Sarvagram Solutions

Description
Chief Information Security Officer (CISO) Role Overview

As the Chief Information Security Officer (CISO), you will be responsible for establishing, implementing, and maintaining a comprehensive information security program that protects SarvaGram's digital assets, customer data, and business operations.

This critical leadership role requires building security frameworks that support our rapid growth across rural India while ensuring compliance with RBI, IRDAI, and data protection regulations.

You will safeguard the trust of our 150,000+ served households and our expanding franchise network.

Key Responsibilities Leadership & Governance

• Develop and execute a comprehensive information security strategy aligned with SarvaGram's business objectives and growth trajectory
• Establish and maintain an enterprise-wide information security governance framework, policies, standards, and procedures
• Build and lead a security vertical capable of supporting our distributed operations across 38,000+ villages
• Serve as the primary security advisor to the CEO, Board of Directors, and senior leadership team
• Own the security budget and ensure optimal resource allocation for maximum risk reduction

Risk Management & Compliance

• Design and implement a robust risk management framework for identifying, assessing, and mitigating information security risks
• Ensure compliance with RBI cybersecurity guidelines for NBFCs and digital lending regulations
• Maintain compliance with IRDAI requirements for insurance distribution and data protection
• Oversee compliance with IT Act 2000, Digital Personal Data Protection Act (DPDPA) 2023, and other relevant Indian regulations
• Manage third-party security assessments, audits, and certifications (ISO 27001, SOC 2, etc.)
• Conduct regular security risk assessments and present findings to senior management and board

Security Architecture & Operations

• Design secure technology architecture for our digital lending platform, mobile applications, and franchise management systems
• Implement and oversee security operations center (SOC) capabilities including monitoring, incident detection, and response
• Establish robust identity and access management (IAM) frameworks for employees, franchise partners, and customers
• Secure our data infrastructure including customer KYC data, financial records, and transaction

information

• Implement data loss prevention (DLP), encryption, and data classification programs
• Secure API integrations with banking partners, insurance providers, and other third-party systems

Fraud Prevention & Detection

• Develop and implement comprehensive fraud detection and prevention strategies for lending and insurance operations
• Establish controls to prevent identity theft, application fraud, and account takeover across our digital channels
• Implement transaction monitoring and anomaly detection systems
• Work closely with risk and operations teams to balance security controls with customer experience
• Build fraud awareness programs for our Branches and franchise network

Incident Response & Business Continuity

• Develop and maintain incident response plans, procedures, and playbooks
• Lead security incident response efforts and coordinate with relevant stakeholders
• Establish business continuity and disaster recovery plans for critical systems
• Conduct regular tabletop exercises and security drills
• Manage communication protocols for security incidents including customer notification and regulatory reporting

Security For Distributed Operations

• Design security frameworks for our 170+ Branches
• Secure mobile-first and offline-capable systems used in rural areas with limited connectivity
• Implement secure authentication and authorization for franchise partners accessing customer data
• Develop security training programs for franchise partners and field staff
• Ensure secure device management for tablets used in rural operations

Vendor & Third-Party Risk Management

• Establish vendor security assessment and ongoing monitoring programs
• Manage security requirements for partnerships with banks, insurance companies, and technology providers
• Conduct security due diligence for new vendor relationships and integrations
• Ensure contractual security obligations are met by all third parties

Security Awareness & Culture

• Build a security-first culture across the organization
• Develop and deliver comprehensive security awareness training programs
• Conduct regular phishing simulations and security awareness campaigns
• Create security champions program across different business units
• Ensure security training is culturally appropriate for our diverse workforce including rural franchise partners

Required Qualifications Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (Master's degree preferred)

• Professional security certifications required: CISSP, CISM, or equivalent
• Additional certifications valued: CISA, CEH, CGEIT, CRISC, or cloud security certifications

Experience

• 12+ years of progressive experience in information security, with at least 5 years in leadership roles
• Experience in financial services, fintech, or NBFC environment strongly preferred
• Proven track record of building security programs from ground up in high-growth organizations
• Experience securing distributed operations, mobile-first platforms, and franchise/agent networks
• Deep understanding of Indian regulatory landscape (RBI, IRDAI, DPDPA, IT Act)
• Experience working with board-level stakeholders and presenting to executive leadership

Technical Expertise

• Deep knowledge of security frameworks (NIST, ISO 27001, CIS Controls)
• Expertise in cloud security (AWS, Azure, GCP)
• Strong understanding of application security, API security, and secure SDLC
• Experience with security tools: SIEM, EDR, vulnerability management, penetration testing
• Knowledge of authentication technologies, encryption, and cryptography
• Understanding of mobile application security (Android, iOS)
• Familiarity with fraud detection systems and machine learning for security
• Demonstrable working knowledge of data privacy principles and data protection techniques including data minimization, pseudonymization, anonymization, and privacy by design

)