Mar 2020 – Oct 2022 · 2 yrs 7 mos · Mumbai, Maharashtra, India

• Key responsibilities:
• Reporting to Founders as person accountable for leading the Information Security Governance & Cyber Security Assurance program for BillDesk
• Advice BillDesk’ s management on security trends and initiatives for enterprise
• Management of ISO 27001 & PCI DSS implementation and compliance
• Perform internal audits, vendor audits & gap assessments in line with RBI, NPCI & ISO 27001 compliance
• Drive annual RBI System Audit Report for BBPS license & periodic RBI inspections
• Successfully implemented IT/IS projects for meeting RBI Guidelines for PA & PG, NPCI BBPS circular & Digital Payment Security Standard
• Responsible to define & update ISMS policies & processes in line with RBI, NPCI guidelines
• Actively working to develop & improve BillDesk’ s SIEM architecture & SOC operations
• Provide response on client RFPs & manage client audits (Banks / Merchants)
• Actively perform Quarterly Technical Risk Assessments & Configuration audits on infrastructure (e.g. anti-APT, Firewall, network devices, servers and databases)
• Actively design RFPs, perform security reviews & conduct POCs for enterprise level solutions (e.g. New Datacenter Setup, O365 services, IT Asset Management Solution, ITSM solution, MFT solution, FIM etc.)
• Projects delivered or in implementation: IT Asset management & ITSM, O365 Teams, Host DLP, DMARC, Dark web monitoring & threat intel, DDOS protection, Forensic Readiness, Phishing Simulation & IS awareness via LMS
• Key Achievements & Rewards:
• Driving 10+ projects tracks to build compliance to RBI circular for Payment Aggregators & Payment Gateway
• Improved Data leak prevention posture for organization by implementing DLP & full disk encryption
• Successfully completed ISO 27001:2013 recertification audit by BSI for 2020 while working remotely within 2 months of joining
• Successfully demonstrated compromise of spam gateway admin console & by-passed email ATP solutions with custom attack file

Aug 2017 – Mar 2020 · 2 yrs 7 mos · Thane, Maharashtra, India

• Active member of Corporate IS team, leading & managing corporate initiates with an additional responsibility to act in capacity of BISO for small business without CISO
• Lead ISO 27001 implementation and compliance for ABFSSL & ABMUL
• Active member of Core technical committee of ABCL to review architecture and solution deployment at ABCL e.g. network segregation, NAC, McAfee, DDOS protection
• Review Cloud Security controls for business workload migrations to AWS & Azure
• Define Cyber Security strategy & implement policy & technical controls to enhance Cyber Security
• Plan and conduct internal audits / gap assessments in line with RBI / SEBI / IRDAI & ISO 27001 compliance
• Define & update relevant ISMS policies & processes in line with RBI, IRDAI, SEBI guidelines
• Perform vendor & product due diligence, risk assessments for new projects and legal contract clause review for IS controls
• Part of core team responsible to prepare SOC & NOC RFPs and evaluate vendors for ABCL
• Streamlining governance & enhancing technical capabilities of ABCL SOC managed by partner
• Actively setup NOC process for ABCL and managed NOC CAB meetings
• Conduct Security Incident Investigation & deploy remediation controls
• Govern enterprise wide compliance initiatives for critical infrastructure endpoints
• Track and close internal audit observations for ABFSSL & ABCL LOBs
• Review DLP & anti APT controls deployed at enterprise network & email gateway
• Perform technical risk assessments & audits for new solutions (e.g. MDM, NAC, NGFW, ACL etc)
• Conduct POCs & implement technical solutions at enterprise level (e.g. Brand Risk Monitoring, Decoys etc)
• Single point of contact for Driving the Privacy assessment for ABFSSL and ABCL with partner
• Key Achievements & Rewards:
• Successfully demonstrated critical flaws in MDM & Exchange setup & policy implementation
• Successfully by-passed email ATP solutions with custom attack file

Feb 2014 – Aug 2017 · 3 yrs 6 mos · Mumbai Area, India

• Key responsibilities:
• Leading team of 4 Information Security Professionals
• Ensure ISO 27001 implementation and compliance as per defined scope
• Plan and conduct internal audits as per scope for ISO 27001
• Participate in statutory & regulatory audits for NSE / BSE / MCX audits
• Define & update relevant ISMS policies & processes in line with RBI, SEBI guidelines
• Perform vendor risk due diligence and branch risk assessments
• Perform technical risk assessments and system audits for new solutions (e.g. NAC, MDM, Office365)
• Conduct business risk assessment for LOBs to recommend & implement mitigations
• Manage overall VA program for Edelweiss
• Conduct Security Incident Investigation and confidential forensic projects with Partners
• Define & implement Cyber Security Policy & Cloud Security Framework for Edelweiss
• Participated in gap analysis for country specific regulatory requirements on information security
• Conduct IS Awareness training and implementing IS awareness & brand awareness program
• Govern & Manage enterprise wide security initiatives (WinXP Virtual Patch rollout, NAC rollout etc)
• Review BCP plan and participate in BC drills
• Key Achievements & Rewards:
• Part of team that received Bond with the Best team award in Nov 2016 for contributing to Merger & Acquisition project for Edelweiss Mutual Funds
• Selected for 2016 iLeap Batch, a program for leadership development within Edelweiss amongst 200+ eligible employees
• Received Tech DNA Safe Hands Award in Mar 2015
• Successfully lead ISO 27001:2005 CAV (Apr 2014) & transition audit for ISO 27001:2013 (Apr 2015)

Dec 2006 – Jan 2014 · 7 yrs 1 mo · Mumbai

• Key responsibilities (Information Security Team):
• Plan, co-ordinate & participate in client & external audits (ISO 27001, ISAE 3402, ISO 20000, ISO 9001)
• Plan, co-ordinate & participate in site security accreditations for clients in Mumbai
• Conduct ISMS audits for other Atos countries
• Plan and conduct internal ISMS audits for projects & support functions (IT, Admin, HR etc)
• Monitoring, closing & reporting of security gaps (process, standard controls & vulnerabilities)
• Co-ordination, collection & reporting of security KPI dashboard data at India level
• Participate in formulation of security policies & process at service line & organization level
• Conduct review on IT asset & risk register & ensure effective mitigations are in place
• Manage & audit BCP plans at project, site and organization level
• SME security to respond to client RFPs / future bids and client presentations
• Security incident investigation, analysis and reporting to client/organization
• Conduct Information Security Awareness trainings for employees at Organization level & internal auditor trainings for quality resources (technical)
• Supplementary role of Site Information Security Officer entrusted with task of ensuring security compliance & governance at 2 Atos Mumbai sites. Act as operational back up for CSO India
• Participate in corporate Sustainability & CSR program
• Key responsibilities (Process & Quality Team):
• Perform risk assessment for projects and service lines
• Publish weekly enterprise risk register (RADAR) for management
• Conduct Process & Quality, Project management tool trainings (Artemis)
• Implement & roll out Project Management Tool (Artemis) within enterprise
• Develop process and compliance templates for organization QMS (MS Excel)
• Manage Organization level BSC

Nov 2005 – Nov 2006 · 1 yr · Mumbai Area, India

• Key responsibilities:
• Initiate and participate in developing standards, processes and checklists
• Scrutinize process documents developed by project team
• S/W audit preparation, execution, audit reporting and continuous tracking of compliance with standards
• Baseline & conduct CM audit and liaise with PM to resolve non-compliance. Thus help project team to adhere to CMM and Dell procedures & standards.
• Review the quality systems periodically and suggest changes if necessary
• Perform Super SQA reviews on audits conducted by team members.
• Participate in audit logic creation and periodic review process
• Supplementary responsibilities:
• Track and maintain records to ensure IT Audit's process compliance to ISO 27001 standard
• Perform manual testing & UAT on internal eClerx tool in an attempt to enhance overall quality
• Key Achievements & Rewards:
• Actively participated in pilot project for GeBM IT segment of Dell Inc and recorded 99% accuracy in pilot audits. This lead to additional business in form of outsourced audits from GeBM segment.
• Successfully developed a Parser tool for analyzing Harvest CI status reports to identify CI (file) location and state that lead to process optimization

Dec 2003 – May 2005 · 1 yr 5 mos · Mumbai Metropolitan Region

• Key responsibilities:
• Key responsibilities include analyzing and gathering requirements for softwares used for conducting computer based tests, designing and developing them.
• Perform manual testing on simulations an d software used in training program.
• Demonstration of software to clients.
• Key Achievements & Rewards:
• Promoted from software trainee to software developer and received more than 50% increase in salary within (midterm appraisal) 6 months of joining the organization for key contributions:
• Designed & developed software that resulted in saving company's certification test production & delivery cost by 1000USD per test question bank change
• Developed client data extraction software that resulted in 3% growth in company's business.