Mumbai, Maharashtra, India
As a cybersecurity professional with over 28 years of experience, I specialize in strategic planning and execution, incident response, and business resilience in information security management, business development, and delivery. With CCISO, CISA and CISM certifications, I have led Security Operation Centers (SOCs), managed Incident Response Teams, and specialized in Data Loss Prevention (DLP) within SOC environments. My expertise extends to conducting audits, including GDPR and CIS benchmarks. My strengths lie in teamwork, problem-solving, and analytics, and I am eager to apply my expertise in a supportive role further. I hold certifications in CCISO, CISA, CISM, CEH, AWS Security, GCP Security, and Azure Security, reflecting my strong foundation in cybersecurity and data privacy. As an experienced leader, I have a proven track record of managing regulatory compliance and cybersecurity governance. My skills encompass ISO 27001, data privacy, cloud security, enterprise risk assessments, Swift, PCI, cyber risk automation, third-party security audits, IT security audits, the NIST cybersecurity framework, ISO 20000, ISO 22301, and project management. I excel in initiating large-scale discussions on data privacy, digital transformation, IT strategy, program management, vulnerability assessment and penetration testing, spear phishing, cloud security, data center security, SIEM, network security, and project risk reviews. I am accomplished in formulating strategies and governance mechanisms for monitoring and addressing cyber risks effectively. Additionally, I built the Cyber GCC channel for LTIMindtree and Grant Thornton, focusing on SOC as a service and targeting financial services. My key focus includes working with large financial institutions, such as public and private sector banks, mutual fund houses, and insurance companies.
• Global Delivery Cyber Security Practice Director. • Lead and oversee Cyber Defence Platforms, AI Security, SOC, SIEM, Threat Defence, Threat Intelligence, Threat Hunting, Digital Forensics, and Incident Response. • Lead strategic and operational initiatives to protect enterprise assets and data. • Protect the safety and security of the client's people, assets, business, and reputation worldwide. • Collaborate with cross-functional teams to assess risk, develop policies, and drive a culture of security awareness across the organisation. • Manage the P&L across the Global Cyber Security Delivery Practice. • Build and mentor a high-performing team of cybersecurity architects, SOC engineers, and analysts. • Serve as a trusted advisor to CXOs and Boards on enterprise-wide cybersecurity strategy. • Lead large-scale transformation projects from proposal to execution, delivering measurable risk reduction and ROI.
• Lead Cyber Security & IT Risk Global Delivery. Reporting to Partner. • Expansion of Cyber Global Delivery. • Formulating a strategy and governance mechanism to monitor and take informed action on pertinent cyber risks. • Defining and prioritizing what to secure and when, maintaining regulatory and global compliance to ensure secure business operations. • Protecting the safety and security of clients' people, assets, business, and reputation globally as part of a small, agile, and diverse team. • Establishing and managing company resilience plans and procedures, effective communication, and training. • Facilitating and participating in the development of security and cross-functional programs (e.g., travel, meetings, IT, HR, administrative functions). • Assuring boards on security measures and updates to threat vectors via threat intelligence. • Ensuring effective security operations and a holistic cyber resiliency plan encompassing crisis and disaster management. • Optimizing strategic outsourcing models to achieve scale, growth, and profitability for clients. • Training and mentoring the IT Audit team on ITGC, SOX, SOC 2, and TPRM frameworks. • Overseeing the planning, execution, and delivery of projects, ensuring they meet objectives and timelines. • Identifying, developing, and implementing SOP guidelines, standard practices, and process improvements.
• Reported to the Global CISO - Aviva UK • Led as Asia Virtual CISO of Aviva UK - Infrastructure Lead for the Insurance Divestment Project, extensively interacting with the team and overseeing divestment across Asia. • Oversaw Offshore Development Center Operations Security and COE - Toronto Pearson Airport, reporting to the Global Delivery Head, and managed IT security for International Airport domains, including endpoint security, network security, privileged access management, incident response, and cyber intelligence. • Led the End User Management, Endpoint Security, Compliance, Excellence, and Issues team for India's leading private sector bank - HDFC Bank. • Provided post-implementation support and live fixes-related activities. • Conducted IT audits using frameworks such as ITGC, SOC 2, GDPR, NIST RMF, ICAO, ISA/IEC 62443, and Data Privacy for all clients. • Built a practice delivery portfolio for cybersecurity, creating strong value propositions for clients across the value chain. • Delivered services within specified schedules, quality, and cost parameters; managed variances through risk and change management. • Contributed to new development and improvements of existing applications. • Interacted with Client Engagement Managers, Delivery Managers from Wipro, and client-side CXOs. • Responsible for planning and delivering quality compliance, resource utilization, and customer satisfaction. • Delivered development and implementation projects. • Delivered solutions and responses to new opportunities and large opportunities from existing accounts. • Built and maintained relationships with Customer Project Managers and key stakeholders within accounts, ensuring customer satisfaction. • Managed people processes within the vertical, including employee attrition rates, development, and engagement.
PAN INDIA Biggest Private Banking Project (HDFC Bank) • Heading Cyber Security, New Technology and Problem Management Team. • Overlook the End User Computing, Endpoint Security, and Compliance. • Involvement in new development/enhancements to the existing application. • Involved in post-implementation support and Live Fixes related activities. • Ensure smooth execution of both Development/Deployment Projects. • Extensive interaction with the Client (both Business & Client IT) and other teams regularly. • Plans tasks, directs and supports resources, and monitors and tracks progress for projects or a defined portion of a project. • IT Audit - work on Frameworks ITGC, ISO 27001, PCI DSS, SOC 1 & 2 • Ensure the assigned deliverables are created within the constraints of the specified schedule, quality, and cost parameters. • Manages variances through risk and/or change control.
• Utilized technical and business capabilities to secure all IT protocols and data transactions, focusing on organizational activities and risks, audits, incidents, lifecycle, and operations security. • Managed various processes for cybersecurity and compliance for TOTAL (Oil and Petroleum Giant). • Implemented ITIL best practices for the Security Operations Center (SOC). • Handled Incident Management, Problem Management, Change Management, and Service Request Management for cybersecurity. • Managed the Cyber Incident Response team. • Assisted in driving major cybersecurity incidents and defining the cybersecurity incident response process. • Supported various project alignments.
• Implemented security controls in software solutions and designed security architectures according to agreed specifications for Vodafone India. • Gathered and analyzed customer requirements independently, interpreting them under guidance. • Worked independently on multi-vendor security technologies. • Analyzed gaps in security infrastructure. • Designed, implemented, and supported security products for various clients. • Ensured client security standards and processes were met, including IT risk assessment methodology and security architecture approval. • Demonstrated knowledge of industry best practices and market trends related to network security products and services.