Aug 2021 – Mar 2023 · 1 yr 7 mos

• Lead Security Compliance, data privacy and technology audit function with in cloud business unit in an agile dev-sec-ops environment. (From design to execution)
• Ensured cloud business unit is meeting the requirements of PCI (ROC) , SOC2, ISO 27001, ISO 27017, ISO 27018 along with privacy readiness requirements of GDPR, CCPA etc. Also collaborated with external auditors and various internal functions to support the renewals.
• Worked closely with various functions includes - cloud ops, engineering, Dev, QA etc and planning out the dependencies for delivery in regards with security and compliance.

Jul 2017 – Jul 2021 · 4 yrs · Greater Bengaluru Area

• Reported to Global CISO
• Lead Diageo's global digital technology security, compliance portfolio and established governance. Provided technology risk advisory guidance to leadership team and ensured establishment of controls to protect global digital websites, consumer data, customer data and maintain overall digital compliance posture (GDPR Regulation, PCI standard.)
• Worked closely with P&L leaders to support omni channel digital transformation strategy of e-commerce, POS, online ticketing, QR code, onplatform and off platform websites and ensure enablement of technology solutions with secure by design principles and maintain holistic security compliance posture.
• Oversight technology risk assessment, technical vulnerability remediation across digital portfolio and provide advisory.Established governance and measure effectiveness of the controls implemented.
• Maintained oversight governance to PCI compliance matrix.
• Collaborated with various internal teams such as platform owners, application owners, Enterprise Architecture, security operations, Cyber threat management, digital technologist, Consumer data governance, Legal, social media and brand teams to support various strategic initiatives with in Digital footprint.
• Ensured Diageo have the right mechanism of tools and technologies to identify, protect, detect, monitor & respond to various Digital risk channels. Evaluated vendor product capabilities which can cater to meet organizational needs.
• Involved in budgeting, planning and working closely with overall cyber strategy.
• Lead the Global security assurance for cloud application and services, Digital services, RPA services etc.
• GDPR security assessment, review controls and provide recommendation, asses implementation and review risk mitigation.
• Involved in setting up cloud security strategy - Identify the cloud security posture,map it to the enterprise risks and propose risk mitigation plan. Set up clear business objective and outcome.

Sep 2016 – Jun 2017 · 9 mos · bangalore

• worked as a Cloud Security - Technology Risk Consultant :
• Business impact analysis, Design reviews, Third Party Technology Risk assessments - for Cloud Security Services, Traditional IT, Network Security, Application Security,Data Privacy,PCI DSS etc.
• Performed Security exhibit contract reviews. Identified technology Risk areas, Proposed Risk remediation recommendation, validated mitigation, participated in security project implementation.

Sep 2011 – Aug 2016 · 4 yrs 11 mos · Bengaluru Area, India

• Consulting Sector - Power and Water, Energy Management, Oil and Gas, Banking.
• Vulnerability Management & integration program for Application, Infrastructure and cloud assets, Enterprise Risk management, Technology Risk Assessment,Cloud security assessments, Design reviews,Governance and compliance, ISO 27002 implementation, IT Audit, SOD reviews, Change management review, asset Management, System classification, Application toll gate review, handling Security exception, Security approval for change execution, driving COP session for cyber Security awareness across delivery.

Jun 2010 – Sep 2011 · 1 yr 3 mos

• Firewall configuration, configuration of router/switch, Network monitoring, end- point health monitoring, Maintain IT compliance and facilitate in IT audit, Confonet database update, Computerization of consumer forum.