Summary
Overview
Work History
Education
Skills
Websites
Certification
Accomplishments
Languages
Hobbies and Interests
Personal Information
Timeline
Generic

GAURAV KUMBHAR

London

Summary

Dedicated Information Security consultant and professional enthusiastic carrying 6+ years of experience in IT audits, risk & compliance activities and assessing security procedures & standards. Strong consulting professional with MBA focused in Information Security and IT business management. Ensure given an opportunity I will work with full potential for self and for organizational growth.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Information Security Officer

The Imagination Group Ltd
London
10.2022 - Current
  • Lead global responsibility as an Information Security Officer, overseeing security operations across eight locations worldwide.
  • In this role, I ensured the alignment of security strategies with organizational goals, fostering consistent standards, and robust protections across diverse regions.
  • Lead the development, implementation, and continual improvement of the ISMS in accordance with ISO 27001 standards.
  • Developed and maintained information security policies, including acceptable use policies, access control policies, and incident response plans.
  • Performed risk assessment and threat analysis to identify security gaps in the organization's information assets and IT infrastructure
  • Analyze risks and prioritize them based on potential impact, ensuring that mitigation strategies are developed
  • Lead the TISAX audit for one of the renowned automobile giants for the industry-compliant standards. Conducted risk assessment activities. Designed and implemented security controls as per TISAX standards.
  • Involved in supporting the TPRM assessment for the automobile clients of Imagination. Communicating the client security requirements with the business and IT infrastructure team, and implementing the recommended security controls to fulfill the requirements.
  • Contributing to customer retention and satisfaction by providing assurance of information security practices.
  • Develop and maintain an incident response plan. Ensure that security incidents are logged, reported, and resolved effectively.
  • Investigated data breaches and other security incidents to determine root cause and potential impact on the organization's systems
  • Lead post-incident analysis, and ensure that lessons learned are incorporated into future security measures.
  • Building investors' confidence by providing reports on security performance, risks, incidents and areas of improvement to senior management.
  • Lead the Middle East compliance team to achieve a competitive edge by strengthening our security posture and enhancing market differentiation through industry-recognized compliance standards.
  • Increased operational efficiency by implementing streamlined processes for asset management, access management, and change management.
  • Conducted server reviews and user access reviews monthly or quarterly to maintain the security posture of the IT infrastructure.
  • Monitored the data inventory and communicating the best strategies to handle data throughout the lifecycle.

Senior Security Consultant

IBM India Private Limited
Pune
05.2018 - 05.2022
  • Actively participated and assisted in IT audits, ISAE 3402 engagements, ISO 27001:2013 readiness assessments, General IT Controls testing and IT policy and procedure implementation
  • Performed activities related to SoX compliances, and ISMS implementation
  • Involved in stakeholder management, cross functional and cross teamwork environments
  • Implemented privacy controls as per GDPR, CCPA and HIPAA standards
  • Multiple ITGC audits:
  • Conducted Audit engagement as an IT specialist where performed test of design and operating effectiveness of controls around user access management, Change Management, Incident management and policy/process assessment
  • ISAE 3402 engagements for a Leading IT/ITeS Organization
  • Involved in the SOC1 and SOC2 audit examination for a leading software solutions organization where IBM provided technology solutions and services
  • Reviewed and tested project controls as defined by the management and general IT controls covering areas such as physical and logical Access, application and Infrastructure change management, environmental controls, Backup & Computer operations
  • GDPR / CCPA engagements:
  • Consulted team of client for GDPR and CCPA readiness assessment
  • Assessed the client's business, what type of data they collect and what type of activities perform on the collected data
  • Implemented and documented GDPR related compliance activities along with its associated technical and Organizational Measures
  • Risk and Compliance:
  • Implementation and Documentation of Data Security and privacy controls towards control maintenance and sustenance
  • Preparation of Contract review document with the project management team
  • Looking after legal and security requirement of the project as per the master Services agreement along with required security controls
  • Provide guidance to the project management team during Delivery Risk Assessments, Risk Re-Assessments, and ISO audits
  • Conduct monthly management review meeting with project management team to discuss the risk posture of the account and communicate it to the client
  • Provide support to the US and Europe counterpart for carrying out their compliance activities
  • Trainings and Team Management:
  • Conducted training on Data security and privacy framework for new joiners
  • Provide guidance on GDPR, HIPAA, CCPA compliance activities among the team members
  • Managing implementation activities performed by team members
  • Closely monitoring and reviewing work done by mentee for different projects and providing guidance to complete compliance activities within given time frame
  • Actively arranging and managing training sessions across the practice on timely basis to brush up everyone's knowledge

Application Engineer

Welan Technologies
Pune
12.2013 - 04.2016
  • Business development into potential industries like educational Institutes, Construction, and Aerospace
  • Special focus on automotive Industry for acoustic facilities, pressure mapping systems & accelerometer which includes requirements gathering from existing/potential clients, participation in pricing negotiations in order to maintain contract profitability & provide technical support
  • Forecasting product sale of Welan technologies with the help of marketing funnel for each quarter and achieving quarterly/yearly sales targets & contribute towards company profits, with customer satisfaction

Education

MBA - Information Security

Symbiosis Centre For Information Technology
Pune, India
03.2018

Bachelor of Engineering - Instrumentation and Control

Pravara Rural Engineering College
Loni, India
03.2013

Skills

  • General IT control testing
  • IT Audits - ISAE and SoX audits
  • Risk analysis and management
  • ISO 27001 gap assessment
  • Information security management
  • IT security policies and procedure implementation
  • ISO 27001 Implementation
  • Critical thinking
  • Relationship building
  • Third-party risk management

Certification

  • Microsoft certified: AZURE Fundamentals
  • ISO 27001 lead Auditor

Accomplishments

  • Implemented ISO 27001 for the Middle east region for Imagination Group Ltd.
  • Received 'Manager's choice award' in 2020 and 2021 for exemplary performance during yearly audits.
  • Recognition from fellow security consultants for sharing expertise.
  • Successfully completed yearly targets for 2 consecutive years.

Languages

First Language, C2 Proficient, C2 Proficient

Hobbies and Interests

  • Driving and traveling
  • Passionate follower of Football and Chess.
  • Cooking

Personal Information

Visa Status: Currently on dependent/spouse visa and sponsorship is not required.

Timeline

Information Security Officer

The Imagination Group Ltd
10.2022 - Current

Senior Security Consultant

IBM India Private Limited
05.2018 - 05.2022

Application Engineer

Welan Technologies
12.2013 - 04.2016

MBA - Information Security

Symbiosis Centre For Information Technology

Bachelor of Engineering - Instrumentation and Control

Pravara Rural Engineering College
GAURAV KUMBHAR