Vanshit Malhotra

CEO

Bengaluru, Karnataka, India13 yrs 6 mos experience

Key Highlights

  • Expert in building security foundations for startups.
  • Led compliance audits in fintech with successful outcomes.
  • Renowned speaker at international cybersecurity conferences.
Stackforce AI infers this person is a Cybersecurity Expert specializing in SaaS and Fintech industries.

Contact

LinkedIn

Skills

Core Skills

Information SecurityCloud SecurityCompliance

Other Skills

Amazon Web Services (AWS)Anti CheatingAnti FraudApplication SecurityAppsecBug BountyCEHCISACISMCloud ComputingCloud Security ArchitectureCompliance AuditsComputer SecurityConsultingCyber Security

About

CISO | Speaker | Information Security Leader | Cloud Security Specialist | DevSecOps | RBI | PCI-DSS | Technology Leader | Startup Security Consulting Managing Information Security Risks for Startups Experienced and highly skilled in the field of information security, Vanshit Malhotra is a seasoned professional with a strong track record of successfully managing and mitigating cyber threats. As a Chief Information Officer (CIO) and Chief Information Security Officer/Data Protection Officer (CISO/DPO), Vanshit brings a wealth of expertise in developing and implementing robust security measures to safeguard organizations against evolving cyber risks. Vanshit's passion for cybersecurity extends beyond his professional roles. He is a renowned speaker, regularly sharing his knowledge and insights at international security conferences. Notable conferences where he has presented include HACKON 2016, HACKTECH 2017, National Cyber Safety and Security Standards (NCDRC) 2017, C0c0n X 2017, HAKON 2017, Ministry of Electronics And IT - Estimated Speaker, OWASP seasides, and Bsides Delhi. With a deep understanding of cloud security and DevSecOps practices, Vanshit has successfully implemented secure and scalable solutions for organizations across various sectors. He possesses comprehensive knowledge of regulatory compliance frameworks such as RBI and PCI-DSS, ensuring adherence to industry standards and safeguarding sensitive data. Vanshit excels in managing information security risks for startups, providing strategic guidance and implementing effective security strategies that align with their unique business needs. His ability to balance security requirements with operational objectives has earned him a reputation as a trusted technology leader. If you're seeking an information security professional who combines technical expertise, leadership acumen, and a passion for educating others, Vanshit Malhotra is an ideal choice to drive your organization's cybersecurity initiatives forward.

Experience

Startups and enterprises

Security Advisor

Jan 2024Present · 2 yrs 2 mos · Bengaluru | Delhi | UAE

  • As a Security Advisor, I work with startups and growing enterprises to build strong, scalable, and cost-effective security foundations. I specialize in advising pre-seed, seed, and Series A companies on improving their security posture within limited budgets—bridging the gap between rapid growth and responsible security practices.
  • Key Responsibilities:
  • 🎯Advised early-stage startups on foundational security architecture, secure product development, and cost-effective tooling.
  • 🎯Helped design and implement Minimum Viable Security Programs (MVSP) aligned with business needs and compliance requirements.
  • 🎯Set up and upgraded Security Operations Center (SOC) programs, including selecting appropriate monitoring tools and defining operational workflows.
  • 🎯Designed and rolled out Security Champions Programs to embed security ownership within engineering teams.
  • 🎯Advised on and helped build dedicated Web and Mobile Application Security teams tailored to product-specific threat models.
  • 🎯Delivered developer-focused security training covering secure coding practices, threat modeling, and vulnerability management.
  • Key Achievements:
  • 👉Enabled multiple startups to close enterprise deals by passing stringent security assessments and audits.
  • 👉Guided teams through SOC 2 and ISO 27001 readiness with lightweight, scalable security processes.
  • 👉Improved internal security awareness and reduced risk exposure by establishing security champions across engineering teams.
  • 👉Mentored technical teams on integrating security into CI/CD pipelines and DevSecOps practices.
  • 🥷 I focus on making security a business enabler—not a blocker—by aligning strategy with product velocity, customer demands, and resource constraints.
Security Architecture DesignSecurity Operations Center (SOC)Minimum Viable Security Programs (MVSP)Web and Mobile Application SecurityDeveloper-focused security trainingInformation Security+1

Jupiter

Head - Security and Compliance

Aug 2022Jan 2024 · 1 yr 5 mos · Bengaluru, Karnataka, India · On-site

  • As the Head of Security and Compliance at Jupiter, I led the end-to-end information security strategy, ensuring the protection of sensitive financial data and maintaining compliance with key regulatory and industry standards. My role involved building a security-first culture, defining policies and controls, and managing risk across application, cloud, and data environments.
  • Key Responsibilities:
  • Application Security
  • Established and matured a Secure SDLC process, integrating static (SAST), dynamic (DAST), and dependency (SCA) scanning tools into CI/CD pipelines.
  • Cloud Security
  • 👉Designed and enforced robust cloud security architecture and controls across multi-cloud environments (AWS/GCP).
  • Compliance & Regulatory Adherence
  • Successfully led the organization through multiple compliance audits including:
  • DPDPA (India’s Digital Personal Data Protection Act): Built and operationalized data governance and privacy controls aligned with the Act’s requirements.
  • SOC 2 Type I & II: Coordinated cross-functional efforts to meet trust service criteria, streamline audit readiness, and improve evidence collection.
  • PCI-DSS: Ensured secure handling of cardholder data by implementing required technical and operational controls.
  • NPCI Compliance (for UPI integration): Facilitated secure integration and certification of UPI services, ensuring compliance with NPCI’s information security guidelines.
  • Leadership & Risk Management
  • 👉Built and led a multidisciplinary security team encompassing AppSec, GRC, and CloudSec functions.
  • 👉Introduced risk-based prioritization of security initiatives aligned with business objectives and customer trust goals.
  • Governance, Risk & Strategy
  • 👉Developed Minimum Viable Security Programs (MVSP) that aligned with compliance mandates and enterprise customer expectations, ensuring a strong yet agile security posture.
Secure SDLCCloud Security ArchitectureCompliance AuditsRisk ManagementData GovernanceInformation Security+1

Mobile premier league (mpl)

Associate Director - Security and Compliance

May 2021Jul 2022 · 1 yr 2 mos · Bengaluru, Karnataka, India

  • DevSecOps | Cloud Security | Anti Cheating | Game Security | Anti Fraud | GDPR |
  • >> Leading cyber security unit in MPL that oversees the security of Cloud Infra, Network, MPL Online Gaming Platform and electronic data.
  • >>Responsible for implementing, designing, managing and allocating all the technology security measures within MPL.
  • >>Supervise information security technology staff, budgets, equipment, activities and negotiating with vendors for the best possible deals for the organisation’s technology.
  • >>Training employees on how to prevent and detect cyber security threats.
  • >>Leading team of security specialists to perform Internal Red Teaming, Cloud Infra Audits, Network Audits, IT Audits and MPL Platform Pentesting.
Cloud SecurityAnti CheatingGame SecurityGDPRInternal Red TeamingInformation Security

Confidential

Cyber Security Expert

Aug 2012May 2021 · 8 yrs 9 mos

Education

Rajasthan Technical University

Engineer’s Degree — Computer Engineering

Jan 2008Jan 2012

Stackforce found 100+ more professionals with Information Security & Cloud Security

Explore similar profiles based on matching skills and experience

Ravi Yadav

Ravi Yadav

Global Head, Cybersecurity Business Unit at Tata Consultancy Services

at Tata Consultancy Services

Atlanta, United States22 yrs 9 mos exp
Cloud SecurityCyber SecuritySecurity Strategy DevelopmentRisk ManagementNetwork Security
TK

Tarun Kumar

Senior Information Security Consultant

at Confidential

Gurugram, India8 yrs exp
CybersecurityMobile Application SecurityPenetration Testing
Sachit Singh

Sachit Singh

Senior Director-CISO

at OakNorth

India24 yrs 8 mos exp
Cyber SecurityInformation SecurityRisk ManagementSecurity Architecture
AS

Arun S

Principal Security Architect

at IBM

Coimbatore, India11 yrs 8 mos exp
Cloud Native SecurityCybersecurity Incident ManagementSecurity Incident Management
Manish Agarwal

Manish Agarwal

Technology Risk Advisor - Director Risk

at FIS

Jacksonville, United States18 yrs 8 mos exp
CommunicationCybersecurityISMSRisk Management
VS

Vishal Singh

HEAD - Technology & Operations

at Sinch

Noida, India29 yrs 9 mos exp
Cloud Operations ManagementCybersecurityCybersecurity Program ExecutionData Center ManagementEnterprise Security Strategy
Niklas J.

Niklas J.

Sr. Security Solution Engineer

at Microsoft

Oslo, Norway14 yrs 3 mos exp
Suman Kumar

Suman Kumar

Sr. Technical Manager

at Comviva

Delhi, India16 yrs exp
ComplianceIncident ResponseNetwork SecurityRisk ManagementSecurity Architecture