Practice Head - Data Security & Privacy

About the role

We are seeking a senior leader to head our Information Security, GRC and Data Privacy practice. Reporting to the CTO, you will be the custodian of cyber‑security governance, data‑privacy compliance and technology risk across the organisation.

Key responsibilities

• Lead the DPDPA compliance programme, embed privacy‑by‑design, manage consent, data retention, minimisation and data‑subject rights.
• Develop and maintain the enterprise information security governance framework, conduct cyber‑risk assessments and monitor security policies, standards and control baselines.
• Own the IT GRC programme across applications, infrastructure, cloud and third‑party ecosystems; ensure compliance with ISO 27001, SOC 2, NIST CSF, CIS Controls and DPDPA.
• Define organisation‑wide cyber‑security requirements, oversee vulnerability management, penetration testing and security assessments, and review security architecture for critical projects.
• Establish third‑party cyber‑risk assessment processes, evaluate vendor security postures and define contractual security and privacy clauses.
• Coordinate internal, external and customer audits, drive closure of audit findings and monitor remediation plans.
• Build and deliver security and privacy awareness programmes, including training on phishing, data handling and cyber‑security best practices.

Required profile

• 10‑15 years of experience in Information Security, IT Risk, GRC, Privacy or Cyber Security.
• Proven experience leading compliance initiatives for ISO 27001, SOC 2, NIST frameworks or equivalent standards.
• Strong track record of implementing DPDPA or similar data‑privacy regulations.
• Demonstrated ability to manage large‑scale security governance programmes and cross‑functional stakeholder engagement.

Required skills

• ISO 27001
• SOC 2
• NIST Cybersecurity Framework (CSF)
• CIS Controls
• DPDPA compliance
• Data Protection Impact Assessment (DPIA)
• Vulnerability management
• Penetration testing
• Security assessments
• Security architecture design
• Third‑party risk assessment