Job Description

Full-Time

10-15 Yrs
Gurugram

Job ID:

PC57

About the Business

OfBusiness Group is India's largest and most efficient supply chain platform, which serves as a one-stop solution for small and medium businesses to alleviate all major pain points - market discovery, raw materials, financing, and digital transformation - everything served to customers at their fingertips, us being tech - enabled. We are positioned as one of India's largest & most profitable unicorns that is following a relentless pursuit of excellence and unparalleled growth. The span of our business portfolio, wherein each venture excels in its respective domain, includes-
Raw Material Aggregation B2B Financing Manufacturing & Processing B2B Tech Platforms




Our Material Aggregation Business, India's largest B2B raw material marketplace, streamlines procurement for SMEs across manufacturing, construction, and more, offering essential multi-brand raw materials with fast quotations, competitive prices, and top-notch customer support. With a dominant presence across sectors like Steel, Non-Ferrous, Energy, Minerals, Polymers, Agri, and Chemicals, we serve our clients' raw material needs with unmatched efficiency.

What you will do.

As the

Chief Information Security Officer (CISO)

, you will be responsible for defining and executing

OXYZO's

enterprise-wide information security strategy. You will oversee cybersecurity, risk management, governance, and compliance, ensuring the protection of organizational data, systems, and infrastructure.

As a key member of the executive leadership team, you will report directly to the CEO and work closely with the Board of Directors, serving as the primary advisor on cybersecurity risks and resilience. You will also represent the company to external stakeholders including regulators, auditors, and customers, reinforcing trust and credibility in OXYZO's security posture.

Key Responsibilities

1. Security Strategy & Governance

Develop and implement the organization's information security strategy aligned with


business objectives.
Establish governance frameworks, policies, and security standards across the


enterprise.
Report regularly to the CEO and Board on security posture, risks, and progress.

2. Risk Management & Compliance

Build and oversee a comprehensive risk management program to identify, assess, and


mitigate cyber risks.
Ensure compliance with applicable regulatory, legal, and contractual requirements (ISO


27001, SOC2, GDPR, PCI DSS, etc.).
Lead regular security audits and certification processes.

3. Cybersecurity Operations & Incident Management

Oversee security operations including monitoring, detection, and response.

Direct incident response processes to ensure timely containment, recovery, and root


cause analysis.
Ensure disaster recovery and business continuity plans are robust and tested.

4. Technology & Emerging Threats

Evaluate and implement advanced security solutions, automation tools, and intelligence


platforms.
Anticipate and prepare for emerging cyber threats, zero-day vulnerabilities, and APTs.

Drive secure architecture, DevSecOps adoption, and cloud security initiatives.

5. Leadership & Culture

Build, mentor, and lead a high-performing security team (Red Team, Blue Team, GRC,


SOC).
Champion a security-first culture across the organization through training and


awareness.
Provide leadership guidance to business units on secure practices.

6. External Stakeholder Engagement

Act as the executive face of security for regulators, auditors, customers, and partners.

Ensure the organization maintains a strong reputation for security and compliance in the


market.
Collaborate with external security communities and industry bodies to stay ahead of best


practices.

What we are looking for.

Expertise in enterprise cybersecurity, risk management, and compliance frameworks.

Proven experience in Red/Blue team oversight, threat modeling, and secure


architecture.
Strong ability to communicate risks and strategy at CEO/Board level.

Excellent stakeholder management, external representation, and executive


communication skills.
10+ years of experience in Information Security, with at least 3-5 years in a leadership


role (CISO, Deputy CISO, Head of Security, or equivalent).
Track record of designing and scaling enterprise-wide security programs.

Deep knowledge of frameworks (NIST, ISO 27001, CIS, PCI DSS, GDPR, SOC2).

Expertise in enterprise and cloud security, IAM, and automation.

Industry-recognized certifications (CISSP, CISM, CISA, CCISO, or equivalent) preferred.

What we are offering.

Fast-track Career Growth High-Impact Roles Ownership & Role Autonomy Exceptional Peer Group Enjoyable Workplace * Competitive Pay & Rewards