Dec 2024 – Feb 2026 · 1 yr 2 mos

• Responsible for risk identification, assessment, and mitigation across Risk & Compliance functions, with a specific focus on operational risk, including technology risks, and compliance gaps.
• Conducted periodic High-Level Assessments to evaluate aggregated risks, controls environment, and risk direction, presenting findings and proposed mitigations to the Executive Committee of the Chief Risk Officer.
• Conducted Risk and Control Self-Assessments (RCSA) and evidence-based control assessments to ensure effective risk management. Reviewed Key Risk Indicators (KRIs) across Risk & Compliance to ensure comprehensive coverage of financial and non- financial risks, and developed new KRIs to enhance risk monitoring and management.
• Oversaw internal audit and regulatory findings, ensuring timely resolution and compliance with policies and standards, while developing best practices to educate stakeholders on effective issue management.
• Established risk forums and meetings to facilitate collaboration and effective risk management among relevant stakeholders.
• As BISO – Risk & Compliance
• Responsible for development and implementation of information security strategies, policies, and procedures to align with organizational objectives and regulatory requirements.
• Conducted periodic risk assessments, and implemented controls to mitigate information security risks, ensuring compliance with BNY’s policy expectations.
• Led incident response efforts, coordinated with stakeholders, and implemented security measures to prevent and respond to security breaches, ensuring the confidentiality, integrity, and availability of confidential information.

Sep 2021 – Nov 2024 · 3 yrs 2 mos

• Spearheaded Technology Compliance organization across APAC, EMEA, and Americas, ensuring BNY's adherence to regulatory requirements and industry frameworks (such as NIST, MAS, OCC/FRB) across key IT domains (such as Cloud Computing, Cybersecurity, Data Management, Identity & Access Management), through assessing applicability and impact of new and amended laws and regulations.
• Conducted comprehensive reviews and assessments of Artificial Intelligence guidelines and regulations, including EU's AI Act, Model AI Governance Framework, and MAS Guidelines on Responsible Use of AI, to ensure organizational compliance and responsible AI development.
• Provided credible challenge and oversight on responses to regulatory requests for information and submissions

Oct 2020 – Sep 2021 · 11 mos

• Conducted cybersecurity risk assessments across key IT domains, including Network Security, Cloud Security, Application Security, and Identity & Access Management, evaluating controls in line with industry standards such as NIST Cybersecurity Framework, ISO 27001, and MAS Cyber Security guidelines. Delivered position papers on regulatory policies and their impact on Barclays Technology and Cyber security strategy.
• Conducted independent review and analysis of responses to regulatory requests, onsite examinations, and meetings, providing governance and shaping responses.
• Managed the Horizon scanning capability by identifying regulatory penalties/actions and Technology events, and carried out proactive assessments to ensure Barclays' preparedness and controls environment posture.

Oct 2018 – Oct 2020 · 2 yrs

• Oversight and advisory on technology risk identification, risk assessment, risk mitigation & response and risk reporting across technology to operate within risk appetite and in compliance with Barclays Control Framework.
• Conducted information security reviews and risk assessments of technology projects and systems, providing recommendations for improvements.
• Conducted gap assessments, including compliance assessments, against regulatory standards (e.g., MAS TRM Guidelines, HKMA Cloud Security, RBI Cyber Security Statutory Audit).

Mar 2017 – Oct 2018 · 1 yr 7 mos · Pune/Pimpri-Chinchwad Area

• Conducted comprehensive Technology and information security risk assessments across divisions and tech centers, including domains such as secure development, endpoint security, business continuity, and high-value payment applications.

Mar 2015 – Feb 2017 · 1 yr 11 mos · Pune/Pimpri-Chinchwad Area

Mar 2011 – Aug 2014 · 3 yrs 5 mos · Greater Jaipur Area

Aug 2014 – Feb 2015 · 6 mos · Greater Hyderabad Area

May 2008 – Mar 2011 · 2 yrs 10 mos · Gurugram, Haryana, India

Jul 2006 – May 2008 · 1 yr 10 mos · Greater Jaipur Area

May 2005 – Jun 2005 · 1 mo · Mumbai Metropolitan Region