A key contributor to achieving global compliance certifications (SOC 2, ISO 27001, PCI DSS, GDPR, etc.), collaborated cross-functionally to embed security by design, automate workflows, and align data protection practices with business objectives for scalable and sustainable impact. Targeting challenging assignment in SaaS Cloud Information Security with a reputed organization.
PROFILE SUMMARY
Seasoned Information Security professional with over 2 decades of expertise in the fields of cybersecurity, compliance, and risk management, adeptly navigating various regulatory frameworks such as SOC 2, PCI DSS, HIPAA, ISO 27001, GDPR, CPRA, and Data Privacy Framework.
Currently working as Senior IT & Cloud Security Manager at Plivo, Inc., overseeing critical security initiatives and compliance efforts.
Proficient in architecting cloud and endpoint security programs from scratch, implementing proactive monitoring controls, and driving security automation that dramatically reduces manual overhead and incident response times.
Defined and executed a forward-looking cloud security strategy tailored to SaaS operations, ensuring alignment with organizational goals and industry benchmarks.
Anticipated and mitigated evolving security risks through proactive assessments, policy frameworks, and scalable controls across multi-cloud environments.
Identified a critical security vulnerability for a client involving exposed credentials on a public repository, preventing millions in potential financial losses.
Recognized across organizations as a go-to resource for IT security, compliance, and strategic incident response.
Built and nurtured security-first culture by creating awareness programs and mentoring junior staff in compliance protocols.
Enabled executive decision-making with clear risk visibility, while fostering a culture of security awareness and operational agility.
Certifications
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISACA Certified in Risk and Information Systems Control (CRISC)
ISACA Certified in the Governance of Enterprise IT (CGEIT)
ISACA Certified Data Privacy Solutions Engineer (CDPSE)
Certified Information Privacy Technologist (CIPT)
Certified Chief Information Security Officer (CCISO)
Privacy Engineering Certification
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
CompTIA Security+
CompTIA PenTest+
CompTIA Network Vulnerability Assessment Professional
AWS Certified Security - Specialty
Certifications
AWS Certified Solutions Architect - Associate
Certified ATT&CK Cyber Threat Intelligence
Certified ATT&CK Security Operations Center Assessments
ISO 42001:2023 Lead Auditor – Artificial Intelligence Management Systems (AIMS)
ISO 27001:2013 Lead Auditor - Information Security Management System
ISO 27001:2022 Lead Auditor - Information Security Management System
Certified ITIL V4 Foundation - IT Service Management
VMware Certified Associate - Data Center Virtualization
Redis Security
Certified Scrum Master
Cyber Supply Chain Management
Work Experience
Senior IT & Cloud Security Manager
Plivo, Inc.,
Apr 2021 - Current
Acting as the single point of contact for all organizational security, compliance, and privacy-related queries.
Coordinating with external auditors to drive annual compliance certifications, ensuring timely renewals and audit readiness.
Collaborating cross-functionally to design, implement, and monitor security controls across cloud and endpoint infrastructures, aligned with leading compliance frameworks and best practices.
Driving the development and enforcement of advanced security frameworks, improving organizational resilience through deployment of encryption protocols, access controls, and threat detection mechanisms.
Initiating and managing a comprehensive compliance testing strategy, formulating risk mitigation roadmaps, and promoting a culture of continuous improvement.
Assisting Sales and Customer Success teams by handling security questionnaires during client onboarding and audit cycles, strengthening client trust and supporting business growth.
Supporting the Legal team in enforcing privacy policies and ensuring adherence to data protection regulations across organizational operations.
Conducting in-depth security research and breach analysis, including uncovering compromised credentials in a client's public repository—an initiative that saved the client millions in potential losses.
Highlights:
Orchestrated enterprise-wide compliance programs aligned with SOC 2, ISO 27001, PCI DSS, HIPAA, Data Privacy Framework, CPRA, GDPR, and CFA Star Level 1, enhancing regulatory adherence and fortifying the organization’s compliance posture globally.
Introduced automation initiatives that reduced manual effort by 60–70 days annually, significantly improving operational efficiency and incident response times.
Senior Manager - Information Security
Fiserv, Inc.,
Oct 2019 - Apr 2021
Unified global cybersecurity operations by aligning enterprise controls with international compliance frameworks including PCI DSS, SOC 2, GDPR, ISO 27001, ISO 27017, ISO 27018, and ISO 9001, resulting in successful multi-certification audits and sustained regulatory readiness.
Designed and executed a scalable security monitoring roadmap across hybrid environments (on-prem & AWS Cloud), integrating automated controls to enhance threat detection, compliance, and operational resilience.
Led enterprise-wide risk evaluations and incident response enhancements, embedding proactive governance protocols and significantly strengthening the organization’s cyber risk posture and security-first culture.
Assistant Vice President Security
Reward360 Global Services Private Limited
Jul 2018 - Oct 2019
Championed the deployment of enterprise-grade security and compliance frameworks, building foundational governance structures, risk mitigation policies, and control mechanisms tailored to evolving threat landscapes.
Drafted and enforced key cybersecurity policies and standards, while leading the successful implementation of PCI DSS compliance, driving audit readiness and operational excellence.
Architected a 24x7 threat monitoring ecosystem for the e-commerce platform by deploying SIEM tools, Web Application Firewalls (WAF), and automation frameworks, ensuring continuous vulnerability monitoring and rapid incident containment.