Prachi Bhide, CISSP, CISA

Security Compliance Program Lead & Chief of Staff at Zscaler | Experienced First Line BISO / CISO / Second Line Technology Risk

New York, New York, United States

About

* Strategic thinking, creative, passionate and results-focused leader in Security & Risk Management, Product Management and Compliance with 19+ years of experience in highly visible, critical roles across all 3 lines of defense in Tech, Financial Services and Consulting * Presenter at premier Cybersecurity, GRC, CISO, CIO, CDAO conferences * “Get it done” attitude, empathetic leadership, teamwork and ability to motivate and bring along others * Dot-connector, driving influential partnerships with diverse stakeholders to build global programs across security, governance, risk and regulatory compliance * Lead agile high priority cross-functional programs in fast-paced environments to deliver products and services that are secure, auditable and compliant by design, balancing product usability, scalability and performance while specifically reducing compliance ‘toil’ and increasing developer velocity. * Holistically blend technology and business knowledge to tailor technical and non-technical content for successful outcomes * Articulate and influential in C-suite messaging, and negotiation with auditors and regulators * Expert in leveraging automation and AI to design robust GRC, Continuous Control Monitoring and Automated Observability solutions * Drive new technology adoption and transformation initiatives * Not afraid to challenge the status quo and make influential decisions in an ever-changing landscape * Effectively lead global cross-functional teams with 100+ people across multiple time-zones * Top industry certifications: — Certified Information Systems Security Professional (CISSP) — Certified Information Systems Auditor (CISA) — ISO/IEC 27001 Lead Auditor Specialties: Risk Management, IT Audit, Security, Identity & Access Management, Vendor Risk/TPRM, Cybersecurity, Consumer Protection, Cloud Compliance, Data Analytics, Privacy, Regulatory Compliance, IT Product Delivery, Agile, Risk Metrics, Risk & Control Assessments, AI Governance, Security Policies, Data Residency, Resiliency, OKR Tracking, Launch Readiness. IT Controls Design/Implementation/Governance/Testing, BCP/DR planning, Federal Compliance -System Security Plans Regulatory Compliance and Frameworks: ND4C, DSA, DMA, HIPAA, SOX, GDPR, SOC 1/2, DORA, AML/Anti-Bribery OCC, FFIEC, FRB, NYS DFS, Basel/BCBS, BaFin, ECB ISO 27001, COBIT, COSO, NIST 800-53, NIST RMF ITIL Technology and Products: ServiceNow, Salesforce, Archer, Oracle 10g, SQL, VB, C++, UML, Markdown, ArcSight, Symantec CCS, Agile, Jira, Confluence, Taskflow, Figma, CI/CD, Advanced MS tools (Excel, Project, PowerPoint),

Experience

  • Security Compliance Program Lead & Chief of Staff at Zscaler
    Mar 2026 - Present · 5 mos

    Reporting to the VP of Global Security Compliance, lead and execute global security compliance programs, driving cross-functional alignment with strategic objectives. Track program progress and KPIs and manage program budgets and resources. Ensure effective stakeholder engagement and be high-trust partner to enable organizations worldwide to harness speed and agility with a cloud-first strategy.

  • Google (3 yrs 10 mos)
    • Program & Strategy Lead - Regional Risk & Compliance, Google Cloud
      Feb 2025 - Mar 2026 · 1 yr 2 mos

    • Senior Program Manager (Consumer Protection Compliance Lead)
      Apr 2024 - Feb 2025 · 11 mos

    • Program Manager - Consumer Protection, Content, Competition, Privacy & Security
      Jun 2022 - Apr 2024 · 1 yr 11 mos

  • Deutsche Bank ()
    • Product Manager - Data Operations and Controls Manager
      Feb 2018 - May 2022 · 4 yrs 4 mos

      Outstanding Performance Award (2019-2020) Reporting to the Chief Data Officer, build the Corporate Bank Data Factory and Enterprise Data Catalog using agile: • Develop and implement a global cross-product Data Factory initiative focused on leveraging data as a strategic asset for the digital transformation and enhancement of the Corporate Bank business with a client-centric and use-case driven approach for analytics data democratization. • Build a CI/CD DevOps pipeline using agile SDLC: oversee go-live operational readiness. • Design controls for Hadoop/Fabric CI/CD with Spark/Hive for resiliency, GDPR & cross-border data compliance. • Develop an Enterprise Data Catalog portal with advanced search capability and automated workflows for analytics data access based on metadata attributes and compliance with privacy and cross-border data policies/regulations. • Develop an operations and controls strategy for the Data Factory, aligned to the bank's risk framework and focused on data security and privacy, availability and resiliency, governance, regulatory compliance, cross-border access, and cloud security. • Develop guidance documentation for analytics users • Advise Data Analytics implementation teams and Product Managers on data quality controls, data sharing and data access requirements for the solutions they build. • Chair the Data Risk & Control Forum to govern data quality and residency rules. Lead agile delivery and launch readiness of Digital Cash products: Oversee design, testing, release and socialization: • Lead agile delivery for a digital wallet AML/Fraud risk transaction monitoring solution with Fabric infrastructure and REST API. • Liaise with vendor solution partners and engineering teams on security and compliance requirements, control implementation and proactive remediation of risks and control gaps. • Develop a pre-screening guide for partner & vendor selection and proactive vendor risk management compliance.

    • Americas Divisional Business Information Security Officer (D-BISO)
      Dec 2014 - Jun 2018 · 3 yrs 7 mos

      Outstanding Performance Award (2016-2017) Bank’s first D-BISO, reporting to C-suite. Responsible for overseeing the information security risk management function for a portfolio of 100+Global Transaction Banking (GTB) and Corporate and Investment Banking (CIB) applications. Achieve 20% cost-reduction by centralizing security operations and enhancing compliance liaising with privacy, cybersecurity, product, technology and compliance functions. • Security, Privacy, Risk Lead: Advise on vulnerability & incident management, third-party risk, fraud/AML/anti-bribery, cybersecurity, data access, BCP/DR covering CCAR, Basel, GDPR, FFIEC, BaFin, ECB, NYSDFS-500 and NIST, ISO 27001, COBIT, PCI, COSO frameworks. Present metrics at Risk Councils. Provide audit reporting to the board. • Represent the security risk function at the Americas Region Risk Council. • Business point of contact for escalation and reporting of security incidents and associated remediation. • Ensure the enforcement of data protection and data privacy principles as per applicable policies and procedures. • Design and Implement Identity and Access management processes and oversee periodic access rights recertification. • Drive product enhancements for encryption, multi-factor authentication, role-based access, DLP, data protection, etc. • Conduct risk & control assessments, facilitate audits/regulatory exams and provide audit/exam report summary. • Security and IT risk advisor for the business in implementing new solutions and technology enhancement initiatives: Approve security solutions and new product launches. • Audit facilitation: Present control narratives and address client/vendor queries.

  • Assistant Vice President at Commerzbank AG
    Jan 2014 - Dec 2014 · 1 yr

    CIO's Appreciation Award (2014) IT Audit and Information Security Liaison for the NY branch for the bank. – Design the bank’s IT controls framework and perform regular Controls Assessments. – Coordinate IT Audit and IT Security tasks across various groups within the NY branch. – Ensure compliance with internal, external and regulatory IT Audit requirements and conformance to Commerzbank AG global and regional IT policies/procedures as well as federal and industry regulatory requirements. – Provide Audit status reporting (managing audit requests and remediation activities) and Operational Risk reporting. – Oversee the implementation of SIEM and GRC tools. – Provide guidance in implementing IT governance processes and compliance strategy. – Collaborate with infrastructure, user administration, application development/support, information security and BCP/DR teams to provide proactive guidance in implementing best practice solutions that meet the bank's control requirements, ensuring segregation of duties and effectively addressing control weaknesses and audit issues.

  • Senior Consultant - Technology Risk (Security and Privacy) at Deloitte
    Oct 2011 - Dec 2013 · 2 yrs 3 mos

    Outstanding Performance Award (2012) Applause Award (2013) – Program Governance: Provide governance framework to enhance the Supplier Risk Management program for a large bank in NYC. Launch 30+ key projects for Supplier Governance, Risk Tiering, Reporting and Business Continuity. – Program and Project Management: Manage resources and lead projects with challenging budgets and timelines. Develop program management artifacts and manage executive reporting. – Risk Management: Build a risk-based quantitative tiering model for suppliers of a global banking client. Define risk categories aligned to the bank's risk management practices and to the OCC and FFIEC guidelines. Define processes for risk tolerance and mitigation. Oversee executive responses to regulators. – System Security Planning: Define security requirements and design operational, technical and management controls for a State Integrated Eligibility System for managing health coverage and benefits.