Aug 2024 – Jun 2025 · 10 mos · India · On-site

• As an AWS Financial Services Industry (FSI) Compliance Specialist in India, I empower financial institutions to navigate complex regulatory landscapes and adopt secure, compliant cloud solutions. Leveraging AWS’s robust compliance framework, I guide banks, insurance companies, and fintech firms in aligning their IT workloads with regulations like RBI, SEBI, IRDAI, MeitY, UIDAI, NPCI guidelines, India DPDP, GDPR, and PCI DSS. My role involves assessing compliance needs, developing tailored roadmaps, and collaborating with stakeholders to ensure data security and operational resilience. By fostering innovation within regulatory boundaries, I help organizations scale efficiently while maintaining trust and compliance. I am also Amazon Bar Raiser and as an Amazon Bar Raiser, I play a pivotal role in upholding Amazon’s high hiring standards by ensuring we select exceptional talent who align with our Leadership Principles and raise the bar for performance. With a focus on objectivity, I bring extensive hiring experience to evaluate candidates across roles, providing unbiased insights during the interview process. My commitment to fostering a diverse and innovative workforce drives me to identify individuals who will thrive in Amazon’s dynamic environment and contribute to our culture of excellence.

Sep 2019 – Oct 2021 · 2 yrs 1 mo · India · On-site

• Managing diverse and deep set of responsibilities related to cloud advocacy, compliance, and regulatory requirements for financial services customers in the India subcontinent region. Summary of the key areas:
• 1. Regulatory Compliance:
• Reserve Bank of India (RBI) IT & Cybersecurity, Outsourcing, and Payment and Settlement Systems Act 2007 requirements
• Insurance Regulatory and Development Authority of India (IRDAI) Cybersecurity and Outsourcing requirements
• Securities and Exchange Board of India (SEBI) Cybersecurity compliance
• Aadhaar Act compliance
• Information Technology (IT) Act 2000/2008
• 2. Cybersecurity and Data Protection Standards:
• PCI DSS
• ISO 27001/27017/27018
• SOC2
• HIPAA
• GDPR
• FIPS
• 3. Business Development, Cloud Advocacy and Public Policy:
• Working with worldwide commercial financial services customers to help them achieve the above regulatory and cybersecurity compliance requirements
• Supporting cloud public policy initiatives for India

Oct 2021 – Aug 2024 · 2 yrs 10 mos · India · On-site

• Strategic Oversight and Governance: I am responsible for building and defining the charter, strategy, policies, standards, controls, and supporting documentation that serve as the foundation for Amazon's security programs across their Stores, Devices, and Other (SDO) organizations, subsidiaries, and business units outside of AWS. This strategic governance role is critical for ensuring a cohesive and effective security posture company-wide.
• Global Team and Program Management: Managing a team of 25+ highly skilled security professionals globally is no small feat. This needs strong leadership and coordination abilities to align and drive this team towards key improvements and outcomes.
• Regulatory Compliance: Overseeing the regulatory security compliance obligations for licensed businesses in regions like Singapore, MENA, and other emerging markets demonstrating deep expertise and diligent program management.
• Supply Chain Risk and Regional CISO Functions: Owning the Global Software Supply Chain Risk program as well as the CISO functions for the MENA and Singapore regions of regulated businesses showcases the ability to tackle complex security challenges across the enterprise.
• Security and Data Classification Automation: Developing and owning automation products and programs related to security and data classification requires forward-thinking and innovative approach to improving security operations.

Mar 2016 – Sep 2019 · 3 yrs 6 mos · Gurgaon, Haryana, India

• Managing responsibilities related to PCI compliance, data protection, and supplier/service provider risk management.
• 1. Global PCI QSA Team: Being part of the Global PCI Qualified Security Assessor (QSA) team shows deep expertise in PCI DSS compliance and your ability to provide assurance and consulting services to BT group functions.
• 2. PCI DSS Compliance and Assurance for APAC: Leading PCI DSS compliance and assurance efforts across the Asia-Pacific (APAC) region demonstrates the regional leadership and ability to ensure adherence to PCI standards.
• 3. Reviewing and Revising PCI Practices: Keeping up with the evolving PCI Security Standards Council (SSC) guidelines and new requirements, and proactively revising your organization's PCI practices, is a critical responsibility.
• 4. Data Protection and Privacy Compliance: Supporting the organization's compliance with data protection and privacy regulations is a growing area of focus for many enterprises today.
• 5. Supplier Audit and Risk Assessment: Conducting supplier audits and risk assessments to ensure third-party compliance is a key part of enterprise security and risk management.
• 6. Service Provider Compliance Assurance: Providing compliance assurance for the organization's service providers is another crucial aspect of your role, ensuring the entire ecosystem meets expected security standards.
• 7. Information Security Training and Awareness: Leading security training and awareness initiatives helps build a security-conscious culture across the organization, which is invaluable.

Oct 2013 – Mar 2016 · 2 yrs 5 mos

• Managing multiple responsibilities including:
• 1. Strategic Practice Leadership:
• You are leading the practice strategically, which encompasses high-level planning, direction setting, and driving the overall vision and objectives.
• 2. Pre-sales and Customer Engagement:
• Involvement in pre-sales activities and directly engaging with customers showcases the ability to understand their needs, pitch solutions, and build strong relationships.
• 3. Resource Management:
• Effectively managing the resources (people, budget, assets, etc.) required to deliver on the practice's goals is a critical part of my role.
• 4. Project Management and Execution:
• I am responsible for overseeing the successful delivery of projects, ensuring they are completed on time, within budget, and to the expected quality standards.
• 5. Marketing and Branding:
• Contributions to marketing efforts and building the practice's brand presence demonstrate the well-rounded skillset.
• 6. Technical Research and Innovation:
• Staying on top of the latest technical developments and innovations, and incorporating them into the practice, is a key aspect of my work.
• 7. Conducting Webinars:
• Leading webinars to share knowledge and insights with customers and the broader community is an excellent way to position the work and the practice as thought leaders.
• 8. Training and Awareness:
• Providing training and building awareness around the practice's offerings and capabilities helps educate and empower both internal and external stakeholders.

Jun 2010 – Mar 2016 · 5 yrs 9 mos

• Managing the PCI DSS projects end to end for clients
• Performing Quality Assurance for SISA

Jan 2010 – Jun 2011 · 1 yr 5 mos

• Quality Assurer :To review the PCI Compliance reports as per the PCI SSC norms
• Information Security Consultant: To assess organizations to achieve PCI DSS/PA DSS compliance status
• Network Audit
• System Hardening Audit
• Secure storage review including encryption and Key management
• Vulnerability Management
• Access Control review
• Physical security review
• Experience in Internal Quality Assurance for PCI DSS and PA DSS
• Has engineered Compliance Solutions on PCI-DSS for a wide variety of clients from various Industry verticals like Software Development Companies and Business Process Outsourcing companies.
• Well-versed with the Information Security Requirements of various compliance standards like DPA, HIPAA, Cobit, RBI PSS Audit
• On the IT and software companies side conducting several security and system audits covering all most all facets of security- operations, communication, environment, physical, application and business continuity.
• Have been a part of workshop and training sessions conducted by SISA
• Other verticals in PCI certifications spans across companies like Bank, BPO, ODC
• Currently working as project lead

Jun 2012 – Oct 2021 · 9 yrs 4 mos · India

• CISA, CRISC, CISM Trainer
• CISSP Trainer
• Cloud Security Trainer
• Information Security (SANS 301) Trainer
• Cyber Laws Trainer
• PCI DSS Trainer
• Information Privacy
• HIPAA

May 2009 – Jul 2009 · 2 mos · Greater Delhi Area

• IBM (DIAL Delhi International Airport Limited building of Terminal 3; Key Activities Study and Analysis of protection mechanism being implemented in Terminal 3 i.e. Asia's largest Airport Terminal.

Jun 2008 – May 2010 · 1 yr 11 mos · Greater Allahabad Area

• Lecturer for Cryptography, Networks, Mobile computing and Database Management System

May 2007 – Jul 2007 · 2 mos · Noida, Uttar Pradesh, India

• Key Activities Animation on Adobe Flash Player CS3.