top of page

Work Experience

TATA AIA Life Insurance Company Ltd.

Dec'22 - Present

Future Generali India Life Insurance Company Pvt. Ltd.

June'19 - Nov'22

Safe Security (Lucideus Technologies Pvt. Ltd.)

Oct’17 – May’19

Girnar Software Pvt. Ltd. (Cardekho.com, gaadi.com, Collegedekho.com etc)

Feb’16 – Oct’17

Protiviti Member Firm India (India, Kuwait)

July’15 – Feb’16

Yatra Online Pvt. Ltd.

April’12 – Feb’15

Bertelsmann AG (Arvato Services India) (Germany, Hong Kong, and Singapore)

Jan’07 – April’12

Ocwen Financial Solutions Pvt.Ltd. (Mumbai, Bangalore, USA)

Sep’03 – June’06

IGATE (earlier IT&T)

May’01 – Jan’03

Chief Information Security and Data Privacy & Protection Officer (CISO & DPPO)

Heading 5 functions

 

1. Risk, Governance & Compliance

  • Implementing Information Security Frameworks: Develop, implement, and maintain a robust information security framework.

  • Cybersecurity Risk Management: Identify, assess, and manage cybersecurity risks across the organization.

  • Compliance with Regulations: Ensure compliance with regulatory requirements related to information security and cybersecurity.

  • Policy and Procedure Development: Formulate and enforce information security policies and procedures.

  • Risk Assessments: Conduct regular cybersecurity risk assessments and vulnerability analysis.

  • Incident Response: Lead the development and implementation of incident response plans for cyber-attacks or data breaches.

  • Data Protection: Ensure the protection of sensitive data from unauthorized access or breaches.

  • Reporting: Regularly report cybersecurity status, risks, and incidents to senior management and the Board.

  • Training and Awareness: Conduct cybersecurity awareness programs and training for employees.

  • Continuous Monitoring: Oversee continuous monitoring of cybersecurity threats and implement preventive measures.

 

2. IT Information Security Operations (ITSO)

  • Monitoring and Response: Continuously monitor IT systems for security threats, vulnerabilities, and breaches, and respond promptly to any security incidents.

  • Incident Management: Implement and manage a well-defined incident response plan, ensuring timely detection, containment, eradication, and recovery from cybersecurity incidents.

  • Security Infrastructure Management: Oversee and maintain the organization's security infrastructure, including firewalls, intrusion detection/prevention systems, and antivirus solutions.

  • Threat Intelligence: Gather, analyse, and act upon threat intelligence to proactively identify and mitigate emerging security threats.

  • Vulnerability Management: Regularly conduct vulnerability assessments and coordinate patch management to address security weaknesses.

  • Compliance and Reporting: Ensure that IT security operations comply with relevant regulatory requirements and report security metrics, incidents, and compliance status to senior management.

  • Access Control: Manage and enforce security controls related to user access, authentication, and authorization, ensuring that only authorized personnel can access critical systems and data.

  • Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of the organization’s security measures and ensure compliance with policies and regulations.

  • Employee Training: Promote security awareness and provide training for staff on identifying security threats, phishing attacks, and safe online practices.

  • Collaboration: Work closely with other departments (e.g., IT, legal, compliance) to align security operations with business objectives and regulatory requirements.

 

3. Third Party Risk Management (TPRM) and Technology Risk Assessment (TRA)

  • Third-Party Due Diligence: Conduct thorough risk assessments and due diligence before engaging with third-party vendors to evaluate their cybersecurity practices.

  • Contractual Security Requirements: Define and enforce security obligations in contracts with third parties, ensuring compliance with data protection and cybersecurity standards.

  • Continuous Monitoring: Regularly monitor the cybersecurity posture of third parties and the organization's technology infrastructure for emerging risks.

  • Incident Response Alignment: Ensure third parties have incident response plans aligned with the organization’s protocols and ensure timely reporting of incidents.

  • Vulnerability and Risk Identification: Identify, assess, and mitigate technology and third-party risks, including vulnerabilities in systems, applications, and external vendor relationships.

  • Impact Analysis: Evaluate the potential impact of risks on business operations, data integrity, and overall cybersecurity resilience.

  • Mitigation and Control Implementation: Develop and implement risk mitigation strategies, controls, and safeguards to address identified risks.

  • Regular Audits and Reviews: Conduct periodic audits of third-party security practices and technology infrastructure to ensure compliance with established policies.

  • Collaboration and Reporting: Collaborate with internal teams and third parties to address risks and provide regular updates on risk status to senior management.

  • Training and Awareness: Promote ongoing cybersecurity training and awareness programs for staff and third parties to strengthen the organization’s overall security posture.

 

4. Business Continuity Management (BCM)

  • Business Continuity Planning: Develop, implement, and maintain a comprehensive business continuity plan (BCP) to ensure critical operations can continue during disruptions.

  • Risk Assessment and Impact Analysis: Conduct regular risk assessments and business impact analyses (BIA) to identify potential threats and their impact on business operations.

  • Recovery Strategies: Design and implement recovery strategies for key business processes, IT systems, and resources to ensure timely recovery after disruptions.

  • Crisis Management: Lead crisis management efforts during disruptions, coordinating response actions and communication across departments.

  • Regular Testing and Drills: Organize and conduct regular testing, simulations, and tabletop exercises to ensure the BCP is effective, and staff are prepared for emergencies.

  • Compliance: Ensure that the business continuity plan aligns with relevant legal, regulatory, and industry standards, and is regularly reviewed for compliance.

  • Documentation and Reporting: Maintain detailed records of business continuity plans, risk assessments, recovery strategies, and testing activities, and report progress to senior management.

  • Collaboration with Stakeholders: Work with internal departments, external partners, and third-party vendors to ensure their roles and responsibilities are integrated into the business continuity plan.

  • Continuous Improvement: Continuously review and improve the business continuity strategy, incorporating lessons learned from disruptions, tests, and evolving business needs.

  • Training and Awareness: Conduct training and awareness programs for staff to ensure familiarity with business continuity procedures and their roles in the event of a disruption.

 

5. Data Privacy & Protection

  • Compliance Oversight: Ensure adherence to the provisions of the DPDP Act and regulations on data protection.

  • Advisory Role: Advise the organization on data protection obligations, policies, and best practices.

  • Monitoring Compliance: Ensure proper implementation and monitoring of data protection practices.

  • Data Subject Rights: Oversee the handling of data subject rights, including access, rectification, and deletion requests.

  • Impact Assessments: Ensure the performance of Data Protection Impact Assessments (DPIAs) for high-risk data processing.

  • Training and Awareness: Conduct training and awareness programs on data protection principles for staff.

  • Liaison with Authorities: Serve as the main point of contact for regulatory authorities, handling notifications and reporting.

  • Data Breach Management: Oversee the detection, reporting, and management of data breaches.

  • Documentation: Maintain records of data processing activities and ensure proper documentation of compliance efforts.

  • Data Minimization: Ensure data collection and processing follow principles of necessity and data minimization.

Chief Information Security and Data Protection Officer (CISO & DPO)

CISO, Partner & Delivery Head of Enterprise Customer Service (ECS)

Deputy Director of Information Technology & Security

Head of Information Technology & Security

Head of Information Technology & Security

Senior Manager of Information Technology & Security

Senior Technical Service Engineer – Telecom

Sr. IT Executive

Education Qualification

2022-2024

Doctorate in Management Studies with Specialisation in Information Technology Management and Cyber Law (Grade A)

Indian School of Management Studies

2014-2016

Post Graduate Diploma in International Business Strategy (Silver Medal)

Indian Institute of Foreign Trade (IIFT)

2004-2008

Master of Science in Information Technology (MSc IT)

Sikkim Manipal Institute of Technology

1996-1999

GNIIT

NIIT Technologies

1996-1999

Entrepreneurship and Small Business Management

College of Vocational Studies (Delhi University)

Training & Certifications

  • Certified - ISO 27001:2022 LA
  • Certified DCDPO from DSCI
  • Certified TATA Cyber Excellence Assessor Program (CEAP) - Gold Standard.
  • Certified ISO 31000 Risk Management Professional
  • Certified Information Security Professional (CISSP) Training
  • Certified EC Council – C|CISO
  • Certified Information Security Manager (CISM) Training
  • Certified Information System Auditor (CISA) Training
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Certified – Certified Payment Card Industry Security Implementer
  • Certified - PCI-DSS Awareness Training / Session (Approach, Certification and Requirement)
  • Certified - ITIL V3
  • Certified Ethical Hacker (CEH) Training
  • Certified - Cisco Certified Network Associate (CCNA)
  • Certified - Cisco Certified Voice Professional (CCVP)

Technical Know How

  • Security – IMPERVA WAF, Akamai WAF, Bot protection, DNS Security Firewall (Fortinet and Juniper net screen) and Perimeter Security devices, Antivirus (Checkpoint, McAfee Enterprise & Symantec) and IDS/IPS
  • Data Loss Prevention – Symantec, Netskope, Zscaler, Prisma Access
  • Data Classification – Titus, Klassify
  • Database Encryption - Thales, Native and Cloud encryption
  • Database Activity Monitoring (DAM) - IBM Gurdian
  • Attack Surface Management - CTM360, Cyble
  • Vulnerability Disclosure Program & Bug Bounty - YesWeHack
  • Endpoint Encryption – Trend Micro End Point Encryption, Symantec, Checkpoint and SecureAgeServer Security – Trend Micro Deep Security, Palo Alto Cortex
  • Application, Server and Network Security – Checkmarx, Tenable (Nessus)
  • SIEM – Qradar, Microsoft Sentinel
  • SOAR - Logic Apps
  • Email Security - Trend Micro Email Security
  • Breach Attack Simulation - Picus
  • Ticketing Tool – Remedy, Sapphire, Manage Engine
  • Web Filtering – Netskope, Bluecoat, Forecepoit, Barracuda X810 Web Filter.
  • Scripting Languages – Shell, PHP, Python, Perl, etc.
bottom of page