The Chief Information Security Officer (CISO) will be responsible for establishing and leading the information security strategy, governance, and execution across the Group//'s NBFC and Agro Trading entities. The role ensures compliance with RBI cybersecurity guidelines, data privacy laws, and sectoral best practices, while aligning security with business growth, digital initiatives, and risk management.
Key Responsibilities
1. Information Security Strategy & Governance
Develop and implement the Group-wide Information & Cyber Security Framework aligned to RBI NBFC Cybersecurity Directions, ISO 27001, and NIST standards.
Establish governance mechanisms to oversee security across both financial and agri-trading operations.
Drive group-level
cybersecurity policies, SOPs, and awareness programs
.
Report regularly to the Board / Risk & Audit Committee on cybersecurity posture, risks, and incidents.
2. Regulatory Compliance & Risk Management
Ensure compliance with
RBI//'s Cyber Security Framework for NBFCs
, CERT-In directives, and relevant data privacy regulations (DPDP Act).
Conduct periodic IT & IS audits, vulnerability assessments, and penetration tests.
Manage regulatory inspections, audits, and reporting requirements.
Establish a risk-based approach to protect sensitive customer, financial, and trading data.
3. Security Operations & Incident Response
Establish a
Security Operations Centre (SOC)
/ outsource managed services for continuous monitoring.
Define and lead the
Incident Response Plan (IRP)
including detection, containment, investigation, and recovery.
Coordinate cyber crisis management and business continuity planning across group entities.
Oversee endpoint security, data protection, identity & access management, and fraud monitoring.
4. Technology & Process Security
Implement and monitor
network, application, and cloud security
controls.
Secure
digital lending platforms, Oracle NetSuite ERP, mobile apps, and multiple customer portals
for Agri Finance and Agri trading entities.
Ensure trading operations (ERP, commodity platforms, Digital Marketplaces, External Interfaces) are safeguarded from cyber threats.
Define secure DevSecOps practices for in-house and/or outsourced application development.
5. Leadership & Stakeholder Management
Lead the Information Security team and coordinate with IT, Risk, Compliance, Legal, and Business Units.
Work with external vendors, cybersecurity consultants, and regulators.
Build a culture of security awareness across employees, agents, and third parties.
Act as the
single point of accountability
for group-level cybersecurity.
Qualifications & Experience
Bachelor//'s degree in IT/Computer Science/Engineering; Master//'s preferred.
Certifications: CISSP / CISM / CISA / ISO 27001 Lead Implementer / CRISC (preferred).
12+ years of IT/Information Security experience, with at least 5 years in a leadership role.
Proven experience in
Strategic thinking with strong risk management mindset.
Hands-on knowledge of security operations, threat management, and compliance.
Ability to balance security with business agility and cost constraints of a mid-sized group.
Excellent communication with senior management, regulators, and external partners.
Leadership, influence, and cross-functional collaboration.
Success Metrics
Zero major regulatory non-compliance findings.
Timely reporting and closure of vulnerabilities and incidents.
Improved security maturity score (e.g., ISO/NIST assessments).
Enhanced employee security awareness levels.
* Reduced cyber risk exposure across NBFC and Agro Trading operations.
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.