Head of Information Security (HIS)

About Sahamati Foundation

Sahamati is a collective that enables collaboration and governance within India’s Account Aggregator (AA) ecosystem. As a not-for-profit industry alliance, we work closely with regulated entities, technology providers, and ecosystem participants to promote secure and consent-driven data sharing under the RBI’s AA framework.

Role Overview

The Head of Information Security (HIS) is responsible for establishing and maintaining the enterprise vision, strategy for information security, and program to ensure information assets and technologies are adequately protected. The role ensures alignment with business objectives, regulatory requirements, and industry standards and certifications.

Key Responsibilities

• ISMS Governance & Leadership
• Establish, implement, maintain, and continually improve the ISMS
• Define information security policies and standards
• Ensure integration of ISMS into organisational processes
• Risk Management
• Identify, assess, and manage information security risks
• Define risk appetite in consultation with senior management
• Maintain the risk register and ensure timely risk treatment
• Update the information security risk posture to the Information Security Committee
• Compliance & Regulatory Oversight
• Ensure compliance with applicable laws, regulations, and standards
• Drive compliance certification and surveillance audits
• Coordinate internal and external audits
• Conduct vulnerability assessment and penetration testing, and ensure remediation of identified vulnerabilities.
• Ensure third-party/vendor security compliance
• Security Architecture & Controls
• Define and enforce security architecture across IT and business systems
• Ensure implementation of appropriate information security controls
• Incident Management
• Establish and maintain an incident response framework
• Lead response to major security incidents and breaches
• Ensure root cause analysis and corrective actions
• Report significant incidents to leadership and the Information Security Committee
• Security Operations
• Oversight Security Operations Center(SOC) operations
• Monitor threats, vulnerabilities, and security events
• Ensure timely detection and response to threats
• Business Continuity & Resilience
• Align with Business Continuity Management (BCM) and Disaster Recovery (DR) standards and build cybersecurity resilience into the Business Continuity Management System (BCMS) process
• Participate in crisis management
• Security Awareness & Training
• Develop organisation-wide security awareness programs
• Ensure employees understand security policies and responsibilities
• Promote security culture
• Third-Party & Supply Chain Security
• Assess and manage vendor/security risks
• Ensure contractual security requirements are defined and enforced
• Conduct vendor audits and reviews
• Reporting & committees Engagement
• Provide regular updates to committees on:
• Information Security posture
• Information security Risk exposure
• Security Incident Trends
• Information security Compliance status
• Alignment of security risks with business operations
• Budget & Resource Management
• Develop and manage a cybersecurity budget
• Optimise investments in security tools and resources
• Ensure cost-effective risk mitigation

What We Offer

• Opportunity to work at the intersection of technology, finance, and policy in one of India’s most transformative digital ecosystems.
• Exposure to leading financial institutions, regulators, and innovators shaping the future of consent-based data sharing.
• A collaborative and purpose-driven work environment that values initiative and learning.

Key Skills & Competencies

• Curious to learn about the AA ecosystem and its stakeholder landscape.
• Strong knowledge of ISO 27001 and cybersecurity frameworks
• Information security Risk management expertise
• Leadership and stakeholder management
• Incident response and crisis management
• Regulatory knowledge (e.g., GDPR, local data protection laws)

Location

Bengaluru (On-site)