Rajesh Kumar Gupta

Operations Associate

Bengaluru, Karnataka, India17 yrs 3 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Reduced compliance gaps by 30% across multiple projects.
  • Led enterprise-wide IT risk assessments for major organizations.
  • Certified in multiple security frameworks and methodologies.
Stackforce AI infers this person is a seasoned Information Security and GRC expert in the Fintech and Healthcare sectors.

Contact

LinkedIn

Skills

Core Skills

Risk ManagementInformation SecurityIt OperationsTrainingLinux Administration

Other Skills

21 CFR Part 11Agile MethodologiesAnnual BudgetingAuditingBAITBusiness AnalysisCloud ComputingCloud SecurityCloud StorageCloud-Native ArchitectureCorporate TrainingCybersecurityDORADesignDyeing

About

As an Information Security & GRC Leader at HCLTech, I drive enterprise audit, compliance, and technology risk programs for a major German global bank, aligning IT operations with ISO 27001, SOX, ITGC, BAIT, MaRisk, and DORA to enhance governance and operational resilience. Leveraging RSA Archer and ServiceNow, I have improved risk visibility, reduced compliance gaps by 30%, and streamlined regulatory reporting for executive stakeholders. At Sandoz Pharma (Switzerland) (HCL project), I led enterprise-wide IT risk assessments and risk-based control reviews across 14 IT security service lines (Database, Unix, Network, Cloud, etc.), ensuring compliance with ISO 27001, ISO 27005, ISO 27002:2013, 21 CFR Part 11, Eudralex Annex 11, NIST SP 800-53, ISO 27701, NIS2, GxP, and GDPR through the Sandoz IMF Controls Framework. I strengthened ISMS maturity and audit readiness by driving IMF control testing, implementing continuous control monitoring, enhancing third-party risk management, and maintaining complete regulatory documentation for inspections. At Blue Cross Blue Shield – North Carolina (Healthcare) (HCL project), I led HIPAA, NIST 800-53, SOC 2, and PCI DSS risk assessments for PHI systems, managed enterprise risk registers, and drove closure of high-risk findings. I improved overall compliance posture by executing security control testing, evaluating data-protection risks, and ensuring continuous adherence to healthcare regulatory requirements. Across previous roles at DXC and IBM, I delivered GDPR programs, led large-scale risk assessments, established governance frameworks, and supported incident response and audit remediation initiatives. I also lead Third-Party Risk Management programs, enforce SOC 2 compliance, and uplift supplier security across complex global ecosystems. Certified in CISM, ISO 27001 Lead Auditor, PCI DSS, AWS Architect, and RHCE, I am now expanding into AI-driven GRC, cloud-native security, and evolving EU regulatory frameworks. I recently published an industry article comparing ISO/IEC 42001 vs. NIST AI RMF, sharing practical insights on AI governance: https://www.linkedin.com/feed/update/urn:li:activity:7297578032033083392/ My focus is to bridge business and security through pragmatic governance, scalable risk management, and forward-looking leadership.

Experience

Hcltech

Sr. GRC Manager Information Security

Jul 2021Present · 4 yrs 8 mos · Bengaluru, Karnataka, India · Hybrid

  • Project 4 – Belgian Telecommunications & Digital Services
  • Reduced audit findings by 30% in 12 months by implementing ISO 27001, NIST, GDPR, DORA, and NIS2. Led vulnerability management for 15,000+ endpoints/servers, cutting critical vulnerabilities by 40%. Implemented MAS 655 cyber hygiene (patching, malware protection, secure standards), improving readiness from 70% → 95%. Delivered 10+ security/compliance projects (up to €3M), achieving 100% on-time delivery. Remediated 100+ audit/risk findings and executed 30+ security assessments across banking, IT services, and healthcare. Strengthened leadership reporting through KPI-based dashboards.
  • Project 3 – Sandoz Pharma (Switzerland) (HCL)
  • Led IT risk assessments and control reviews across 14 IT security service lines (Database, Unix, Network, Cloud, etc.) ensuring compliance with ISO 27001/27005/27002:2013, 21 CFR Part 11, Annex 11, NIST SP 800-53, ISO 27701, NIS2, GxP, and GDPR via the Sandoz IMF Controls Framework. Strengthened ISMS maturity, third-party risk, continuous control monitoring, and audit readiness.
  • Project 2 – Global Bank (Germany)
  • Led audits and risk assessments for a major German global bank, ensuring compliance with ISO 27001, ITGC, SOX, BAIT, MaRisk, and DORA. Improved compliance efficiency by 30% using RSA Archer and ServiceNow. Closed control gaps through PDCA enhancements and managed TPRM ensuring SOC 2–aligned vendor security. Optimized incident response workflows (–30% resolution time) and improved security awareness by 40%.
  • Project 1 – Blue Cross Blue Shield NC (Healthcare) (HCL)
  • Led HIPAA, NIST 800-53, SOC 2, and PCI DSS risk assessments for PHI systems, managed risk registers, and drove remediation of high-risk findings. Improved compliance posture through security control testing, data-protection risk evaluation, and continuous regulatory adherence.
Risk ManagementInfrastructure ManagementAuditingInformation Security AwarenessIT OperationsInformation Technology+18

Dxc technology

Senior Information Security Manager

Aug 2020Jul 2021 · 11 mos · Bengaluru, Karnataka, India · Hybrid

  • UK Bank (Hosted Environment, 1M+ End Users)
  • Developed and maintained ISMS IT controls for a hosted banking environment serving 1M+ global users, ensuring compliance with ISO 27001, GDPR, ITGC, SOX, PCI DSS, and NIS2.
  • Achieved 100% regulatory compliance by reviewing and validating control evidence for accuracy and completeness.
  • Integrated new acquisitions into the ISMS framework, reducing risk exposure and enhancing compliance maturity by 12%.
  • Improved control maturity and execution efficiency by 30% through collaboration with control owners and stakeholders.
  • Delivered comprehensive risk assessments, audit support, and regulatory alignment to strengthen organizational resilience.
Risk ManagementInfrastructure ManagementGovernanceand Compliance (GRC)Information Security AwarenessIT Operations+18

Ibm

Senior Information Security SME Information and Data Privacy

Jan 2018Jul 2020 · 2 yrs 6 mos · Bengaluru, Karnataka, India · On-site

  • Led GDPR compliance initiatives for a global UK bank, designing and implementing Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA). Conducted internal audits, tested compliance, identified security gaps, and implemented remediation plans, reducing compliance violation costs by 4% of revenue. Assessed third-party vendor risks using RSA Archer, assigning risk ratings from 0-5 to strengthen supply chain security.
Infrastructure ManagementGovernanceRisk Managementand Compliance (GRC)Information Security AwarenessIT Operations+16

Mphasis

Information Security Lead Engineer

May 2016Jan 2018 · 1 yr 8 mos · Mumbai, Maharashtra, India · On-site

  • Led security audits for the global data infrastructure of a European energy company, conducting risk assessments and managing internal and external IT audits in compliance with ISO 27001, NIST SP 800-53, TISAX, and SOC 2. Ensured GDPR alignment and implemented robust Business Continuity Plans (BCP) to enhance resilience and regulatory compliance.
Infrastructure ManagementNISTInformation Security AwarenessTechnical SupportIT OperationsCybersecurity+17

Vihaan infrasystems india limited

Information Technology Security Administrator

Apr 2015May 2016 · 1 yr 1 mo · Mumbai, Maharashtra, India · On-site

Infrastructure ManagementSecurity Information and Event Management (SIEM)Technical SupportIT OperationsCybersecuritySystems Management+15

Blue imperial engineers pvt. limited

Senior Unix System Administrator

Oct 2011Apr 2015 · 3 yrs 6 mos · Noida, Uttar Pradesh, India · On-site

Security Information and Event Management (SIEM)Security Patch ManagementTechnical SupportIT OperationsSystems ManagementSecurity+3

Extramarks education india pvt. ltd.

Security Administrator, Linux

Feb 2010Nov 2011 · 1 yr 9 mos · Noida, Uttar Pradesh, India · On-site

Security Information and Event Management (SIEM)Security Patch ManagementTechnical SupportIT OperationsSystems ManagementSecurity Assurance+3

Hcl infosystems ltd.

Technical Security Trainer - Redhat Linux

Oct 2008Jan 2010 · 1 yr 3 mos · Noida, Uttar Pradesh, India · On-site

Red Hat Certified Engineer (RHCE)Corporate TrainingEmployee TrainingUnix AdministrationSecurityRed Hat Linux+2

Education

Annamalai University

PGDM

Jun 2018Jul 2019

Bundelkhand University

Graduation

Jun 2005Jul 2008

Stackforce found 100+ more professionals with Risk Management & Information Security

Explore similar profiles based on matching skills and experience

Rahul Prakash

Rahul Prakash

Senior Manager - Information Security

at udaan.com

Bengaluru, India7 yrs 3 mos exp
BA

Benjamin Ambrose

Chief Information Security Officer

at National Payments Corporation Of India (NPCI)

Hyderabad, India23 yrs 9 mos exp
Goutham Vaidyanathan

Goutham Vaidyanathan

AGM GRC & Privacy

at Novac Technology Solutions

Chennai, India8 yrs 9 mos exp
Cloud SecurityIT Governance
Sahil Ajitsaria

Sahil Ajitsaria

Head - Cyber Security Operations

at slice

Bengaluru, India10 yrs 9 mos exp
Sheetal Vashistha

Sheetal Vashistha

Information Security Associate

at Salesforce

India2 yrs 4 mos exp
CybersecurityITGCInformation SecurityPCI DSS
Ajay Soni, CISSP, CISM, CISA, CRISC

Ajay Soni, CISSP, CISM, CISA, CRISC

IT GRC Compliance Manager

at Backbase

Hyderabad, India8 yrs 6 mos exp
GRCCompliance ManagementSecurity EngineeringCloud SecurityEndpoint Security
Nishanth Singarapu, FIP

Nishanth Singarapu, FIP

Security Leader - Cyber Security Architecture, GRC & Product

at SingleStore

Hyderabad, India12 yrs 3 mos exp
Cloud SecurityCybersecurity ArchitectureGovernance, Risk Management, and Compliance (GRC)Information Security Management
PK

Prashanth Kumar K

Desktop Engineering - IMS Team Manager

at Iron Mountain

Bangalore, India12 yrs 5 mos exp
IT ComplianceIT Infrastructure ManagementIT Infrastructure OperationsIncident ManagementProject Management