Chief Information Security Officer

Key Responsibilities

Strategic Leadership & Governance

Develop and execute a comprehensive information security strategy aligned with

SarvaGram's business objectives and growth trajectory

Establish and maintain an enterprise-wide information security governance

framework, policies, standards, and procedures

Build and lead a security vertical capable of supporting our distributed operations

across 38,000+ villages

Serve as the primary security advisor to the CEO, Board of Directors, and senior

leadership team

Own the security budget and ensure optimal resource allocation for maximum

risk reduction

Risk Management & Compliance

Design and implement a robust risk management framework for identifying,

assessing, and mitigating information security risks

Ensure compliance with RBI cybersecurity guidelines for NBFCs and digital

lending regulations

Maintain compliance with IRDAI requirements for insurance distribution and data

protection

Oversee compliance with IT Act 2000, Digital Personal Data Protection Act

(DPDPA) 2023, and other relevant Indian regulations

Manage third-party security assessments, audits, and certifications (ISO 27001,

SOC 2, etc.)

Conduct regular security risk assessments and present findings to senior

management and board

Security Architecture & Operations

Design secure technology architecture for our digital lending platform, mobile

applications, and franchise management systems

Implement and oversee security operations center (SOC) capabilities including

monitoring, incident detection, and response

Establish robust identity and access management (IAM) frameworks for

employees, franchise partners, and customers

Secure our data infrastructure including customer KYC data, financial records,

and transaction information

Implement data loss prevention (DLP), encryption, and data classification

programs

Secure API integrations with banking partners, insurance providers, and other

third-party systems

Fraud Prevention & Detection

Develop and implement comprehensive fraud detection and prevention strategies

for lending and insurance operations

Establish controls to prevent identity theft, application fraud, and account

takeover across our digital channels

Implement transaction monitoring and anomaly detection systems

Work closely with risk and operations teams to balance security controls with

customer experience

Build fraud awareness programs for our Branches and franchise network

Incident Response & Business Continuity

Develop and maintain incident response plans, procedures, and playbooks

Lead security incident response efforts and coordinate with relevant

stakeholders

Establish business continuity and disaster recovery plans for critical systems

Conduct regular tabletop exercises and security drills

Manage communication protocols for security incidents including customer

notification and regulatory reporting

Security for Distributed Operations

Design security frameworks for our 170+ Branches

Secure mobile-first and offline-capable systems used in rural areas with limited

connectivity

Implement secure authentication and authorization for franchise partners

accessing customer data

Develop security training programs for franchise partners and field staff

Ensure secure device management for tablets used in rural operations

Vendor & Third-Party Risk Management

Establish vendor security assessment and ongoing monitoring programs

Manage security requirements for partnerships with banks, insurance

companies, and technology providers

Conduct security due diligence for new vendor relationships and integrations

Ensure contractual security obligations are met by all third parties

Security Awareness & Culture

Build a security-first culture across the organization

Develop and deliver comprehensive security awareness training programs

Conduct regular phishing simulations and security awareness campaigns

Create security champions program across different business units

Ensure security training is culturally appropriate for our diverse workforce

including rural franchise partners

Required Qualifications

Education

Bachelor's degree in Computer Science, Information Technology, Cybersecurity,

or related field (Master's degree preferred)

Professional security certifications required: CISSP, CISM, or equivalent

Additional certifications valued: CISA, CEH, CGEIT, CRISC, or cloud security

certifications

Experience

12+ years of progressive experience in information security, with at least 5 years

in leadership roles

Experience in financial services, fintech, or NBFC environment strongly preferred

Proven track record of building security programs from ground up in high-growth

organizations

Experience securing distributed operations, mobile-first platforms, and

franchise/agent networks

Deep understanding of Indian regulatory landscape (RBI, IRDAI, DPDPA, IT Act)

Experience working with board-level stakeholders and presenting to executive

leadership

Technical Expertise

Deep knowledge of security frameworks (NIST, ISO 27001, CIS Controls)

Expertise in cloud security (AWS, Azure, GCP)

Strong understanding of application security, API security, and secure SDLC

Experience with security tools: SIEM, EDR, vulnerability management, penetration

testing

Knowledge of authentication technologies, encryption, and cryptography

Understanding of mobile application security (Android, iOS)

Familiarity with fraud detection systems and machine learning for security

Demonstrable working knowledge of data privacy principles and data protection

techniques including data minimization, pseudonymization, anonymization, and

privacy by design

Domain Knowledge

Knowledge of digital lending regulations and RBI guidelines

Awareness of rural market dynamics and challenges of serving distributed

populations is a plus.

Understanding of insurance distribution and regulatory requirements

Desired Attributes

Leadership & Communication

Exceptional leadership skills with ability to build and inspire teams

Outstanding communication skills with ability to translate technical security

concepts to business stakeholders

Experience influencing without authority and building consensus across

organizations

Track record of building security culture in fast-paced, growth-oriented

environments

Strategic Thinking

Ability to balance security requirements with business enablement

Strategic mindset with ability to anticipate future threats and plan accordingly

Experience making risk-based decisions in resource-constrained environments

Innovative thinking to solve unique security challenges of rural fintech operations

Personal Qualities

High integrity and ethical standards

Passion for financial inclusion and serving rural India

Adaptability and comfort with ambiguity in a high-growth startup environment

Cultural sensitivity and ability to work with diverse teams and stakeholders

What We Offer

Opportunity to build information security function at one of India's leading rural

fintech platforms

Direct impact on financial inclusion for millions of rural households

Collaborative, mission-driven culture focused on serving aspiring rural India

Competitive compensation package including equity participation

Professional development opportunities and conference attendance

Chance to solve unique security challenges at the intersection of fintech, rural

markets, and franchise operations

Location

Pune, Maharashtra (with travel to branch locations and villages as needed)

Reports to: Chief Risk Officer (CRO)