Head Information Security

Role Overview

• Role:

  Head of Information Security)

• Experience:

  1215 years

• Location:

  Bangalore (Onsite / Hybrid)

• Reporting to:

  CEO

• Company:

  Metafore.ai (formerly CtrlAgent)

About Metafore.ai

Metafore.ai is an early-stage Agentic AI startup building the future of intelligent automation. The platform enables enterprises to deploy AI agents that can reason, execute complex workflows, and operate safely in real-world environments.

Security, trust, and compliance are core to the product, not an afterthought—making this role central to the company’s long-term success.

What You Will Own

own security end-to-end

Security Strategy & Leadership

• Define and execute the information security strategy and roadmap
• Act as the single-point owner for security across product, cloud, and data
• Partner closely with the CEO, CTO, and engineering teams to balance speed and risk

Hands-on Architecture & Engineering

• Design and implement cloud-native security architecture (AWS / GCP / Azure)
• Secure Kubernetes, containers, CI/CD pipelines, secrets, IAM, and networking
• Lead threat modeling, architecture reviews, and security design for new features
• Personally review code, APIs, IaC, and infrastructure for security risks

DevSecOps & Automation

• Embed security into engineering workflows and CI/CD pipelines
• Build and automate security tooling (scripts, scanners, monitoring)
• Enforce least-privilege, zero-trust, and secure-by-design principles

Vulnerability, Incident & Risk Management

• Own vulnerability management lifecycle and remediation
• Lead security incident response, investigations, and post-mortems
• Set up logging, monitoring, alerting, and security observability

Compliance, Trust & Customer Assurance

• Lead compliance programs end-to-end (SOC 2, ISO 27001, GDPR, etc.)
• Build security policies, standards, and internal documentation
• Support customer security reviews, audits, and enterprise questionnaires

What We’re Looking For

Must Have

• 12–15 years

  in Information Security / Security Engineering roles
• Proven experience building

  security programs from scratch

• Deep hands-on expertise in:
• Cloud security (AWS / GCP / Azure)
• Networking, Linux, distributed systems
• OWASP Top 10, MITRE ATT&CK
• CI/CD and DevSecOps tooling
• Strong scripting and automation skills (Python, Bash, etc.)
• Ability to operate independently with

  high ownership and accountability

Good to Have

• Startup / early-stage company experience
• Kubernetes and container security expertise
• Led SOC 2 / ISO 27001 implementations end-to-end
• Security certifications (CISSP, CISM, AWS Security, etc.)

Why This Role Is Unique

• Reports

  directly to the CEO

• Opportunity to

  shape security foundations at an AI startup

• True authority—not just governance
• High visibility, high trust, high impact
• Build security as a

  product enabler

  , not a blocker