Chief Information Security Officer (CISO) Large Agri Enterprise

Role Overview

The Chief Information Security Officer (CISO) will be responsible for establishing and leading the information security strategy governance and execution across the Groups NBFC and Agro Trading entities. The role ensures compliance with RBI cybersecurity guidelines data privacy laws and sectoral best practices while aligning security with business growth digital initiatives and risk management.

Key Responsibilities

1. Information Security Strategy & Governance

• Develop and implement the Group-wide Information & Cyber Security Framework aligned to RBI NBFC Cybersecurity Directions ISO 27001 and NIST standards.
• Establish governance mechanisms to oversee security across both financial and agri-trading operations.
• Drive group-levelcybersecurity policies SOPs and awareness programs.
• Report regularly to the Board / Risk & Audit Committee on cybersecurity posture risks and incidents.

2. Regulatory Compliance & Risk Management

• Ensure compliance withRBIs Cyber Security Framework for NBFCs CERT-In directives and relevant data privacy regulations (DPDP Act).
• Conduct periodic IT & IS audits vulnerability assessments and penetration tests.
• Manage regulatory inspections audits and reporting requirements.
• Establish a risk-based approach to protect sensitive customer financial and trading data.

3. Security Operations & Incident Response

• Establish aSecurity Operations Centre (SOC)/ outsource managed services for continuous monitoring.
• Define and lead theIncident Response Plan (IRP)including detection containment investigation and recovery.
• Coordinate cyber crisis management and business continuity planning across group entities.
• Oversee endpoint security data protection identity & access management and fraud monitoring.

4. Technology & Process Security

• Implement and monitornetwork application and cloud securitycontrols.
• Securedigital lending platforms Oracle NetSuite ERP mobile apps and multiple customer portalsfor Agri Finance and Agri trading entities.
• Ensure trading operations (ERP commodity platforms Digital Marketplaces External Interfaces) are safeguarded from cyber threats.
• Define secure DevSecOps practices for in-house and/or outsourced application development.

5. Leadership & Stakeholder Management

• Lead the Information Security team and coordinate with IT Risk Compliance Legal and Business Units.
• Work with external vendors cybersecurity consultants and regulators.
• Build a culture of security awareness across employees agents and third parties.
• Act as thesingle point of accountabilityfor group-level cybersecurity.

Qualifications & Experience

• Bachelors degree in IT/Computer Science/Engineering; Masters preferred.
• Certifications: CISSP / CISM / CISA / ISO 27001 Lead Implementer / CRISC (preferred).
• 12 years of IT/Information Security experience with at least 5 years in a leadership role.
• Proven experience inNBFC / BFSI cybersecurity compliance. Exposure toagri trading systemsis an advantage.
• Strong understanding ofRBI NBFC guidelines DPDP Act NIST ISO 27001 cloud security fraud risk management.

Key Competencies

• Strategic thinking with strong risk management mindset.
• Hands-on knowledge of security operations threat management and compliance.
• Ability to balance security with business agility and cost constraints of a mid-sized group.
• Excellent communication with senior management regulators and external partners.
• Leadership influence and cross-functional collaboration.

Success Metrics

• Zero major regulatory non-compliance findings.
• Timely reporting and closure of vulnerabilities and incidents.
• Improved security maturity score (e.g. ISO/NIST assessments).
• Enhanced employee security awareness levels.
• Reduced cyber risk exposure across NBFC and Agro Trading operations.

Required Skills:

CISOInformation SecurityCyber SecurityInfosecCyber Security FrameworkData PrivacyIT AuditInformation Security AuditIS AuditSOCSecurity Operations CenterIRPIncident ResponseCISSPCISMCISAISO 27001NISTCertified in Risk and Information Systems Control (CRISC)