Dec 2023 – Sep 2025 · 1 yr 9 mos

• Proven cybersecurity leader responsible for driving the end-to-end Information Security Strategy across Disney’s APAC/EMEA businesses, including DisneyStar, Disney+Hotstar Streaming, Disney Parks, and Disney Studios. Spearheaded enterprise-wide Security Operations (SOC), Third-Party Risk Management (TPRM), Incident Response, and Regulatory Compliance (ISO 27001, PCI DSS, SOC 2 Type II, GDPR, CCPA, AWS & customer audits).
• Key Highlights:
• Directed TWDC's global cybersecurity program, collaborating with CIOs and business heads to align security strategy with corporate objectives and digital transformation.
• Led high-impact SOC and TPRM programs, overseeing 24x7 monitoring, threat intelligence, red-teaming, and vendor risk management for hundreds of critical partners.
• Built and matured the organization’s cybersecurity governance framework—chaired the Information Security Advisory Council and established strategic security priorities across business lines.
• Ensured enterprise-wide compliance and audit readiness, leading successful internal/external audits and certifying Disney's digital footprint against industry and regulatory standards.
• Developed and enforced risk-based security policies, integrating security-by-design principles into DevSecOps and cloud-native environments.
• Partnered with Internal Audit, Legal, and Data Privacy teams to conduct risk assessments, breach simulations, and mitigation planning across geographies.
• Designed and executed security awareness and training programs to promote a risk-aware culture among employees and executives.
• Evaluated emerging technologies and led secure implementation processes for cloud, SaaS, and mobile platforms.
• Managed multi-million-dollar security budgets, prioritized strategic investments, and delivered measurable ROI in threat reduction and operational efficiency.

Jan 2021 – Apr 2024 · 3 yrs 3 mos

• Defined and executed enterprise-wide cybersecurity strategy, aligning it with evolving business priorities and enterprise risk appetite across global operations.
• Led 10+ major IT security transformation projects, including Data Center Protection, SOC implementation, VPN rollout.
• Integrated Generative AI into Disney SOC, automating threat triage and reducing incident response time by 40%, while embedding auditability and model safety protocols.
• Directed a cross-functional team of 200+ professionals across network security, application security, and data protection—spanning infrastructure, cloud, and software development functions.
• Implemented end-to-end risk management programs, driving continuous risk assessments, threat modeling, and vulnerability scanning that reduced potential exposure by 30%.
• Achieved 35% cost optimization by migrating on-prem systems to the cloud while strengthening compliance with GDPR, CCPA, and ISO 27001 frameworks.
• Managed an IT and Cybersecurity budget of ₹200+ Crores, ensuring cost-effective delivery of projects, system upgrades, and continuous infrastructure improvements.
• Led secure GenAI implementation, establishing enterprise-wide governance for LLM (Large Language Models), including PII handling, prompt injection protection, and access control policies.
• Built AI/ML Security Governance Framework in alignment with NIST AI RMF and ISO/IEC 42001, enabling safe adoption of tools like ChatGPT, CoPilot, and Azure OpenAI within business-critical workflows.
• Deployed Azure Purview + Microsoft Defender + Cloud Apps integration to enforce GenAI data governance, usage tracking, and DLP compliance.
• Championed DevSecOps adoption, embedding security into CI/CD pipelines, secure coding practices, and automated application security testing across the SDLC.
• Implemented Akamai WAF and bot protection controls to defend critical applications against OWASP Top 10 threats, DDoS attacks, and credential stuffing campaigns.

Apr 2021 – Present · 4 yrs 11 mos · India

• Forbes Technology Council Is An Invitation-Only Organization For Senior-Level Technology Executives. Members are respected tech leaders and executives — CEOs, CIOs, CTOs, and others — selected for the council based on their deep knowledge and diverse experience in the industry..

Apr 2018 – Jan 2021 · 2 yrs 9 mos · Noida Area, India

Apr 2016 – Jan 2021 · 4 yrs 9 mos · Noida Area, India

• Responsible for the strategic leadership of the Info Edge(India)'s information security program.
• Provide guidance and counsel to the CTO/CFO and key members of the Business leadership team, working closely with senior administration, business leaders, and the developer community in defining objectives for information security, while building relationships and goodwill.
• Work with campus leadership to oversee the formation and operations of a company wide information security organization that is organized toward a common goal in information security.
• Manage company-wide information security governance processes, chair the Information Security Advisory Committee and lead Information Security Liaisons in the establishment of an information security program and project priorities.
• Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire company in support of development, research, and administrative information systems and technology.
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the Company's information and technology systems.
• Work with Internal Audit, Finance controller, Legal and outside consultants as appropriate on required security assessments and audits.
• Work with company leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the company to effectively address state and Country statutory and regulatory requirements.
• Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ISO27001,IT Act 2000

Jul 2013 – Apr 2016 · 2 yrs 9 mos · Gurgaon, India

• To manage and provide effective leadership to the security team of 5 resources and ensure that:
• Resources are appropriately and efficiently allocated to key areas of work and that priorities are always covered adequately
• All training needs are identified and processed promptly and are undertaken at the appropriate time
• Performance Agreements, interim and main reviews are undertaken within the set timescale
• All requests for annual and flexi leave are managed and controlled, ensuring that there is adequate cover to maintain services at all times
• Performance and attendance issues are addressed at the correct time, in accordance with The Organization policies and procedures
• To maintain the Security Operations Manual up to date for use by all on site security personnel to cover duties, individual instructions for each post; attendance; use of security equipment; dress standard; training etc.
• Budget:
• Assist the CISO in drawing up the annual security departmental budget and participate in the Financial Services monthly/quarterly reviews on budget performance.
• Effectively manage and control the security budget and provide accurate information to the CISO
• When required Prepare business cases in support of large expenditure when required
• Security Breaches & Investigation:
• Act as focal point for any investigations involving security; to prepare reports and Note follow up action.
• Report any significant security breaches to the CISO and Director Operations and
• Disaster Recovery:
• Participate in the role of Incident Manager during any incidents and emergencies.
• Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date
• Be on call on a 24 hours x 7 days basis for any emergencies
• Undertake the security lead role in the Major Incident Team

Jul 2013 – Jun 2014 · 11 mos · Gurgaon, India

• Write corporate information security policy
• Conduct risk assessments
• Write threat models
• Revew new technology and recommend secure implementations

Mar 2010 – Jul 2013 · 3 yrs 4 mos

• Prepared business case for (PGP,Checkpoint,Safeend,Safeboot),Vulnerability Assessment tool (Qualys, Foundstone, Retina, Nessus), Anti Trojan and Phishing comprising of threat scenarios, solution detail and its advantages.
• Effectively evaluated Vulnerability Assessment tool and Full Disk Encryption solution against comprehensive security checklist and also carried out the detailed POC with all leading vendors.
• Played a lead role in achieving ISO 27001 certification for Religare Technologies and also carried out the penetration testing for the Internet facing infrastructure.
• Prepared effective business cases for Application Penetration testing tools (Appscan,Webinspect,Burp Suite) based against comprehensive evaluation checklist.
• Head the Security Operation Center (SOC) team of 18 resources and responsibility includes Security incident management, Incident Response, Escalation, Troubleshooting, Dashboard publishing, FTP, Domain and Non-Domain, Open internet tracking, Websense Url filtering, firewall management, IDS/IPS management.
• Head the Application security responsibility, which includes application vulnerability identification, based on OWASP Top 10 vulnerability, exploitation of the vulnerability and remediation.

Jul 2009 – Mar 2010 · 8 mos

• Information Systems Audit process
• Information Security Management
• Technology Risk Management
• IT Governance – Policies and Standards
• PCI DSS Audit and Compliance
• Privacy & SOX

Aug 2007 – Jul 2009 · 1 yr 11 mos

• Tapped to provide full firewall security solution engineering, enterprise risk assessing and support for both internal and external customers. Also routinely provided on-call third level troubleshooting for firewall, VPN, network devices, and all applications utilized across secured connections. As Team Technical lead, tasked with reviewing/approving solutions from other engineers on team and security engineering of high profile/high-risk solutions requiring unique attention. Performed security audits and ‘phased lockdowns’ of legacy ‘open’ perimeter customer network connections.

Nov 2005 – Aug 2007 · 1 yr 9 mos

• Risk and Control Assessment: To do the risk assessment of the information assets of the organization. We recommend controls in light of the value vs. threat vs. vulnerability vs. cost.
• Threat and Vulnerability Management: We are responsible to conduct periodic vulnerability assessment of the assets of the company. Further we are expected to analyze the logs of the various systems for initiating preventive measures.
• Identity and Access Management: Ensure that process exist in the organization for the creation, modification, access privileges and deletion of User ID. Conduct review to assess that the access privileges are on the basis of need to know.
• Apply proven, high level security management and analysis to enforce compliance with information security laws, rules and regulations
• Reduce security vulnerabilities, monitor, investigate and reports non compliance to the Customer.
• Prepare audit procedures and conduct security audits.

Jan 2005 – Jan 2007 · 2 yrs

• Information Security Management
• Technology Risk Management
• IT Governance – Policies and Standards
• PCI DSS Audit and Compliance
• Privacy & SOX