Rajesh Kumar Gupta

Operations Associate

Bengaluru, Karnataka, India17 yrs 5 mos experience
Most Likely To SwitchAI Enabled

Key Highlights

  • Reduced compliance gaps by 30% across multiple projects.
  • Led enterprise-wide IT risk assessments for major organizations.
  • Certified in multiple security frameworks and methodologies.
Stackforce AI infers this person is a seasoned Information Security and GRC expert in the Fintech and Healthcare sectors.

Contact

LinkedIn

Skills

Core Skills

Risk ManagementInformation SecurityIt OperationsTrainingLinux Administration

Other Skills

21 CFR Part 11Agile MethodologiesAnnual BudgetingAuditingBAITBusiness AnalysisCloud ComputingCloud SecurityCloud StorageCloud-Native ArchitectureCorporate TrainingCybersecurityDORADesignDyeing

About

As an Information Security & GRC Leader at HCLTech, I drive enterprise audit, compliance, and technology risk programs for a major German global bank, aligning IT operations with ISO 27001, SOX, ITGC, BAIT, MaRisk, and DORA to enhance governance and operational resilience. Leveraging RSA Archer and ServiceNow, I have improved risk visibility, reduced compliance gaps by 30%, and streamlined regulatory reporting for executive stakeholders. At Sandoz Pharma (Switzerland) (HCL project), I led enterprise-wide IT risk assessments and risk-based control reviews across 14 IT security service lines (Database, Unix, Network, Cloud, etc.), ensuring compliance with ISO 27001, ISO 27005, ISO 27002:2013, 21 CFR Part 11, Eudralex Annex 11, NIST SP 800-53, ISO 27701, NIS2, GxP, and GDPR through the Sandoz IMF Controls Framework. I strengthened ISMS maturity and audit readiness by driving IMF control testing, implementing continuous control monitoring, enhancing third-party risk management, and maintaining complete regulatory documentation for inspections. At Blue Cross Blue Shield – North Carolina (Healthcare) (HCL project), I led HIPAA, NIST 800-53, SOC 2, and PCI DSS risk assessments for PHI systems, managed enterprise risk registers, and drove closure of high-risk findings. I improved overall compliance posture by executing security control testing, evaluating data-protection risks, and ensuring continuous adherence to healthcare regulatory requirements. Across previous roles at DXC and IBM, I delivered GDPR programs, led large-scale risk assessments, established governance frameworks, and supported incident response and audit remediation initiatives. I also lead Third-Party Risk Management programs, enforce SOC 2 compliance, and uplift supplier security across complex global ecosystems. Certified in CISM, ISO 27001 Lead Auditor, PCI DSS, AWS Architect, and RHCE, I am now expanding into AI-driven GRC, cloud-native security, and evolving EU regulatory frameworks. I recently published an industry article comparing ISO/IEC 42001 vs. NIST AI RMF, sharing practical insights on AI governance: https://www.linkedin.com/feed/update/urn:li:activity:7297578032033083392/ My focus is to bridge business and security through pragmatic governance, scalable risk management, and forward-looking leadership.

Experience

17 yrs 5 mos
Total Experience
2 yrs 2 mos
Average Tenure
4 yrs 10 mos
Current Experience

Hcltech

Sr. GRC Manager Information Security

Jul 2021Present · 4 yrs 10 mos · Bengaluru, Karnataka, India · Hybrid

  • Project 4 – Belgian Telecommunications & Digital Services
  • Reduced audit findings by 30% in 12 months by implementing ISO 27001, NIST, GDPR, DORA, and NIS2. Led vulnerability management for 15,000+ endpoints/servers, cutting critical vulnerabilities by 40%. Implemented MAS 655 cyber hygiene (patching, malware protection, secure standards), improving readiness from 70% → 95%. Delivered 10+ security/compliance projects (up to €3M), achieving 100% on-time delivery. Remediated 100+ audit/risk findings and executed 30+ security assessments across banking, IT services, and healthcare. Strengthened leadership reporting through KPI-based dashboards.
  • Project 3 – Sandoz Pharma (Switzerland) (HCL)
  • Led IT risk assessments and control reviews across 14 IT security service lines (Database, Unix, Network, Cloud, etc.) ensuring compliance with ISO 27001/27005/27002:2013, 21 CFR Part 11, Annex 11, NIST SP 800-53, ISO 27701, NIS2, GxP, and GDPR via the Sandoz IMF Controls Framework. Strengthened ISMS maturity, third-party risk, continuous control monitoring, and audit readiness.
  • Project 2 – Global Bank (Germany)
  • Led audits and risk assessments for a major German global bank, ensuring compliance with ISO 27001, ITGC, SOX, BAIT, MaRisk, and DORA. Improved compliance efficiency by 30% using RSA Archer and ServiceNow. Closed control gaps through PDCA enhancements and managed TPRM ensuring SOC 2–aligned vendor security. Optimized incident response workflows (–30% resolution time) and improved security awareness by 40%.
  • Project 1 – Blue Cross Blue Shield NC (Healthcare) (HCL)
  • Led HIPAA, NIST 800-53, SOC 2, and PCI DSS risk assessments for PHI systems, managed risk registers, and drove remediation of high-risk findings. Improved compliance posture through security control testing, data-protection risk evaluation, and continuous regulatory adherence.
Risk ManagementInfrastructure ManagementAuditingInformation Security AwarenessIT OperationsInformation Technology+18

Dxc technology

Senior Information Security Manager

Aug 2020Jul 2021 · 11 mos · Bengaluru, Karnataka, India · Hybrid

  • UK Bank (Hosted Environment, 1M+ End Users)
  • Developed and maintained ISMS IT controls for a hosted banking environment serving 1M+ global users, ensuring compliance with ISO 27001, GDPR, ITGC, SOX, PCI DSS, and NIS2.
  • Achieved 100% regulatory compliance by reviewing and validating control evidence for accuracy and completeness.
  • Integrated new acquisitions into the ISMS framework, reducing risk exposure and enhancing compliance maturity by 12%.
  • Improved control maturity and execution efficiency by 30% through collaboration with control owners and stakeholders.
  • Delivered comprehensive risk assessments, audit support, and regulatory alignment to strengthen organizational resilience.
Risk ManagementInfrastructure ManagementGovernanceand Compliance (GRC)Information Security AwarenessIT Operations+18

Ibm

Senior Information Security SME Information and Data Privacy

Jan 2018Jul 2020 · 2 yrs 6 mos · Bengaluru, Karnataka, India · On-site

  • Led GDPR compliance initiatives for a global UK bank, designing and implementing Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA). Conducted internal audits, tested compliance, identified security gaps, and implemented remediation plans, reducing compliance violation costs by 4% of revenue. Assessed third-party vendor risks using RSA Archer, assigning risk ratings from 0-5 to strengthen supply chain security.
Infrastructure ManagementGovernanceRisk Managementand Compliance (GRC)Information Security AwarenessIT Operations+16

Mphasis

Information Security Lead Engineer

May 2016Jan 2018 · 1 yr 8 mos · Mumbai, Maharashtra, India · On-site

  • Led security audits for the global data infrastructure of a European energy company, conducting risk assessments and managing internal and external IT audits in compliance with ISO 27001, NIST SP 800-53, TISAX, and SOC 2. Ensured GDPR alignment and implemented robust Business Continuity Plans (BCP) to enhance resilience and regulatory compliance.
Infrastructure ManagementNISTInformation Security AwarenessTechnical SupportIT OperationsCybersecurity+17

Vihaan infrasystems india limited

Information Technology Security Administrator

Apr 2015May 2016 · 1 yr 1 mo · Mumbai, Maharashtra, India · On-site

Infrastructure ManagementSecurity Information and Event Management (SIEM)Technical SupportIT OperationsCybersecuritySystems Management+15

Blue imperial engineers pvt. limited

Senior Unix System Administrator

Oct 2011Apr 2015 · 3 yrs 6 mos · Noida, Uttar Pradesh, India · On-site

Security Information and Event Management (SIEM)Security Patch ManagementTechnical SupportIT OperationsSystems ManagementSecurity+3

Extramarks education india pvt. ltd.

Security Administrator, Linux

Feb 2010Nov 2011 · 1 yr 9 mos · Noida, Uttar Pradesh, India · On-site

Security Information and Event Management (SIEM)Security Patch ManagementTechnical SupportIT OperationsSystems ManagementSecurity Assurance+3

Hcl infosystems ltd.

Technical Security Trainer - Redhat Linux

Oct 2008Jan 2010 · 1 yr 3 mos · Noida, Uttar Pradesh, India · On-site

Red Hat Certified Engineer (RHCE)Corporate TrainingEmployee TrainingUnix AdministrationSecurityRed Hat Linux+2

Education

Annamalai University

PGDM

Jun 2018Jul 2019

Bundelkhand University

Graduation

Jun 2005Jul 2008

Stackforce found 100+ more professionals with Risk Management & Information Security

Explore similar profiles based on matching skills and experience

Rahul Prakash

Rahul Prakash

Senior Manager - Information Security

at udaan.com

Bengaluru, India7 yrs 5 mos exp
Radha Arora, CISSP

Radha Arora, CISSP

Manager - Cyber Risk

at Genpact

Gurugram, India17 yrs 4 mos exp
Information Security
BA

Benjamin Ambrose

Chief Information Security Officer

at National Payments Corporation Of India (NPCI)

Hyderabad, India23 yrs 10 mos exp
Ayuti Valuskar

Ayuti Valuskar

Consultant

at Deloitte

Pune, India2 yrs 7 mos exp
Internal AuditsIT SOX
Goutham Vaidyanathan

Goutham Vaidyanathan

AGM GRC & Privacy

at Novac Technology Solutions

Chennai, India8 yrs 10 mos exp
Cloud SecurityIT Governance
Khalifa AlShamsi

Khalifa AlShamsi

Banking Officer

at Mashreq

Ras al-Khaimah, United Arab Emirates5 mos exp
Incident ManagementNetwork Security
Sahil Ajitsaria

Sahil Ajitsaria

Head - Cyber Security Operations

at slice

Bengaluru, India10 yrs 10 mos exp
Partha Sarathy

Partha Sarathy

GCISO in leading bank in APAC

at BANK

Ras al-Khaimah, United Arab Emirates33 yrs 7 mos exp
Operational Risk ManagementFraud RiskBusiness Continuity PlanningInformation SecurityIdentity Management