Oct 2021 – Aug 2024 · 2 yrs 10 mos

• In my current role as Head of Information Security, I lead a global team of information security managers and senior security engineers.
• Report to the Group CISO and lead and grow a team and continuously evolve the information security function to align and scale with the business.
• Lead security engineering direction as well as Influence peers, cross-functional partners, and IT/engineering leadership. Serve as a trusted leader, advisor and lead a team to ensure that security requirements are met and aligned with business strategy.
• Conduct regular Management reviews and update the management on information security aspects.
• Accountable for Security of Gojek's engineering and application platforms, products and services.
• Own & manage SDL, App & Infra Security, Security Engineering, Governance Risk & Compliance & Data Security & Privacy, DevSecOps, Cloud Security, Vulnerability Management, Patch Management, Bug Bounty program amongst the top portfolios end to end.
• Responsible for security assurance & assessments of the products releases.
• Lead and support cyber security capabilities including product security, security architecture, incident response, vulnerability management, technical and non-technical risk assessments, policy, procedures and compliance lifecycle.
• Responsible to ensure successful compliance of regulatory audits as well as re-certification and surveillance audits including ISO 27001 & PCI.
• Managing security in Gojek's engineering development environments, cloud infrastructure, source code repositories, and ensuring security is optimized in the SDLC and CI/CD arenas.
• Own, develop and implement strategies to continuously shift left to ensure a security-at-birth model.
• Partner with Engineering, Product, Core Fraud, and Risk, Privacy, and Compliance teams to ensure that security is effectively interlocked and aligned with key business stakeholders.

May 2016 – Oct 2021 · 5 yrs 5 mos · Hyderabad, Telangana

• I am a security assurance and engineering leader with expertise in security engineering of products and services with focus on DevSecOps, Secure Code Analysis, Dynamic Analysis and Infrastructure Security. I have also led large and complex security initiatives like supplier/vendor security assurance and remediating critical security vulnerabilities in applications and infrastructure. In my current role,
• I lead and manage a team of security program managers and software engineers to run and deliver security at scale at Microsoft.
• Establish vision, strategy and roadmap for security assurance & engineering team.
• Deliver key performance indicator reports on engineering and security metrics.
• I am a passionate, collaborative, results-oriented leader with a proven track record of developing and operating effective and appropriate engineering solutions to deliver scale security solutions in DevOps, embed security in engineering lifecycle and reducing risk for Microsoft - while embracing automation and self-service. I love and enjoy the current experience in teaming with geographically distributed and culturally diverse work groups.

Sep 2015 – Apr 2016 · 7 mos · Hyderabad, Telangana

• Risk Management Lead for CSEO (formerly Microsoft IT) Hyderabad engineering groups.

Sep 2013 – Aug 2015 · 1 yr 11 mos · Hyderabad, Telangana

Feb 2012 – Aug 2013 · 1 yr 6 mos · Hyderabad, Telangana

Aug 2009 – Feb 2012 · 2 yrs 6 mos · Mumbai, Maharashtra

• Security Architect & Risk Management Specialist. Led team of software engineers to develop a patented security product in the space of Electronic Health Records (EHR) and pseudonymization.

Aug 2007 – Jul 2009 · 1 yr 11 mos · Mumbai, Maharashtra

• Security Analyst with diverse experience assessing applications for multiple customers in US, UK, Europe and Asia.

Aug 2005 – Jul 2007 · 1 yr 11 mos · Mumbai, Maharashtra

Aug 2004 – Jul 2005 · 11 mos · Mumbai, Maharashtra

• Security engineer with a focus on learning J2EE and finding security vulnerabilities and remediation for projects at Mastek. Threat Modeling SME. Part of Technology Cell reporting to the CTO.

Feb 2005 – Feb 2012 · 7 yrs · Mumbai, Maharashtra

• OWASP Mumbai Chapter Leader and organizer. Led and presented on multiple security topics and built a great security community/network.

Jan 2003 – Jan 2004 · 1 yr · Jamnagar, Gujarat

• Software Intern at Reliance Industries Limited. Worked as a .NET Developer developing Reliance's Learning Center Portal.