Swapnil Kotawadekar — Associate Partner

I am a cyber security enthusiast with 10 years of experience in core cyber security areas, including technical assessment, compliance, and audit. My technical expertise includes: 1. Firewall ruleset review 2. Vulnerability assessment 3. Internal and external vulnerability assessments and penetration testing 4. Web application penetration testing 5. Segmentation testing 6. Network architecture review 7. Wireless scanning I have extensive experience with PCI-DSS, having worked with banks, BPOs, data centers, service providers, and merchants. Throughout my career, I have conducted over 400 assessments across the globe, including regions such as the Middle East, APAC, and the USA. My technical knowledge has been instrumental in conducting high-quality PCI-DSS assessments and has also helped in performing technical evaluations like PADSS (which was sunset by PCI SSC in 2022) and 3DS. In addition, I have over 2 years of experience in HITRUST, primarily working with US-based healthcare industry. I established and led quality assurance operations at Accorian, achieving a 98% improvement in quality. I also trained team members on HITRUST processes and raised awareness about HITRUST. I successfully managed complex HITRUST clients and ensured timely delivery of projects, complemented by my experience in a Big Four firm. My experience in CISO operations has been invaluable during audits, as it allows me to understand clients' mindsets more effectively. I hold several certifications, including ISC2 CISSP, AWS Solution Architect, PCI-QSA, ISO 27001 Lead Auditor (LA), Lead Implementer (LI), ISC2 SSCP, ISC2 CC, and CEH. These certifications helped a lot in understanding the technicality of the client during an audit. With Python, I love to develop scripts that make my and my team's tasks easy.

Stackforce AI infers this person is a Cybersecurity Consultant specializing in compliance and risk management for Finance and Healthcare sectors.

Location: Thane, Maharashtra, India

Experience: 10 yrs 7 mos

Skills

Hitrust
It Risk Management
It Audit

Career Highlights

Conducted over 400 global PCI-DSS assessments.
Achieved 98% improvement in quality assurance operations.
Expert in HITRUST processes for the healthcare industry.

Work Experience

Accorian

Associate Director (2 yrs 1 mo)

Senior Manager (1 yr 3 mos)

SBI Capital Markets

Deputy Manager (7 mos)

PwC India

Senior Associate (6 mos)

_VOIS

Deputy Manager (7 mos)

ControlCase

Cyber Security Consultant (2 yrs 9 mos)

Cyber Security Consultant | QA (2 yrs 4 mos)

Associate Cyber Security Consultant (7 mos)

Education

Master of Science (M.Sc.) at Ramnarain Ruia College - Mumbai

certification in cyber law at Symbiosis Centre for Distance Learning

Bachelor of Science (B.Sc.) at K V Pendharkar College of Arts Science and Commerce

H.S.C at ADARSHA COLLAGE

S.S.C at SHRI KRUSHNA KHAMKAR SCHOOL

Master of Science - MS at University of Mumbai

Swapnil Kotawadekar

Associate Partner

Thane, Maharashtra, India10 yrs 7 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Conducted over 400 global PCI-DSS assessments.
Achieved 98% improvement in quality assurance operations.
Expert in HITRUST processes for the healthcare industry.

Stackforce AI infers this person is a Cybersecurity Consultant specializing in compliance and risk management for Finance and Healthcare sectors.

Contact

kotawadekar456@gmail.com LinkedIn

Skills

Core Skills

HitrustIt Risk ManagementIt Audit

Other Skills

ISO 42001Artificial Intelligence (AI)Vulnerability AssessmentVulnerability Assessment and Penetration Testing (VAPT)Payment Card Industry Data Security Standard (PCI DSS)

About

Experience

10 yrs 7 mos

Total Experience

2 yrs 1 mo

Average Tenure

3 yrs 3 mos

Current Experience

Accorian

2 roles

Associate Director

Promoted

Apr 2024 – Present · 2 yrs 1 mo · Bengaluru, Karnataka, India · On-site

IT Risk ManagementHITRUST

Senior Manager

Feb 2023 – May 2024 · 1 yr 3 mos · Bengaluru, Karnataka, India · On-site

IT Risk ManagementHITRUST

Sbi capital markets

Deputy Manager

Jul 2022 – Feb 2023 · 7 mos · Mumbai, Maharashtra, India · On-site

Responsible for handling all cybersecurity operation of SBI Caps.
Working directly with SBI Capital CISO.
Track and maintain & work on KPI’s and KRI’s.
Prepare a audit plan and track on-time delivery of cybersecurity activities and audits.
Participate and coordinate in cybersecurity audit.
Conduct awareness training, Phishing drill.
Co-ordinate between vendors, IT team to get cyber security activities done.
Suggest compensating control for vulnerabilities observed in VA/PT to reduce risk.
Review of all cyber security activity report like internal VA, PT, firewall ruleset, APT etc. and provide final approval on same.
Prepare and maintain Policy and procedure.
Monitor and track SOC alert and follow up with IT team for closure.
Prepare PowerBI visual dashboard for Board meetings.
Maintain and track all cybersecurity operations.
Responsible for monitoring DLP event.
Responsible for raising incidents and finding root cause.
Provide technical & suggestions help to IT team.

IT Risk Management

Pwc india

Senior Associate

Jan 2022 – Jul 2022 · 6 mos · Mumbai, Maharashtra, India · On-site

1. Responsible for performing application architecture review, network architecture review for middle east government projects.
2. Responsible for performing internal Vulnerability assessment and penetration testing.
3. Responsible for performing web application penetration testing.
4. Create Visual report using PowerBI for final presentation.
5. Knowledge of PowerBI.

IT Risk Management

_vois

Deputy Manager

Jun 2021 – Jan 2022 · 7 mos · Pune Division, Maharashtra, India · On-site

Worked in Secure by Design operation.
Responsible for performing risk assessment of firewall assurance.
Review network architecture diagram to ensure compliance with Vodafone standard.

IT Risk Management

Controlcase

3 roles

Cyber Security Consultant

Aug 2018 – May 2021 · 2 yrs 9 mos · Mumbai, Maharashtra, India · On-site

Working as a PCI QSA to perform PCI DSS audit.
Responsible for performing audit and ensuring compliance of client from start to end certification cycle of PCIDSS.
Detailed knowledge of PCIDSS, PADSS controls and compliance.
ROC writing experience.
Performed onsite assessment of banks, BPO's and data centers.
Performed evidence collection, validation and ROC writing.

IT Risk ManagementIT Audit

Cyber Security Consultant | QA

Promoted

Apr 2016 – Aug 2018 · 2 yrs 4 mos · Mumbai, Maharashtra, India · On-site

Performed offsite assessment for banks, Payment gateways, Payment aggregator, BPO's and data center.
Detail knowledge of PCI DSS requirement and controls (3.2.1)
Responsible for performing QA to ensure scoping of client is as per PCIDSS.
Responsible for performing QA to ensure provided evidence as per PCI DSS standard.
Responsible for validating audit evidence as per PCIDSS standard.
Responsible for writing ROC for PCI DSS.
Performed Onsite audit for PADSS ( payment application data center security standard )
Performed technical audit of PADSS to find trace of cleartext SAD (Sensitive authentication data).
Detailed knowledge of PADSS standard.
Detailed knowledge of key management and encryption.
Detailed knowledge of CIS benchmark.

IT Risk ManagementIT Audit

Associate Cyber Security Consultant

Sep 2015 – Apr 2016 · 7 mos · Mumbai, Maharashtra, India · On-site

Responsible for performing network penetration testing & web application penetration testing from internal and external perspective.
Conduct application penetration testing (OWASP & functional flaws).
Responsible for performing firewall ruleset review to ensure firewall compliance.
Responsible for performing segmentation testing to ensure PCI segmentation.
Recommend compensating control to lower down risk.
Experience of using Nessus, Nexpose, Burp, Kali Linux and other tools.

IT Risk ManagementIT Audit