & Crisis Management
• Client Communication
• Team Leadership & Capability Building
• Business Acumen

Success Metrics

• Strengthened enterprise security posture and reduced organizational risk.
• Successful completion of external audits and compliance certifications.
• Timely management and resolution of security incidents.
• Improved client confidence and audit readiness.
• Increased employee security awareness and compliance adherence.
• Strong governance and measurable security maturity improvements.
• Collaborative and entrepreneurial work culture with global impact.
• Opportunity to partner with leading pharmaceutical and healthcare organizations worldwide.

Required Qualifications

• Bachelors degree in computer science, Information Security, Cybersecurity, Information Systems, or related field.
• 1218 years of progressive experience in information security, cybersecurity, risk management, or IT security.
• Proven experience leading enterprise security programs within consulting, analytics, IT services, healthcare, life sciences, or pharmaceutical organizations.
• Strong understanding of security frameworks and compliance standards including ISO 27001, SOC 2, GDPR, HIPAA, NIST, and CIS controls.
• Experience managing cloud security across AWS, Azure, or GCP environments.
• Hands-on knowledge of security operations, SIEM, vulnerability management, IAM, endpoint protection, DLP, and incident response.
• Experience managing client audits, security assessments, and enterprise risk programs.
• Strong understanding of data privacy, healthcare data protection, and pharmaceutical industry compliance requirements.
• Excellent stakeholder management and communication skills with ability to engage leadership teams and clients.
• Demonstrated ability to balance strategic thinking with operational execution

Preferred Certification

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Implementer / Lead Auditor
• CCSP, CEH, or other relevant cybersecurity certifications

Our Values & Culture

At PharmaACE, we are committed to creating an environment where people can do meaningful work and be their authentic selves. We believe diverse perspectives strengthen the way we solve problems and deliver impact, and we strive to foster a culture grounded in respect, equity, and collaboration. As an equal opportunity employer, we ensure that our people practices from hiring to growth and development are fair, inclusive, and merit-driven. We are continuously working towards building a workplace where every individual feels valued, supported, and empowered to grow.