Back to Jobs
I
Head

Head of Information Security Governance & Data Protection

Indegene Private Limited·Posted 3 weeks ago

Location

All India

Experience

12–16 years

Required Skills

Information Security GovernanceComplianceRisk ManagementSecurity ComplianceStakeholder ManagementLeadershipData ProtectionCybersecurity OperationsPrivacy GovernanceVendor SecurityIncident ResponseBreach ManagementAuditsAwareness Programs

About the Role

As the Director / Associate Director Data Privacy & Information Security, you will be leading the organization's information security governance and data protection programs to ensure the protection of enterprise systems, digital assets, and personal data across global operations. Your responsibilities will include designing, implementing, and managing the Information Security Management System (ISMS) and data privacy governance frameworks in compliance with global security standards, regulatory requirements, and client security expectations. You will collaborate with various departments to strengthen the organization's cybersecurity posture, safeguard personal data, manage cyber risk exposure, and embed security and privacy principles across technology platforms and business processes.

Key Responsibilities:

  • Information Security Governance - Establish and maintain the organization's ISMS aligned with global standards such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.

    • - Develop and enforce enterprise-wide information security policies, standards, and procedures.
    - Ensure the confidentiality, integrity, and availability of enterprise information assets and IT systems.
    - Conduct periodic security risk assessments and support enterprise security control reviews.

  • Cybersecurity Operations & Risk Management - Monitor cybersecurity threats, vulnerabilities, and enterprise cyber risk exposure.

    • - Oversee vulnerability management programs, threat monitoring, and security control implementation.
    - Lead response and remediation activities for cybersecurity incidents and security breaches.
    - Track security incidents and coordinate with Enterprise Risk Management to ensure cyber risks are reflected in enterprise risk registers.

  • Data Privacy & Personal Data Protection - Implement and manage the organization's data privacy governance program.

    • - Ensure compliance with applicable data protection regulations including GDPR, UK GDPR, India DPDP Act, and other global privacy frameworks.
    - Maintain records of processing activities, privacy policies, and data protection governance documentation.
    - Conduct Data Protection Impact Assessments (DPIAs) for new systems, technologies, and data processing initiatives.
    - Ensure appropriate safeguards for cross-border data transfers and vendor data processing activities.

  • Vendor Security & Data Protection Risk Management - Conduct security and privacy risk assessments for third-party vendors and service providers handling company systems or data.

    • - Evaluate vendor cybersecurity practices and privacy controls against enterprise security standards.
    - Ensure vendors comply with organizational security and data protection requirements.
    - Collaborate with procurement and legal teams to ensure appropriate security and data protection clauses are included in vendor contracts.

  • Privacy & Security by Design - Embed security-by-design and privacy-by-design principles into enterprise systems, products, and digital platforms.

    • - Collaborate with engineering and IT teams to implement secure architecture, encryption, and access control mechanisms.
    - Provide guidance on data classification, data retention, and secure data handling practices.

  • Incident Response & Breach Management - Lead investigation and response to cybersecurity incidents and personal data breaches.

    • - Coordinate cross-functional incident response with Legal, Enterprise Risk, and Technology teams.
    - Support regulatory breach notification processes where required.
    - Conduct post-incident reviews and implement improvements to strengthen security posture.

  • Security & Privacy Compliance and Audits - Support internal and external security and privacy audits, including ISO 27001 certification, client security assessments, and regulatory inspections.

    • - Maintain documentation and evidence required for security certifications and regulatory reviews.
    - Track remediation actions arising from security and privacy audit findings.

  • Security & Privacy Awareness - Develop and implement security and privacy awareness programs across the organization.

    • - Promote responsible data handling practices and strengthen organizational cyber awareness culture.

    Key Qualifications: - 1214+ years of experience in information security, cybersecurity, data privacy, or technology risk roles.

  • • Experience managing enterprise information security or privacy programs within multinational or technology-driven organizations.

  • • Strong understanding of ISO 27001, NIST Cybersecurity Framework, CIS Controls, or equivalent security standards.

  • • Knowledge of global data protection regulations including GDPR and emerging privacy frameworks.

  • • Experience managing cybersecurity incidents, vulnerability management programs, and security governance frameworks.

  • • Strong stakeholder management and cross-functional leadership capabilities.

    • Preferred Cer

    HireIQ AI InsightsBeta

    Ideal Candidate

    Someone who has progressed from hands-on security/compliance roles into a strategic governance leadership position—ideally with 3+ years managing ISMS frameworks, data privacy programs, or security risk across multiple regulatory jurisdictions.

    Estimated Salary Range(medium confidence)

    25 L – ₹42 L per year

    Likely Interview Questions

    1. 1.Walk us through your experience designing or maintaining an ISO 27001 ISMS from scratch—what gaps did you find in existing frameworks and how did you remediate them?

    2. 🔒 4 more questions locked — unlock with Professional + run a full mock interview

    🔒 Strengths to highlight + red flags locked.

    Land this role fasterProfessional
    🎙️

    SAGE

    Mock interview coach

    Rehearse the 5 most-likely questions for this role with live AI feedback.

    📄

    SPAR

    Resume tailoring

    Rewrite your resume to lead with what this hiring panel cares about.

    🤝

    REACH

    Warm intro outreach

    Find the hiring manager + 2nd-degree intros and draft the messages.

    More Compliance & Risk Roles

    View all
    B

    Director, Head of Compliance & Ethics, India

    Bristol Myers Squibb Company · All India

    Posted 1 month ago

    N

    Associate Vice President - Project Manager

    NatWest Group plc · All India, Gurugram

    Posted 3 weeks ago

    T

    Divisional Vice President, Group Benefits Consultant

    TATA AIG General Insurance Company Limited · All India, Delhi

    Posted 2 weeks ago

    T

    Senior Principal Pre-sales Engineer, Product Specialist

    Twilio · Remote - US

    Posted 1 week ago

    90% of leadership roles never appear on job boards

    Join HireIQ to access confidential opportunities, AI-powered matching, and direct connections to hiring decision-makers.

    Join the Talent Network