Head of Security & Privacy - MoEngage - Bengaluru, India
(2024-01 - 2026-12)
- Spearhead the enterprise Cybersecurity, Privacy, and Data Protection strategy for a global SaaS platform, establishing governance frameworks, security policies, and KPI-driven programs aligned with GDPR, CCPA, DPDP, and SOC 2 compliance standards.
- Architected and operationalized a Secure Product Development Lifecycle (SSDLC) by embedding automated SAST, SCA, and vulnerability management across CI/CD pipelines, enabling risk-based remediation and proactive application security.
- Implemented continuous API discovery, inventory, and governance controls, eliminating shadow and unused APIs and significantly reducing external attack surface exposure across the platform ecosystem.
- Lead customer trust and assurance initiatives, partnering with Sales, Legal, and Product teams to drive security reviews, RFP responses, third-party risk assessments, and contractual security compliance, strengthening enterprise customer confidence.
- Direct enterprise-wide cyber risk assessments, threat modeling, security audits, and control validation programs to continuously elevate organizational security posture and resilience.
- Established a scalable Data Subject Request (DSR) governance framework, ensuring compliant and efficient processing of data access, correction, portability, and deletion requests under global privacy regulations.
- Deployed SOAR-driven incident response orchestration, reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) by 40%, significantly improving security operations efficiency.
- Introduced a Security Champions program within engineering teams, embedding DevSecOps practices and reducing pre-production vulnerabilities by 83%.
- Delivered 100% SLA adherence for GDPR and CCPA Data Subject Requests through workflow automation and cross-functional process optimization.
- Improved security operations productivity by 30% through AI-driven automation of repetitive SOC and governance workflows.
- Implemented Open Source Governance and GPL/AGPL compliance controls, mitigating copyleft and licensing risks while ensuring secure open-source adoption across engineering teams.
Director of Information Security - Indiavidual Learning Ltd (Embibe) - Bengaluru, India
(2021-01 - 2024-12)
- Established a robust enterprise security baseline within 9 months, rapidly maturing security governance, operational controls, and platform resilience.
- Represented the organization's cybersecurity and data protection posture to government agencies and private-sector partners, enabling 49+ strategic MoUs and institutional collaborations.
- Implemented Cloud Security Posture Management (CSPM) solutions to proactively detect and remediate critical and high-risk cloud misconfigurations, significantly strengthening cloud governance and risk visibility.
- Embedded DevSecOps practices by integrating Static Application Security Testing (SAST) into CI/CD pipelines, reducing security-related engineering rework by 25% and improving secure software delivery.
- Built and scaled the enterprise Information Security function from inception, aligning cybersecurity strategy, governance frameworks, and risk management controls with organizational objectives within a rapidly evolving EdTech and digital learning ecosystem.
- Recruited, mentored, and led a high-performing 7-member security team, establishing structured security operations, governance processes, and enterprise security standards to support business growth and platform scalability.
- Designed and implemented enterprise-wide security governance, policies, and risk management frameworks, strengthening compliance posture and embedding security-by-design principles across the organization.
- Collaborated with IT, Cloud Engineering, Product, and Business Leadership to implement risk-based security controls across applications, infrastructure, and cloud-native environments.
- Directed cloud security architecture, web application security, and infrastructure risk management, ensuring protection of critical digital assets and customer data across distributed environments.
- Developed and operationalized enterprise security KPIs, dashboards, and performance metrics, enabling executive-level visibility and continuous improvement of the cybersecurity posture.
- Provided strategic oversight across cybersecurity, IT operations, cloud infrastructure, and HR technology systems, ensuring alignment with enterprise risk management, governance, and compliance requirements.
Information Security Specialist - GRC - Tink AB - Stockholm, Sweden
(2020-01 - 2021-12)
- Played a key role in building the Information Security Governance, Risk, and Compliance (GRC) function within a rapidly scaling fintech and open banking ecosystem, establishing foundational governance structures and risk management practices.
- Designed and operationalized security governance frameworks, policies, and risk assessment methodologies aligned with ISO 27001, regulatory compliance, and financial services security standards.
- Developed comprehensive customer-facing security documentation, assurance artifacts, and compliance responses, reducing client due-diligence and security questionnaire volume by 50% and accelerating enterprise onboarding.
- Implemented a structured Third-Party Risk Management (TPRM) and Vendor Security Assessment program, introducing tiered risk classification, due diligence processes, and ongoing vendor monitoring.
- Partnered with engineering, compliance, and leadership teams to embed risk-based security controls and governance processes across products and operations.
- Contributed to the successful achievement of the organization's first ISO 27001 certification, strengthening security maturity and reinforcing trust with global financial partners and regulators.
Director of Information Security - Zeotap India Pvt. Ltd. - Bengaluru, India / Berlin, Germany
(2016-01 - 2020-12)
- Led the enterprise Information Security and Risk Management program across global operations, driving cybersecurity strategy, governance, and compliance for a rapidly scaling data and customer intelligence platform.
- Designed and implemented GDPR-aligned security and privacy frameworks, strengthening data protection, regulatory compliance, and cross-border data governance across European and global markets.
- Established and operationalized Secure Software Development Lifecycle (SSDLC) practices, embedding DevSecOps controls, application security testing, and secure coding standards into engineering workflows.
- Directed cloud security governance and Cloud Security Posture Management (CSPM) initiatives to proactively detect and remediate cloud misconfigurations and infrastructure vulnerabilities.
- Strengthened change management and release governance frameworks, significantly reducing operational disruptions while improving platform stability and enterprise customer trust.
- Collaborated with executive leadership, product, and engineering teams to implement risk-based security controls across applications, infrastructure, and data platforms.
- Enabled key security certifications, compliance readiness programs, and audit preparedness, enhancing the organization's ability to secure enterprise customers and expand into regulated markets.
- Developed security governance policies, risk registers, and operational security metrics, providing leadership with actionable insights to continuously mature the organization's cybersecurity posture.
Information Security & Business Continuity Manager - Altisource Business Solutions - Bengaluru, India / Plano, USA
(2012-01 - 2016-12)
Security Consultant - GRC & Application Security - PCS | IBM | Aujas Networks - Bengaluru, India
(2008-01 - 2012-12)
