Information Security Lead

About the Role:

The Information Security Lead will be responsible for developing and implementing the organizations information security framework to safeguard patient data, clinical systems, and enterprise IT infrastructure. This role ensures compliance with healthcare regulations, international standards, and hospital group policies, while building a culture of security awareness across all functions.

The position will drive proactive risk management, oversee incident response, and ensure business continuity in an increasingly digital healthcare environment.

Location:

Experience:

• Minimum

  810 years

  of progressive experience in information security, with at least 4 years in a managerial role.
• Experience in healthcare/critical infrastructure environments strongly preferred.

Qualifications:

• B.E/B.Tech/MS in Information Security, Computer Science, or related field.

• Certifications (preferred):

  ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISA, CISM, CEH.
• Strong understanding of information security frameworks, encryption, IAM, SIEM, cloud security, and medical IT environments

Key Deliverables:

A. Strategy & Governance

• Define and implement the information security strategy aligned with business and healthcare regulations.
• Develop and enforce security policies, standards, and procedures across hospital units.
• Maintain the Information Security Risk Register and ensure timely risk assessments and mitigation.
• Lead audits and ensure compliance with ISO 27001, HIPAA, NABH, and other standards.

B. Risk & Incident Management

• Investigate and manage security incidents, ensuring root cause analysis and prevention.
• Conduct vulnerability assessments and penetration tests, ensuring timely closure of gaps.
• Oversee Business Continuity and Disaster Recovery (BC/DR) for critical hospital systems.

C. Technology & Vendor Oversight

• Implement and manage security solutions (SIEM, IAM, encryption, endpoint security, etc.).
• Embed security controls in procurement and third-party contracts.
• Audit IT vendors, MSPs, and medical IT providers to ensure ongoing compliance.

D. Awareness & Culture Building

• Drive security awareness programs in collaboration with HR/L&D.
• Clarify roles and responsibilities to strengthen accountability across teams.
• Advise leadership and project teams on security risks in new systems and initiatives.

Mandatory Candidate Skills:

• Expertise in risk assessment, incident response, and compliance.
• Proficient in vulnerability management and modern security tools.
• Skilled in designing security programs for multi-site organizations.
• High integrity with commitment to data privacy and patient safety.
• Strong leadership, communication, and stakeholder management