Ramraj Cotton
Website:
ramrajcotton.in
Job details:
Position : Head – Information Security
Location: Tirupur, Tamil Nadu (with travel to pan-India sites)
As we accelerate our digital transformation, spanning ERP modernization, Industry 4.0 integration, and e-commerce expansion, we are building a highly resilient Info Sec function to safeguard our Information assets, data, and brand reputation.
ROLE OVERVIEW
The Head – Information Security will devise and implement information security practices, initiatives, governance, and compliances including data privacy. This is a pivotal role reporting to Group CITO with a mandate to continuously mature a resilient Information Security Management System (ISMS) aligned to ISO/IEC 27001, applicable Indian regulations, and data protection frameworks.
The incumbent will own the cybersecurity posture across all manufacturing plants, corporate office, Warehouses, Retail stores, Digital infrastructure, and supply chain partner interfaces, ensuring business continuity and regulatory trust.
POSITION
Job Title : Head – Information Security
Function: Information Security
Location : Tirupur, Tamil Nadu (with travel to pan-India sites)
Reporting To : Group CITO
Team Size : 6 –10 direct and indirect reports
Experience : 15+ years overall; minimum 3+ years as Head - InfoSec
Industry Preference : Apparel, Textile, Fashion, Retail, FMCG, Manufacturing etc
KEY RESPONSIBILITIES
1. Information Security Goals & Governance
- Define and own the enterprise-wide Information Security Goals, roadmap, and budget aligned with business objectives and risk appetite.
- Establish and lead the Information Security Steering Committee, present security posture updates to the management on quarterly basis.
- Develop, publish, and enforce the organization’s suite of Information Security policies, standards, and procedures.
- Lead the design and certification of the ISMS in accordance with ISO/IEC 27001:2022
- Devise and implement Data Privacy program in the company.
2. Risk Management & Compliance
- Drive enterprise-level Information Security Risk Assessment (ISRA) and maintain a living risk register with defined treatment plans.
- Ensure compliance with applicable Indian regulations including IT Act 2000, DPDP Act 2023, RBI cybersecurity guidelines (where applicable), and sector-specific directives from MeitY.
- Oversee third-party and supply chain security risk assessments; enforce contractual data security obligations with vendors and logistics partners.
3. Data Privacy & Protection
- Serve as the functional lead and implement Digital Personal Data Protection (DPDP) Act 2023 compliance program.
- Build and operationalize a Data Governance Framework: data classification, data lineage, consent management, and retention/deletion controls.
- Oversee privacy impact assessments (PIAs / DPIAs) for all new digital initiatives, product launches, and cross-border data transfers.
- Manage data breach notification obligations, including regulatory reporting timelines under DPDP and buyer data security agreements.
4. Cybersecurity Operations & Technology
- Architect and oversee the organization’s cybersecurity technology stack: SIEM, SOC (in-house or managed), endpoint protection (EDR), email security, DLP, and identity/access management (IAM / MFA).
- Lead vulnerability management, penetration testing programs, and patch management lifecycle across IT and OT environments (factory floor systems, PLCs, SCADA, OT, IOT wherever applicable).
- Manage Security Operations Centre (SOC) activities, incident detection, response playbooks, and post-incident reviews.
- Oversee cloud security posture management (CSPM) for AWS / Azure / OCI / other workloads covering ERP, e-commerce, Software platforms.
5. Business Continuity & Incident Response
- Own the organization’s Business Continuity Plan (BCP) and IT Disaster Recovery Plan (DRP); lead annual DR drills and tabletop exercises.
- Define and enforce RTO / RPO targets for all critical business systems; ensure tested backup and failover capabilities.
- Act as the Incident Commander for high-severity cybersecurity incidents; coordinate legal, communications, and operational response.
6. Awareness, Culture & Stakeholder Management
- Design and deliver a company-wide security awareness and training program tailored to factory-floor workers, supervisors, and corporate staff.
- Champion a security-by-design culture within IT, digital product teams etc
- Coordinate with external auditors, certification bodies, buyer security teams, and regulators for audits, assessments, and certifications.
- Represent the organization in industry forums, buyer security councils, and regulatory consultations.
QUALIFICATIONS & CERTIFICATIONS
Educational Background
- Bachelor’s degree in computer science, Information Technology, Electronics, or related engineering discipline (mandatory).
- Master's degree / MBA in Information Security, Technology Management, or a related field (preferred).
Mandatory Certifications (at least 2 of the following)
- CISSP – Certified Information Systems Security Professional
- CISM – Certified Information Security Manager (ISACA)
- ISO/IEC 27001 Lead Implementer or Lead Auditor
- CDPSE – Certified Data Privacy Solutions Engineer (ISACA)
- CIPP/E or CIPP/A – IAPP Certified Information Privacy Professional
Preferred / Value-Added Certifications
- CEH – Certified Ethical Hacker
- CCSP – Certified Cloud Security Professional
- PMP / PRINCE2 for program management capability
- ISO 22301 Lead Implementer (Business Continuity)
EXPERIENCE REQUIREMENTS
Competency Area
What We Are Looking For
CISO / Head InfoSec Experience
Minimum 5 years in InfoSec leadership role in a mid-to-large organization with revenue >₹2000 Cr with employee strength >3,000.
ISMS Implementation
Demonstrable end-to-end experience in designing, implementing, and achieving ISO/IEC 27001 certification for a multi-site organisation. Familiarity with ISO 27002 controls, NIST CSF, and SOC 2 Type II is advantageous.
Data Privacy
Hands-on experience with DPDP Act 2023 or GDPR compliance program management; experience with consent frameworks, DPIA methodology, and data subject rights management.
Manufacturing / OT Security
Understanding of IT-OT convergence security risks in a factory setting; experience securing industrial control systems, IoT devices, or shop-floor networks (desirable).
Cloud Security
Experience securing cloud environments (AWS/Azure/GCP); hands-on with CSPM tools, IAM governance, and cloud-native security services.
Vendor & Supply Chain Risk
Track record of managing InfoSec in organizations with extensive third-party ecosystems including logistics, sub-contractors, and offshore partners.
Stakeholder Engagement
Board-level communication skills; experience presenting risk metrics, investment cases, and security posture to C-suite and board directors.
Industry Background
Preference for candidates from apparel, textile, retail, Fashion, FMCG, or manufacturing sectors.
BFSI / IT sector candidates with manufacturing client exposure also considered.
TECHNICAL & FUNCTIONAL SKILLS
Security Technologies
- SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel etc)
- EDR / XDR solutions (CrowdStrike, SentinelOne, Microsoft Defender, Trend Micro)
- DLP tools (Symantec, Forcepoint, Microsoft Purview)
- IAM / PAM solutions (CyberArk, SailPoint, Azure AD)
- Vulnerability scanners (Qualys, Nessus, Rapid7)
Governance & Risk Frameworks
- ISO/IEC 27001:2022, ISO 27005 (Risk Management), ISO 22301
- NIST Cybersecurity Framework (CSF), NIST SP 800-53
- GDPR, DPDP Act 2023, IT Act 2000, MeitY Guidelines
- CIS Controls, OWASP Top 10
Soft Skills & Leadership
- Exceptional written and oral communication in English and Tamil (Hindi advantageous).
- Strategic thinking with the ability to balance security rigor against operational pragmatism.
- Strong negotiation and vendor management skills.
- Team builder: ability to attract, develop, and retain InfoSec talent in a Tier-2 city context.
- High integrity and ethical standards; comfortable handling sensitive IP and personal data.
- Opportunity to build a function from the ground up in a rapidly digitizing organization.
Interested candidates kindly share your updated resume to Jobs@ramrajcotton.net
Click on Apply to know more.