Skip to main content
Posted 04 June, 2026

Head of Information Security

Ramraj Cotton
Chennai, TN, IN Full Time
Reference: 3ff7898924046bdf

Job Description

Position : Head – Information Security\nLocation: Tirupur, Tamil Nadu (with travel to pan-India sites)\n\nAs we accelerate our digital transformation, spanning ERP modernization, Industry 4.0 integration, and e-commerce expansion, we are building a highly resilient Info Sec function to safeguard our Information assets, data, and brand reputation.\n\nROLE OVERVIEW\nThe Head – Information Security will devise and implement information security practices, initiatives, governance, and compliances including data privacy. This is a pivotal role reporting to Group CITO with a mandate to continuously mature a resilient Information Security Management System (ISMS) aligned to ISO/IEC 27001, applicable Indian regulations, and data protection frameworks.\nThe incumbent will own the cybersecurity posture across all manufacturing plants, corporate office, Warehouses, Retail stores, Digital infrastructure, and supply chain partner interfaces, ensuring business continuity and regulatory trust.\n\nPOSITION\nJob Title : Head – Information Security\nFunction: Information Security\nLocation : Tirupur, Tamil Nadu (with travel to pan-India sites)\nReporting To : Group CITO\nTeam Size : 6 –10 direct and indirect reports\nExperience : 15+ years overall; minimum 3+ years as Head - InfoSec\nIndustry Preference : Apparel, Textile, Fashion, Retail, FMCG, Manufacturing etc\n\nKEY RESPONSIBILITIES\n1. Information Security Goals & Governance\nDefine and own the enterprise-wide Information Security Goals, roadmap, and budget aligned with business objectives and risk appetite.\nEstablish and lead the Information Security Steering Committee, present security posture updates to the management on quarterly basis.\nDevelop, publish, and enforce the organization’s suite of Information Security policies, standards, and procedures.\nLead the design and certification of the ISMS in accordance with ISO/IEC 27001:2022\nDevise and implement Data Privacy program in the company.\n\n2.

Risk Management & Compliance\nDrive enterprise-level Information Security Risk Assessment (ISRA) and maintain a living risk register with defined treatment plans.\nEnsure compliance with applicable Indian regulations including IT Act 2000, DPDP Act 2023, RBI cybersecurity guidelines (where applicable), and sector-specific directives from MeitY.\nOversee third-party and supply chain security risk assessments; enforce contractual data security obligations with vendors and logistics partners.\n\n3. Data Privacy & Protection\nServe as the functional lead and implement Digital Personal Data Protection (DPDP) Act 2023 compliance program.\nBuild and operationalize a Data Governance Framework: data classification, data lineage, consent management, and retention/deletion controls.\nOversee privacy impact assessments (PIAs / DPIAs) for all new digital initiatives, product launches, and cross-border data transfers.\nManage data breach notification obligations, including regulatory reporting timelines under DPDP and buyer data security agreements.\n\n4. Cybersecurity Operations & Technology\nArchitect and oversee the organization’s cybersecurity technology stack: SIEM, SOC (in-house or managed), endpoint protection (EDR), email security, DLP, and identity/access management (IAM / MFA).\nLead vulnerability management, penetration testing programs, and patch management lifecycle across IT and OT environments (factory floor systems, PLCs, SCADA, OT, IOT wherever applicable).\nManage Security Operations Centre (SOC) activities, incident detection, response playbooks, and post-incident reviews.\nOversee cloud security posture management (CSPM) for AWS / Azure / OCI / other workloads covering ERP, e-commerce, Software platforms.\n\n5.

Business Continuity & Incident Response\nOwn the organization’s Business Continuity Plan (BCP) and IT Disaster Recovery Plan (DRP); lead annual DR drills and tabletop exercises.\nDefine and enforce RTO / RPO targets for all critical business systems; ensure tested backup and failover capabilities.\nAct as the Incident Commander for high-severity cybersecurity incidents; coordinate legal, communications, and operational response.\n\n6. Awareness, Culture & Stakeholder Management\nDesign and deliver a company-wide security awareness and training program tailored to factory-floor workers, supervisors, and corporate staff.\nChampion a security-by-design culture within IT, digital product teams etc\nCoordinate with external auditors, certification bodies, buyer security teams, and regulators for audits, assessments, and certifications.\nRepresent the organization in industry forums, buyer security councils, and regulatory consultations.\nQUALIFICATIONS & CERTIFICATIONS\nEducational Background\nBachelor’s degree in computer science, Information Technology, Electronics, or related engineering discipline (mandatory).\nMaster's degree / MBA in Information Security, Technology Management, or a related field (preferred).\n\nMandatory Certifications (at least 2 of the following)\nCISSP – Certified Information Systems Security Professional\nCISM – Certified Information Security Manager (ISACA)\nISO/IEC 27001 Lead Implementer or Lead Auditor\nCDPSE – Certified Data Privacy Solutions Engineer (ISACA)\nCIPP/E or CIPP/A – IAPP Certified Information Privacy Professional\n\nPreferred / Value-Added Certifications\nCEH – Certified Ethical Hacker\nCCSP – Certified Cloud Security Professional\nPMP / PRINCE2 for program management capability\nISO 22301 Lead Implementer (Business Continuity)\nEXPERIENCE REQUIREMENTS\nCompetency Area\nWhat We Are Looking For\nCISO / Head InfoSec Experience\nMinimum 5 years in InfoSec leadership role in a mid-to-large organization with revenue >₹2000 Cr with employee strength >3,000.\nISMS Implementation\nDemonstrable end-to-end experience in designing, implementing, and achieving ISO/IEC 27001 certification for a multi-site organisation. Familiarity with ISO 27002 controls, NIST CSF, and SOC 2 Type II is advantageous.\nData Privacy\nHands-on experience with DPDP Act 2023 or GDPR compliance program management; experience with consent frameworks, DPIA methodology, and data subject rights management.\nManufacturing / OT Security\nUnderstanding of IT-OT convergence security risks in a factory setting; experience securing industrial control systems, IoT devices, or shop-floor networks (desirable).\nCloud Security\nExperience securing cloud environments (AWS/Azure/GCP); hands-on with CSPM tools, IAM governance, and cloud-native security services.\nVendor & Supply Chain Risk\nTrack record of managing InfoSec in organizations with extensive third-party ecosystems including logistics, sub-contractors, and offshore partners.\nStakeholder Engagement\nBoard-level communication skills; experience presenting risk metrics, investment cases, and security posture to C-suite and board directors.\nIndustry Background\nPreference for candidates from apparel, textile, retail, Fashion, FMCG, or manufacturing sectors.\nBFSI / IT sector candidates with manufacturing client exposure also considered.\nTECHNICAL & FUNCTIONAL SKILLS\nSecurity Technologies\nSIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel etc)\nEDR / XDR solutions (CrowdStrike, SentinelOne, Microsoft Defender, Trend Micro)\nDLP tools (Symantec, Forcepoint, Microsoft Purview)\nIAM / PAM solutions (CyberArk, SailPoint, Azure AD)\nVulnerability scanners (Qualys, Nessus, Rapid7)\n\nGovernance & Risk Frameworks\nISO/IEC 27001:2022, ISO 27005 (Risk Management), ISO 22301\nNIST Cybersecurity Framework (CSF), NIST SP 800-53\nGDPR, DPDP Act 2023, IT Act 2000, MeitY Guidelines\nCIS Controls, OWASP Top 10\n\nSoft Skills & Leadership\nExceptional written and oral communication in English and Tamil (Hindi advantageous).\nStrategic thinking with the ability to balance security rigor against operational pragmatism.\nStrong negotiation and vendor management skills.\nTeam builder: ability to attract, develop, and retain InfoSec talent in a Tier-2 city context.\nHigh integrity and ethical standards; comfortable handling sensitive IP and personal data.\nOpportunity to build a function from the ground up in a rapidly digitizing organization.\n\nWork Schedule: 6 Days Working (Monday – Saturday)\nTimings: 9:00 AM to 6:00 PM\nMode: Work From Office (WFO )\n\nInterested candidates kindly share your updated resume to

Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.