Jan 2025 – Present · 1 yr 4 mos · Florida, United States · Remote

• 1. Generating Qualified Referrals: Actively identify and refer potential customers who could benefit from OneTrust's solutions.
• 2. Collaborating with OneTrust: Work closely with OneTrust to ensure successful customer engagements and implementations.
• 3. Maintaining Certifications: Stay updated with OneTrust certifications and continuously enhance expertise in areas like Consent, Privacy, AI, Third-Party and Tech Risk, and Data Governance.
• 4. Upholding OneTrust Values: Embrace and promote the values of integrity, customer success, innovation, teamwork, and continuous learning.
• 5. Accessing Resources and Support: Leverage OneTrust's enablement resources, training, and support to grow your trust intelligence practice.
• 6. Differentiating Your Portfolio: Develop and expand your solution portfolio to provide unique value to customers.
• 7. Unlocking Revenue Opportunities: Identify and pursue new revenue opportunities through the partnership.

Jul 2024 – Present · 1 yr 10 mos · Pune, Maharashtra, India · On-site

• As CEO, my vision extends beyond compliance; it's about steering organisations towards a future where Digital Trust is their most invaluable asset. This means not only protecting sensitive information but also establishing a culture of accountability, transparency, and ethical conduct that transcends traditional business goals.
• Promoter of Data Privacy and Compliance
• This position involves promoting a culture of privacy within the organization, educating employees on best practices, and ensuring compliance with data protection policies and procedures.
• Key Responsibilities:
• 1. GDPR Compliance:
•  Ensure the organization complies with GDPR requirements.
•  Monitor data processing activities to ensure they align with GDPR principles.
•  Maintain and update records of data processing activities.
•  Serve as the primary point of contact for GDPR-related queries and issues.
• 2. Data Privacy and Protection:
•  Develop and implement data privacy policies and procedures.
•  Conduct regular audits to ensure compliance with data privacy standards.
•  Collaborate with IT and security teams to ensure robust data protection measures.
•  Manage data subject access requests (DSARs) and ensure timely responses.
• 3. Privacy Compliance:
•  Stay updated on global data protection laws and regulations.
•  Conduct privacy impact assessments (PIAs) for new projects and initiatives.
•  Train employees on privacy and data protection best practices.
•  Develop and distribute privacy awareness materials and campaigns.
• 4. Incident Management:
•  Lead the response to data breaches and privacy incidents.
•  Investigate and report data breaches to relevant authorities within required timeframes.
•  Implement corrective actions to prevent future incidents.
• 5. Stakeholder Engagement:
•  Collaborate with legal, HR, and compliance teams to ensure integrated privacy management.
•  Engage with external stakeholders, including regulators and customers, on data privacy matters.

Feb 2023 – Apr 2023 · 2 mos · Amsterdam, North Holland, Netherlands · Remote

• DPO-Data Privacy & Protection Officer-Role & Responsibilities:
• Expertise in GDPR,CCPA and related data privacy regulations, ensuring strict compliance.
• Proficient in identifying organizational data types, storage, and access methods.
• Conducting data protection assessments, maintaining detailed records of processing activities.
• Acquiring technical skills for data safeguarding and breach prevention.
• Effective communication in promoting data privacy picture.
• Documenting policies, procedures, and incidents for compliances.
• Skills: GDPR, CCPA, Compliance Management, Regulatory Compliance, Privacy Policies, Data Protection Act, Privacy Law,
• Data Security, Privacy Regulations, Privacy Compliance.

May 2022 – Jun 2024 · 2 yrs 1 mo · Amsterdam, North Holland, Netherlands · Remote

• After contributing to the success of JPMorgan & Chase Comp. as Security Architect, My position was impacted by recent organizational changes . While this was unexpected, I am viewing it is an opportunity to explore new challenges and bring my expertise in GDPR, Data Privacy and Protection.
• Here's what I've been doing since then:
• Finished in 2023 three months "Virtual Internship Experience Program-Data Privacy and Protection" from Privacy Career Experts, Netherlands.
• Working towards a Professional certificate on OneTrust for the "Data Privacy and Protection" course. And IC2 for the "CISSP" course. I've time-blocked 10 hours a day for this course and at this rate I will complete it within 60 days.
• My signature's Achievement 2022-2023-2024:
• ✔ GDPR, Data Privacy & Protection 29x Certification from One Trust, USA.
• ✔ Privacy Engineering 7x Certification from Data Protocol-Privacy Engineering Certification!,USA.
• ✔ Our Privacy Opportunity Certification from OpenMined, New York, USA.
• ✔ Technical Privacy Engineering Certification from Privado.AI, USA.
• ✔ PrivacyOps Certified Privacy Professional from https://www.linkedin.com/redir/phishing-page?url=Security%2eAI, USA.
• ✔ AI Governance Certified, AI Security & Governance Certified from Security.AI, USA.
• ✔ API Security 8x Certification from APISec University, USA.
• ✔ Threat Modeling Certification from IriusRisk, USA.
• ✔ Information Security, Networking, Programming 22X Courses from Cisco Networking Academy, USA
• ✔ Information Security 20X Courses from ITProTV, from ACI Learning, USA.
• ✔ Vulnerability Assessment and Penetration Testing from 15X Courses from Codered+EC-Council,USA.
• Bootcamp's/Webinar/Workshop/YouTube Channels and Podcast attended of Privacy Laws' on countries from Privacy Career Experts, Europe.
• Bootcamp's/Webinar/Workshop attended on all IAPP Privacy Certifications
• Other Security Courses from (Codered+EC-Council, Microsoft, CISCO, Qualys and ITPro, from ACI Learning, USA).

Dec 2021 – Apr 2022 · 4 mos · Pune, Maharashtra, India · On-site

• Vulnerability Assessment and Penetration Testing.
• Threat Modeler-Threat Modeling.
• Checkmarx-IAST-Source Code Scan
• API Security Testing-Postman.
• AWS Cloud Security

Jul 2021 – Aug 2021 · 1 mo · Colorado Springs, Colorado, United States · Remote

• Information Security-Vulnerability Assessment/Penetration Testing.
• HIPAA Security Compliance Audit.
• ISO 27001 Compliance officer-Compliance Audit.

Oct 2019 – Jan 2020 · 3 mos · Greater Hyderabad Area · On-site

• Source Code Review.
• IoT Penetration Testing.
• Network Architecture Review.
• JAMA/JIRA Security task.
• DevOps Security Team Member, involved in security CI/CD part.

Oct 2019 – Jan 2020 · 3 mos · Hyderabad, Telangana, India · On-site

• Source Code Review-Checkmarx
• IoT Penetration Testing.
• Network Architecture Review.
• JAMA/JIRA Security task.
• DevOps Security Team Member, involved in security CI/CD part.

Aug 2017 – Jun 2019 · 1 yr 10 mos · Mumbai Area, India

• Conduct Vulnerability Assessment and Penetration Testing through Automated tools and providing the recommendations toward the mitigation of vulnerabilities
• Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
• Map out a network, discover ports and services running on the different exposed network and security devices
• Conduct penetration test and launch exploits using Nessus, Metasploit, Kali Linux penetration testing distribution tools sets
• Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities,
• data hiding, network security, and encryption.
• Analyze scan reports and suggest remediation / mitigation plan
• Keep track of new vulnerabilities on various network and security devices for different vendors
• Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
• Experience on network vulnerability scanning penetration testing
• Experience with Nessus NetCat, NMAP Backtrack, Metasploit, , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone)
• Overall experience in the field of Information risk and security related initiatives/ projects
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security,
• Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro)
• Strong ethics and understanding of ethics in business and information security
• Conduct review, Network VA/PT and App VA/PT work
• Understanding and familiarity with common code review methods and standards

Apr 2017 – Jul 2017 · 3 mos · Navi Mumbai

• A PCI QSA Company in New Mumbai
• I am involved in Payment Card Industry-Data Security Standard Compliance Audits, Information Security Audits.
• I am a part of multiple projects relating to BFSI, Payment Gateways, IT Companies, and M-commerce organizations.
• Conduct Vulnerability Assessment and Penetration Testing through Automated tools and providing the recommendations toward the mitigation of vulnerabilities
• Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
• Map out a network, discover ports and services running on the different exposed network and security devices
• Conduct penetration test and launch exploits using Metasploit, Kali Linux penetration testing distribution tools sets
• Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities,
• data hiding, network security, and encryption.
• Analyze scan reports and suggest remediation / mitigation plan
• Keep track of new vulnerabilities on various network and security devices for different vendors
• Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices.
• Audit configuration of Network and Security devices
• Experience with Nessus NetCat, NMAP Backtrack, Metasploit, , HPing, and similar tools set like RetinaCS, Qualys, McAfee
• Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest,
• Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, BurpSuite Pro)
• Understanding and familiarity with common code review methods and standards
• Experience with code scanning toolsets such as HPFortify.
• Understanding of HTTP and web programming

Jun 2015 – Mar 2017 · 1 yr 9 mos · Mumbai Area, India

• A PCI QSA Company in New Delhi
• I am involved in Payment Card Industry-Data Security Standard Compliance Audits, Information Security Audits.
• I am a part of multiple projects relating to Banks, Payment Gateways, E-commerce, IT Companies, E-commerce and M-commerce organizations, Tele Communications and BPOs.
• Successfully handling and executed various projects including:
•  Consultant-IT Security, involved in (PCI-DSS) Payment Card Industry Data Security Standard Compliance and Audits.
•  Conducting PCI audit and handling multiple projects of National and International Banks, Payment Gateways, E-commerce industries, Tele-Communications, BPOs, Retail, Airlines Industries and etc.
•  Reviewing information security controls, application secure code (OWASP TOP 10, SANS 25) and database for potential vulnerabilities and exploits.
•  Identify security risks and develop solutions to eliminate or minimize risks.
•  Implementing a Centralized Log Monitoring and File Integrity Monitoring tools.
•  Maintaining and handling major phases of PCI DSS cycle project (Gap Assessment, Remediation Plan, Final Audit, and Drafting Report).
•  Assisting client organizations to ensure the safe handling of credit card data and cardholder information at every step of their business environment (Servers, Databases, Networks, Payment Applications, Online transactions and etc.)
•  Defining scope in accordance with PCI DSS and also assist the client to put the appropriate controls to meet the PCI DSS compliance standard.
•  Assisting client to meet with all Policies, Procedures, Standards and Configurations documents
• as per (NIST, CIS, Cert) guidelines.
•  Verifying the evidences share by the clients to meet with PCI requirements.
•  Preparing ROC, AOC and COC, which provide details about the entity’s environment, assessment methodology, documents and entity’s compliance status for each PCI DSS requirement.

Mar 2014 – Jun 2015 · 1 yr 3 mos · Pune

• Performed manual web application security testing against one of Xero’s ancillary applications using Portswigger Burp and recovered some unreported issues.
• Demonstrated what an attacker would do when gathering information about Xero from publically available resources.
• Performed scanning on Zero’s internal, semi-public and public networks to look for running devices, operating systems and host information.
• Performed scanning on networks using Nessus Vulnerability Scanner and submitted an executive summary that outlined the details of any issues discovered.

Jul 2012 – Dec 2012 · 5 mos · Pune Area, India

• Delivered as a hard copy for security reasons.
• Detailed report on the hacking attack. Analysis of Host Scanning.
• Foot printing. Information Gathering. Security Testing, Vulnerability Testing.
• Scanning the port using Advanced Port Scanner.
• Vulnerability Assessment Report. Passive Information Gathering.

Sep 2004 – Nov 2008 · 4 yrs 2 mos · Nashik · On-site

• Banking workflows /Data Integrity Issues /security and access issues. Recovery Testing/All the
• above needs to be tested in the expected banking environment (Hardware, LAN, OP Sys, Domain
• configurations, databases). Reviewing of Test Cases/Scripts for complete product.
• Vulnerability are detailed and patches are suggested. Delivered to development team as a hard
• copy for Security reasons of Banking Transaction environment.
• Designing of new Test Plan and Test Cases.
• Maintaining the issues in QA Status Report and maintaining the bugs.
• Vulnerability are detailed and patches are suggested. Delivered to development team as a hard
• copy for Security reasons.