Jul 2023 – Aug 2025 · 2 yrs 1 mo · Bengaluru, Karnataka, India · Hybrid

• Lead the Cyber GRC charter for Flipkart (A Walmart company) and its subsidiaries - Myntra, Cleartrip, Yaantra, ANS Commerce, Supermoney and Flipkart Commerce Cloud.
• Key Responsibilities:
• Security GRC Strategy
• Security Governance, Policy & Standards Management
• Information Security Compliance
• Third Party Risk Management
• GRC Tooling & Process Integration
• Information Security Risk Assessments & Reporting
• Risk Register Management
• Risk Treatment, Issue & Exception Management
• M&A Security Due Diligence
• Security Awareness and Training

Jul 2023 – Aug 2025 · 2 yrs 1 mo · Bengaluru, Karnataka, India · Hybrid

• Leading Infosec for FK group entities - eKart, F1, Jeeves and FK Re-commerce (Yaantra)

Mar 2021 – Jun 2023 · 2 yrs 3 mos · Bengaluru, Karnataka, India

• Heading Cyber GRC, Third Party Risk Management (TPRM) and Data Protection / Insider Risk for Myntra (A Walmart company). Also, lead Information Security for Ekart Logistics.
• Overall Accountability for:
• Security GRC Strategy
• Security Governance, Policy & Standards Management
• GRC Tooling & Process Integration
• Information Security Risk Assessments & Reporting
• Risk Register Management
• Risk Treatment, Issue & Exception Management
• Third-Party Risk Management
• M&A Security Due Diligence
• Security Awareness and Training
• External Security Audit / Compliance
• Internal Security Controls Assessment & Management
• Data Protection Tooling and Enablement
• Insider Threat Incident Management and Investigations

Sep 2012 – Feb 2021 · 8 yrs 5 mos · Toronto, Ontario, Canada / Bangalore

• As an Experienced Manager, led multiple engagements in the following areas while working in EY India and Canada. Clients included companies in the E-commerce, Consumer Goods, Technology, Manufacturing, Pharma and BFSI space:
• NIST Assessments and Development of Cybersecurity Roadmaps
• ISO 27001 Implementations / Readiness Assessments
• Third Party Security Assessments
• Drafting of Security Policies, Procedures and Hardening Standards
• Third Party Assurance (SOC 2 / 1)
• GRC Tool Implementations
• Data Protection Strategy Development
• GDPR Assessments
• Security Program Management
• Network Architecture Reviews
• Internal / External IT Audit

Apr 2010 – Aug 2012 · 2 yrs 4 mos · Mumbai Area, India

• Risk Advisory Services
• Service Delivery (Key Projects) :
• PCI DSS Implementation for a marine travel company
• PCI DSS Gap Analysis for a leading web hosting company
• Application Data Flow Analysis for one of India’s leading private banks
• Data Protection (DLP / DRM / DAM) Vendor Evaluation for India’s largest stock exchange
• Data Flow Analysis and Data Protection Framework Development for a leading PSU bank
• Incident Management Framework Development and Symantec Brightmail rules fine-tuning for India's leading Telecommunications Company
• Websense DLP rules fine-tuning for a leading telecommunications company
• Data Flow Analysis and Data Protection Strategy Development for a leading life insurance company headquartered in the Netherlands
• Data Protection Operations Management for India's leading telecommunication company
• ISO 27001 Implementation for a leading payment card processing company
• ISO 27001 internal audit for a leading KPO
• ISO 27001 internal audit for a leading consumer finance company
• Interim information security management support for a leading stock broking company
• Practice Development, Team management and Presales :
• Developed winning proposals around Data Protection, PCI DSS, ISMS, BCP, IT Governance, RBI IS Guidelines Gap Assessment
• Devised a reusable template for use in Application Data Flow Analysis engagements
• Acted as a product manager for the Aujas Compliance Manager Tool and conducted demos on the tool for several banks in India
• Developed a proposal for offering Cloud Computing Security risk services
• Conducted interviews for potential hires
• Mentored and developed a team of 4 people functionally reporting to me. Conducted appraisals and identified areas of Improvement for them

May 2009 – Apr 2010 · 11 mos · Mumbai Area, India

• Service Delivery (Key Projects) :
• Reserve Bank of India Special purpose IS Audit for a leading private bank
• Network Security Audit/Architecture Review for a US based medical device manufacturer
• Agreed Upon Procedures testing for a major global BPO
• Physical Security Review for India’s largest Oil and Gas Company
• IS Audit for a leading UK based insurance company
• BCP framework development for a leading Indian life insurance company
• Presales:
• Developed proposals / approach notes around Cloud Computing use in Government, Cloud Computing Risks, Converged Security and SOP development

Oct 2006 – Feb 2009 · 2 yrs 4 mos · Mumbai Area, India

• I joined Tech Mahindra fresh out of college. Worked across service lines on a number of engagements which included:-
• BT Security Evaluation and Certification Scheme (BTSECS) Compliance/Vulnerability Management for a major platform in BT Retail
• SOP manual development for BTSECS
• Developing training material for inhouse use on BCP, ITIL, Network Security, PCI DSS, SOX, DPA et al.
• Service provisioning/assurance workflow designing for BT Wholesale offerings such as WBC, IPStream, DataStream and FeatureNet