Jan 2025 – Jul 2025 · 6 mos · Abu Dhabi Emirate, United Arab Emirates · Hybrid

• Leading government technology solutions provider delivering digital transformation
• across UAE, Jordan, and Egypt
• CEO Strategic Partnership: Architect government technology security
• roadmap as direct strategic advisor to CEO, aligning digital transformation
• investments with regulatory mandates and citizen trust objectives, partnering
• with CPOs and VPs of Engineering to align product roadmap security.
• Regional Product Security Governance: Established product security frameworks
• across UAE, Jordan, and Egypt operations, reducing security-related product
• delays by 40% for 50+ government digital services through embedded security
• from design through release.
• DevSecOps Center of Excellence: Founded regional DevSecOps practice
• integrating Zero Trust and Shift-Left security, reducing remediation cycles from
• weeks to hours through policy-as-code implementation and continuous security
• validation.
• AI/ML Product Security Innovation: Secured GenAI-based citizen service
• platforms through LLM guardrails, prompt injection defences, and privacypreserving data architectures, improving threat detection accuracy by 35% while
• enabling secure artificial intelligence product features across government
• platforms.
• Hybrid SDLC Design: Architected secure development methodologies spanning
• Waterfall, Agile, and DevOps models, integrating threat modeling, secure coding
• standards, and CI/CD gate reviews into agile product pipelines for rapidly
• evolving government services.
• Cross-Functional Product Leadership: Built integrated product security teams
• including architects, DevSecOps engineers, and security champions across multinational government technology initiatives, serving as virtual CISO for embedded
• agile product delivery teams.

Mar 2024 – Jan 2025 · 10 mos · Dubai, United Arab Emirates · On-site

• Security Assessment and Enhancement:
• Reviewing Current Measures: Regularly assess existing security measures specific to payments and core banking applications.
• Recommendations and Implementation: Propose and implement enhancements to strengthen security in these critical systems.
• Incident Response and Analysis:
• Timely Incident Handling: Swiftly respond to security incidents related to payments and core banking.
• Post-Event Analysis: Conduct thorough analyses after incidents to learn from them and prevent future occurrences.
• Project Management:
• System Upgrades: Develop project timelines for ongoing upgrades in payments and core banking applications.
• Stakeholder Interaction:
• Broad Cross-Section Interaction: Engage with diverse personnel across payment processing and core banking functions.
• Security Education: Explain and enforce security measures tailored to these specific domains.
• Secure System Design:
• Architectural Patterns and Principles: Design secure system architectures for payments and core banking.
• Risk Management: Balance user needs with risk management, ensuring robust security while maintaining functionality.
• Risk Mitigation:
• Vulnerability Impact Assessment: Understand risks posed by vulnerabilities unique to payments and core banking.
• Effective Solutions: Propose practical solutions to mitigate risks in these critical financial systems.
• Security Controls and Business Objectives:
• Recommendations: Suggest appropriate security controls aligned with industry standards.
• Business Alignment: Identify solutions that support business objectives while safeguarding payment and banking transactions.
• Effective Communication:
• Stakeholder Engagement: Communicate widely with other stakeholders, including payment processors, banking partners, and regulatory bodies.
• Risk Assessment: Advise on security technologies and assess associated risks specific to payments and core banking.

Jul 2022 – Apr 2024 · 1 yr 9 mos · Karnataka, India

• Writing strategic plan for the deployment of IT security technologies and program enhancements that keeps ahead of security needs by implementing programs and/or projects that mitigate risks
• Instrumental in planning, buying and roll-out security architecture and assurance that information technology and the network infrastructure is designed with state-of-the-art security practices and standards.
• To integrate IT systems development with security policies and information protection strategies and audit existing systems and provide comprehensive risk assessments.
• Manage, monitor and anticipate security vulnerabilities, cyber-risk and cyber intelligence by keeping abreast of developing security threats, staying-up-to-date with evolving infrastructures and helping the board understand potential security problems that might arise.
• Prioritize, allocate and prepare security resources and financial forecasts for Security Consulting opportunities.
• To collaborate with key stakeholders to establish an IT security risk management program and ensure that IT security protection policies are being implemented, reviewed, maintained and governed effectively.
• To spearhead Security Champions programs focused on DevSecOps adoption and implementation for IT Security track.
• Familiarity with data privacy best practices
• Understanding of GDPR, or other applicable laws and regulations
• Experience in shaping applicable policy/control standards to comply with legal & regulatory obligations.
• Experience with privacy impact assessments (PIAs) and other privacy-focused assessments

Aug 2019 – Aug 2022 · 3 yrs · Karnataka, India

• Championing building DevSecOps Service line and developing innovations for customer demonstration.
• Writing Policy, Standards and Framework for consulting engagements
• Managing Application Security Programs, helping customer land and expand security initiatives.
• Manage and Govern Penetration Testing Program for customers from Energy sector.
• Support Sales and Presales for Proactive and Reactive pursuits.
• Solutioning & Defending RFP as Presale Security Solution Architect.
• Write DevSecOps, AppSec RFP solution document for Large Deals and present POV to C-level.
• Building DevSecOps Training Programs, Demo environment for POC and R&D.
• Conducting Application Security Vendor evaluation and performing Proof-of-concept for Wipro ventures.
• Publishing Whitepapers to establish thought leadership.
• Perform Security Architecture review and Threat Modelling for Healthcare customers. Support pre and post market lauch audit and regulatory review (FEDRAM, NIST, HIPPA).

Oct 2018 – Aug 2019 · 10 mos · County Dublin, Ireland

• Played the Roles of Information Security officer with the aim to implement various security solution/controls for banks to meet legal and regulatory compliance in the areas as below:
• 1. Internal Employee/User Authentication Strategy.
• 2. Security Orchestration ,Automation and Response (SOAR)
• 3. Internal Security Awareness and Training program
• 4. Security Risk Remediation Project ( DUO UPLIFT)

Jan 2018 – Aug 2018 · 7 mos

• Global IT services and consulting corporation providing digital transformation services
• Built offshore security function for World Bank Group scaling from 2 to 200+ product security reviews monthly, partnering with product and engineering leads to embed security from design through release
• Led Telco post-acquisition integration onboarding 2,000+ applications into secure CI/CD pipelines while maintaining development velocity and operational excellence
• Implemented comprehensive ISO 27001 and GDPR compliance enablement across global development initiatives, ensuring regulatory adherence while supporting innovation objectives
• Established security standards for IT platforms aligned with enterprise information security architecture, providing guidance and recommendations based on emerging trends and best practices
• Created controls reviews and system assessments developing risk profiles for IT systems, evaluating efficiency and effectiveness of control environments while maintaining impartiality and producing unbiased reports

Jul 2016 – Dec 2017 · 1 yr 5 mos

• Work with project teams to define security requirements for new systems in line with the enterprise information security architecture.
• Provide security design recommendations based on enterprise information security architecture and solution patterns.
• Provide guidance and assist in the development of security standards for IT platforms in line with the information security architecture.
• Maintain an up-to-date understanding of emerging trends in information security architecture and apply new techniques and trends (in-line with overall information security objectives and risk tolerance of the principle) to the Principle’s information security architecture.
• Perform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment.
• Maintain impartiality around IT systems to produce unbiased reports on information security risk.
• Provide business units with recommendations to reduce information security risk within their areas
• Identify efficiency to improve the performance and responsiveness of the ITSSR information security architecture function.
• Prepare and present security design and architectural review reports to system owners, business units, and other.
• Evaluate Principle's current software security posture and propose mitigation and remediation plans to meet software security assurance requirements.
• Translate technical security deficiencies into business risks that are understandable by business stakeholders in order to get buy-in for security investments.

Jun 2012 – Jun 2016 · 4 yrs · Singapore

• Reported to the CEO and built a full-stack product-security practice that generated SGD 2.16 M in annual revenue with an 18-month pipeline centred on government and financial-services clients across ASEAN.
• Directed up to 8 security consultants on simultaneous engagements—web / mobile penetration tests, infrastructure VAs and ISO 27001-aligned security audits—delivering 100 % on-time, on-budget performance.
• Authored the firm’s security framework, policies, and SOPs, providing a governance backbone for all projects and boosting audit pass-rates to 95 %+.
• Designed and productised in-house tool-kits (automated scanner, reporting dashboards), cutting assessment cycle-time by 30 % and creating a new resale line item.
• Partnered with client CISOs and regional SIs to map business objectives to security road-maps and regulatory mandates (MAS TRM, PDPA, ISO 27001).
• Led pre-sales for RFP / tender bids—drafting SoWs, running live demos, and lifting win-rate from 28 % → 46 %.
• Built and nurtured a 6-person offshore CoE in Chennai, delivering follow-the-sun support and security-awareness workshops that reduced onsite travel costs by 22 %.

Oct 2010 – May 2012 · 1 yr 7 mos · Singapore · On-site

• Steered validation for 5-7 simultaneous e-commerce & CRM releases each quarter, crafting risk-managed test plans and rapid root-cause troubleshooting for HP printer-business websites in 72 countries and 26 languages.
• Managed a US $1.2 M annual QA budget; tightened scope controls and contingency reserves to curb cost overruns by ≈ 15 % (~ US $180 K).
• Recovered an average 12 % schedule slip on critical launches by fast-tracking bug triage and arranging weekend migration windows.
• Built and led a 12-person Shanghai test & automation team in four months, performing detailed LOE/skillset estimates that cut vendor spend by 22 % and enabled 24×5 follow-the-sun coverage.
• Developed a Selenium-based localisation automation harness that grew nightly test execution from 900 → 1,200 cases (+33 %) and drove defect-escape rate below 0.6 %.
• Maintained the ITG / HP-ALM environments for 70+ projects, orchestrating quarterly “MTP” releases with zero unplanned downtime.
• Rolled out TDD practices and a Jenkins CI pipeline for middleware components, boosting release quality scores from 78 % to 93 %.
• Co-ordinated deliveries with four external vendors and dev teams across Singapore, China, and India, achieving 100 % compliance with HP global QA standards.

Aug 2008 – Jun 2010 · 1 yr 10 mos · Pune Area, India

Jun 2007 – Jun 2008 · 1 yr · Chennai Area, India

Jan 2006 – Jan 2007 · 1 yr · Vadodara Area, India