Role Title Head of Information Security Team Technology Location Pune, Maharashtra | Hybrid Experience 12–18 years of progressive experience in information security, cybersecurity, risk management, or IT security. Reports to Chief Technology Officer About PharmaACE PharmaACE is a global life sciences analytics, technology, and consulting company helping pharmaceutical and biotech organizations solve complex commercial challenges through data, AI, and advanced decision intelligence. We combine deep domain expertise with scalable technology platforms to help clients forecast launches, optimize commercialization strategies, understand markets, measure performance, and unlock growth opportunities across the product lifecycle.

With 1,000+ professionals across the US, India, Canada, and Europe, PharmaACE operates at the intersection of healthcare, analytics, and enterprise technology. Our teams build and deliver AI-powered products, advanced forecasting solutions, data platforms, and intelligent commercial analytics capabilities that support some of the world’s leading life sciences organizations.

Opportunity Overview

PharmaACE is seeking a strategic and hands-on Head of Information Security to lead the organization’s global information security, cybersecurity, governance, risk, and compliance (GRC) function. This role will be responsible for defining and executing the enterprise-wide information security strategy across business operations, client delivery environments, cloud infrastructure, internal systems, and corporate applications. The individual will work closely with executive leadership, technology teams, delivery leaders, legal, HR, and clients to ensure PharmaACE maintains a strong security posture aligned with global regulatory requirements and client expectations.

The ideal candidate will bring strong experience from consulting, analytics, technology services, or pharmaceutical services organizations, with expertise in cybersecurity operations, cloud security, risk management, audit readiness, client security assessments, and enterprise compliance frameworks. What You'll Work On Key Responsibilities 1.

Information Security

Strategy & Leadership - Define and execute PharmaACE’s enterprise information security strategy, roadmap, and governance framework.

• Build a scalable and resilient security program aligned with business growth, client expectations, and regulatory requirements.
• Partner with executive leadership to embed security into business operations, technology architecture, and client delivery models.
• Establish organization-wide security standards, policies, controls, and procedures.
• Drive a culture of security awareness and accountability across the organization. 2.Governance, Risk & Compliance (GRC) - Lead enterprise information security governance and compliance initiatives.
• Own and manage certifications and compliance programs including ISO 27001, SOC 2, GDPR, HIPAA, and other applicable frameworks.
• Conduct enterprise-wide risk assessments, vulnerability assessments, and security audits.
• Ensure alignment with pharmaceutical and healthcare industry data protection requirements.
• Manage internal and external audits, client security reviews, and remediation programs.
• Develop risk mitigation strategies and monitor closure of identified gaps. 3.

Cybersecurity

Operations - Oversee security operations including threat detection, monitoring, incident response, and vulnerability management.

• Lead cybersecurity incident management, investigation, containment, and recovery activities.
• Establish and maintain incident response plans, disaster recovery processes, and business continuity security protocols.
• Drive proactive threat intelligence and security monitoring initiatives.
• Ensure endpoint, network, application, and cloud security controls are effectively implemented. 4.Cloud & Infrastructure Security - Lead security architecture and controls for cloud environments including Azure, AWS, and GCP.
• Ensure secure implementation of enterprise collaboration tools, SaaS platforms, and remote work infrastructure.
• Partner with infrastructure and engineering teams to embed security-by-design principles.
• Drive identity and access management (IAM), privileged access management (PAM), and zero-trust initiatives. 5.Client & Delivery Security - Support client-facing security discussions, assessments, audits, and due diligence activities.
• Respond to client security questionnaires, RFPs, and compliance requirements.
• Ensure secure delivery practices across consulting, analytics, AI, and technology engagements.
• Build trust with global pharmaceutical and healthcare clients by strengthening security maturity and transparency. 6.Security Awareness & Training - Develop and lead o