Summary
Overview
Work history
Education
Skills
Certification
Timeline
Generic
Gaurav Benjamin

Gaurav Benjamin

Orpington,Bromley

Summary

Accomplished professional with extensive expertise in GDPR implementation and compliance, PCI DSS and ISO 27001 audits, and payments strategy and fraud management. Demonstrates proficiency in quality assurance for retail business, IT controls review and remediation, infrastructure technology assessments, cyber risk management, vulnerability assessments, ITIL process design and reviews, information risk management, information governance and service improvement. Skilled in business continuity management audits and project management with a strong focus on compliance across GDPR, PCI DSS, ISO 27001, ITIL, Indian IT Act, NESA, NIST 800-53. Possesses experience in airline operations and retail business alongside knowledge of banking and payment gateways. Familiarity with IDAM/SSO and security solutions further enhances capability to drive strategic initiatives within complex environments.

Overview

22
22
years of professional experience
2005
2005
years of post-secondary education
1
1
Certification

Work history

Reserve Bank of India (RBI)
  • RBI Working Committee Guidelines Audit & IT Policy Design
  • RBI gap assessment
  • Designing IT governance, policy & strategy

Voice & Video deployment
  • Secure infrastructure deployment for client
  • Working with various Infrastructure development groups to assist in the security testing, deployment, upgrades and support & optimization of new technology rollouts related to LAN, WAN, VoIP, Video service lines
  • Involved in Secure data and voice infrastructure between collocations to local offices also implementing secure, redundant and resilient solutions for the data and voice Infrastructure for Primary and the Disaster Recovery Sites

Network operations centre
  • Operations at NOC
  • Served as a team lead of Network Operations (NOC) to provide consultation and leadership to facilitate efficient control and maintain the confidentiality, integrity & availability of various policies & procedures across the organization.
  • Prioritize and schedule tickets and issues. record, track, and document the help desk request problem-solving process and ensured final resolution of the issue
  • Technical troubleshooting of customer networks ( changes in routing, switching & secure configurations of layer-3 devices)
  • Assessed, planned Change Management process. Represented weekly change advisory board (CAB) meeting and facilitated stakeholder analysis & impact assessment
  • Created the Incident, Change, Problem, Asset management processes, while designing clients service catalog and designed workflows

Data Privacy & Compliance Controller

Emirates Airlines
01.2014 - 01.2026
  • As a data privacy and compliance controller, one of my many responsibilities includes managing the PCI DSS & GDPR portfolio for Emirates Group. As a PCI DSS ISA, perform compliance audits and provide guidance for PCI DSS implementation and assessment project, also responsible for supporting new initiatives and tracking development of the project delivery and implementation. Further added responsibilities included doing business and assurance audits for retail business for EK and dnata group businesses which includes group subsidiaries and other acquired business units across the globe. Current experience also includes my work in various areas of business domains, security domains Cyber Security & IT controls reviews, thus managing the risk compliance dashboards for engagements performed and ensuring completion of tasks in specified timeframes. Performing audits and providing recommendations for standard ITIL implemented process improvements and ensuring the compliance as per defined standards.
  • Internal organization management of Information Technology, Business process & Information systems
  • Managing and implementation of GDPR adherence for Emirates Group
  • Active member of Data Privacy Office as part of GDPRProject
  • Conducting PCI audits and other regulatory audits for Emirates Group &Subsidiaries
  • Perform Information security risk assessment ensuring compliance with the policy
  • Managing compliance requirements against globalstandards
  • Business Impact analysis for critical business functions
  • Perform critical project management duties in the planning, scheduling, coordinating, reviewing and reporting of the work of audit reports for multiple concurrent projects
  • Manage compliance in Online Payment services by liaising with commercial/vendors and control fraud risk exposure for Emirates Group worldwide in coordination with group fraud management vendor
  • Accountable for streamlining business process workflows and participating in automation process to cope with ever changing market needs, compliance & regulatoryrequirements
  • Member in core steering group for all stakeholder management externally (Global – WorldPay / Elavon & Regional – Payfort/ Network International) and internally (Finance, Commercial, Legal, IT, etc.)
  • Responsible for the effective functioning of ‘payment set-up’ in line with compliance requirements and actively participating in decision making for formulation of new payment schemes in areas Sky Cargo, Ticketing desks affecting the group bottom line

Professional Services Consultant

Verizon Business
12.2011 - 12.2013
  • Holding up to a track record of constructing efficacious information security policies/standards/processes, conducting security architecture reviews and security audits for banks, payment gateways and Service providers, I own up to the successful completion of all my engagements within the projects successfully. Below mentioned sections details my work in various areas of Governance, Risk and Compliance domains.
  • PCI DSS Gap Assessment, Implementation & Issuance of Final Report on Compliance
  • Planning & performing PCI Audits for Merchants, Acquirers & ServiceProviders.
  • Interacting with card brands & acquirers
  • Creation & validation of IROC, FROC, AOC & SAQ
  • Internal Pre- quality assessment checks for reports.
  • Conducting gap assessment & card data flow, discovery & scoping and implementationassistance
  • Assist in final certification process.
  • Drafted 25+ final reports on compliances & AOC (attestation ofcompliance)

Paladion Networks Private Limited
01.2010 - 11.2011
  • ISO-27001 Implementation and Readiness Assessment
  • Policies, procedures and standard development
  • Baseline documents development for server, databases, firewalls, network devices, web Servers, etc.
  • Information security manual and policies development
  • Asset register development
  • Risk assessment, risk management and risk mitigation procedure development

Mckinsey & Company
04.2007 - 12.2009
  • Third party vendor risk assessment against security baselines set by client or based on ISO 27001 standards
  • Information security
  • Logical and physical access review
  • Business continuity management
  • Operations management
  • Application development, maintenance and support
  • Human resource management
  • Asset management

HCL - Hindustan Computers Limited
01.2005 - 03.2007
  • Internal IT control review (consulting engagements)
  • IT Reviews of Process & Technology
  • Review and creation of the policies andprocedures
  • Review of security architecture and provide recommendations for secure build
  • Review of the firewall rule base, server hardening, hardening of network devices
  • Review of Information security, data backups, physical and environmental security, data center and network Security.

Hutchison Essar
06.2004 - 12.2004
  • Internal vulnerability assessment (consulting engagements)
  • Network devices (firewall, routers, switches, IDS, IPS, etc.)
  • Web servers (IIS and Apache) & access points
  • Exchange , application & database servers

Education

Master in Business Administration -

Symbiosis
Pune

Bachelors in Computer Application - undefined

DAVV
Indore

Skills

  • GDPR implementation and compliance
  • PCI DSS and ISO 27001 audits
  • Payments strategy and fraud management
  • Quality assurance for retail business
  • IT controls review and remediation
  • Infrastructure technology assessments
  • Cyber risk management
  • Vulnerability assessments
  • ITIL process design and reviews
  • Information risk management
  • Information governance and service improvement
  • Business continuity management audits
  • Project management expertise
  • Compliance with GDPR, PCI DSS, ISO 27001, ITIL, Indian IT Act, NESA, NIST 800-53
  • Experience in airline operations and retail business
  • Knowledge of banking and payment gateways
  • Familiarity with IDAM/SSO and security solutions

Certification

  • Payment Card Industry Internal Security Assessor– PCI ISA presently ( Internal airlines PCI auditor)
  • Payment Card Industry professional (PCIP)
  • ITIL v3.0
  • ISO 27001 Lead Auditor
  • CEH v7.0
  • CompTIA Linux +

Timeline

Data Privacy & Compliance Controller

Emirates Airlines
01.2014 - 01.2026

Professional Services Consultant

Verizon Business
12.2011 - 12.2013

Paladion Networks Private Limited
01.2010 - 11.2011

Mckinsey & Company
04.2007 - 12.2009

HCL - Hindustan Computers Limited
01.2005 - 03.2007

Hutchison Essar
06.2004 - 12.2004

Reserve Bank of India (RBI)

Voice & Video deployment

Network operations centre

Bachelors in Computer Application - undefined

DAVV

Master in Business Administration -

Symbiosis

Similar Profiles

Create profile
Gaurav Benjamin