Chief Information Security Officer

Role Overview

The Chief Information Security Officer (CISO) will be responsible for establishing and leading the information security strategy, governance, and execution across the Group//'s NBFC and Agro Trading entities. The role ensures compliance with RBI cybersecurity guidelines, data privacy laws, and sectoral best practices, while aligning security with business growth, digital initiatives, and risk management.

Key Responsibilities

1. Information Security Strategy & Governance

• Develop and implement the Group-wide Information & Cyber Security Framework aligned to RBI NBFC Cybersecurity Directions, ISO 27001, and NIST standards.
• Establish governance mechanisms to oversee security across both financial and agri-trading operations.
• Drive group-level cybersecurity policies, SOPs, and awareness programs.
• Report regularly to the Board / Risk & Audit Committee on cybersecurity posture, risks, and incidents.

2. Regulatory Compliance & Risk Management

• Ensure compliance with RBI//'s Cyber Security Framework for NBFCs, CERT-In directives, and relevant data privacy regulations (DPDP Act).
• Conduct periodic IT & IS audits, vulnerability assessments, and penetration tests.
• Manage regulatory inspections, audits, and reporting requirements.
• Establish a risk-based approach to protect sensitive customer, financial, and trading data.

3. Security Operations & Incident Response

• Establish a Security Operations Centre (SOC) / outsource managed services for continuous monitoring.
• Define and lead the Incident Response Plan (IRP) including detection, containment, investigation, and recovery.
• Coordinate cyber crisis management and business continuity planning across group entities.
• Oversee endpoint security, data protection, identity & access management, and fraud monitoring.

4. Technology & Process Security

• Implement and monitor network, application, and cloud security controls.
• Secure digital lending platforms, Oracle NetSuite ERP, mobile apps, and multiple customer portals for Agri Finance and Agri trading entities.
• Ensure trading operations (ERP, commodity platforms, Digital Marketplaces, External Interfaces) are safeguarded from cyber threats.
• Define secure DevSecOps practices for in-house and/or outsourced application development.

5. Leadership & Stakeholder Management

• Lead the Information Security team and coordinate with IT, Risk, Compliance, Legal, and Business Units.
• Work with external vendors, cybersecurity consultants, and regulators.
• Build a culture of security awareness across employees, agents, and third parties.
• Act as the single point of accountability for group-level cybersecurity.

Qualifications & Experience

• Bachelor//'s degree in IT/Computer Science/Engineering; Master//'s preferred.
• Certifications: CISSP / CISM / CISA / ISO 27001 Lead Implementer / CRISC (preferred).
• 12+ years of IT/Information Security experience, with at least 5 years in a leadership role.
• Proven experience in NBFC / BFSI cybersecurity compliance. Exposure to agri trading systems is an advantage.
• Strong understanding of RBI NBFC guidelines, DPDP Act, NIST, ISO 27001, cloud security, fraud risk management.

Key Competencies

• Strategic thinking with strong risk management mindset.
• Hands-on knowledge of security operations, threat management, and compliance.
• Ability to balance security with business agility and cost constraints of a mid-sized group.
• Excellent communication with senior management, regulators, and external partners.
• Leadership, influence, and cross-functional collaboration.

Success Metrics

• Zero major regulatory non-compliance findings.
• Timely reporting and closure of vulnerabilities and incidents.
• Improved security maturity score (e.g., ISO/NIST assessments).
• Enhanced employee security awareness levels.
• Reduced cyber risk exposure across NBFC and Agro Trading operations.