Sep 2022 – Mar 2024 · 1 yr 6 mos · Bengaluru, Karnataka, India

• Implemented comprehensive security measures for the Payment Gateway and Aggregation systems in compliance with regulatory guidelines, successfully ensuring a gap-free audit completion.
• Enforced information security across all Groww's business verticals including Payments, Lending and Account Aggregator.
• Executed Maturity Assessments using NIST standards, creating and realising enhancement roadmaps.
• Managed internal audits following the ISO 27001 framework.
• Streamlined compliance through tool-driven automation.
• Established and rolled out processes and guidelines to fortify organisational security.
• Pioneered and managed the Third-Party Risk Management framework

Jan 2022 – Sep 2022 · 8 mos

• Responsible for enforcing Security compliance throughout the organisation
• Monitoring ISMS metrics for various teams and ensure there are no gaps.
• Perform Internal ISO 27001 Audits and improving Audit process
• Involved in Product discussions on a regular basis to ensure they are PCI Compliant
• Audit AWS and Azure environment ensuring compliance
• Lead the preparation of IT Security and Compliance Audits such as PCI-DSS, ISO 27001, SOC2, Local
• Compliance Audits and Ad-hoc Bank and Vendor Audits.
• Act as subject matter expert for PCI-DSS and ISO 27001 implementation.
• Recommend and Co-ordinate the implementation of technical controls to support and enforce
• defined security policies.
• Support development and improvisation of Security policies and procedures.
• Ensure Business units comply with Information Security Standards and applicable Regulations.
• Conduct Risk assessment based on custom defined Risk assessment methodology.
• Perform Vendor Assessments and Risk assessment before on-boarding (TPRM)
• Respond to Questionnaires from Merchants and any other security related queries from various
• stake holders.
• Assess security related tools and review Agreements from Vendors.
• Conduct 1-1 Security Training for newly on-boarded Senior Executives(Associate Director and above)
• Monitor the progress of Corrective actions to ensure they are concluded without undue delay.

Jul 2021 – Dec 2021 · 5 mos

• Responsible to serve customers across Middle East on wide variety of Cyber Security Services such as PCI-DSS, ISO-27001, NIST CSF, Local Governance(RBI, NPCI, NESA)
• Designing secure networks and payment eco-systems
• Training the associates with respect to multiple CyberSecurity Frameworks
• Cloud Security Implementation as primary consulting activity
• Implement End to End PCI-DSS for Fintechs across Middle east region
• Provided responsibility to Audit and provide consultation to Large Scale Tech Company's with branches across the world

May 2019 – Jul 2021 · 2 yrs 2 mos

• Conducted Independent PCI DSS Audits for clients across the globe, majorly in the Middle
• Eastern region which includes Banks, Third-party processors, Payment Gateways, BPO's and ODC's
• Responsible for ensuring the meeting of milestones and deadlines by communicating clearly with
• clients on overall engagement objectives, work plan and key findings
• Managing internal project teams, delegating project tasks, supervising the work of Associates.
• Conducting Organization Level PCI-DSS and Information Security Awareness training
• Possess Analytical skills and a capacity to conduct sophisticated and rigorous organization-wide
• audits.
• Highly focused on customer service and passionate about ensuring the customer requirements are
• met on time with a high standard.
• Conducting Audit and consultation for both Physical Datacenter and Virtual environment
• Conducting Local Governance RBI Audits.
• Providing Consultation for ISO 27001 and SOC 2 compliance.
• Performing Risk Assessment based on PCI DSS prioritised approach and ISO 27005.
• Organised business process mapping and requirements gathering sessions with customer business process owners.

Jan 2018 – May 2019 · 1 yr 4 mos

• Executed Internal, External Vulnerability Assessment and Penetration Testing(Network Level) by
• utilising Automated and manual approach for clients across the globe, majorly for the American
• region.
• Provide recommendations to clients to mitigate vulnerabilities. Communicate with clients to clearly
• understand project requirements and scope.
• Vulnerability management, help clients with Mitigation strategies and compensatory controls
• Assist in VA-PT Pre-sale calls to understand the requirements of customers and to explain
• the project execution approach.