ASHISH MAJITHIA (Practice Partner- Cybersecurity & Risk Services)
An experienced Cybersecurity executive with proven and successful leadership within enterprise scale organisations. Brings extensive practice development, business development &, management, competency development, talent nurture capabilities across the cybersecurity length and breadth. Have led team size of triple digits security professionals to deliver cyber security programs in multi-million dollar program across UK, Europe and India. CORE COMPETENCIES
Business Development/ Management Team Management Nurturing Team Security Project/ Program Management General Operations Management Domain Expertise People Management ORGANISATIONAL EXPERIENCE
Since Oct’06 : Wipro Technologies, Practice Partner -Cybersecurity & Risk Services Feb’05-Oct’06 : Microland Limited, Mumbai as Security & Risk Management Consultant Jul’04-Jan’05 : Kale Consultants, Mumbai as Manager – IT & DISO (Divisional Information Security Officer) Jul’03-Jun’04 : Price Water House Coopers, Mumbai as Security & Risk Management Technical Consultant Jun’00-Jun’03 : Wipro InfoTech, Mumbai as Site Manager – IT Administration/ IT Security May’99 - Apr’00: ADCC Consultancy Services Pvt. Ltd., Mumbai as Senior Network Engineer HIGHLIGHTS
Managed team of 100+ security consultants, engineers, managers for multi-million dollar accounts within Europe
Managed both cybersecurity projects and operations in the areas of Risk & Compliance, IDAM, Security Assurance, SAP security, GRC, etc.
Managing multiple large-scale customers for UK, Europe, Asia & ME region for the last decade.
Generated strategic opportunities by increasing the stake by twofold. Working with customers on budgetary planning
Managing the entire security, internal audit & compliance functions with key focus on ISAE 3402, ISO 27001, BCM, etc.
Worked with internal advisory to drive automation and improving and optimizing security process with key focus on driving down cost.
Nurturing key team members/ leaders to sustain existing business and win over competition.
Streamlining and optimizing delivery in large-scale accounts thereby reducing COD and increasing margin.
Managing business development/ management for customers across UK&I.
Have led team size of more than 150 security consultants as a GRC Delivery Head in the past role.
Hands on experience delivering in areas such as compliance, risk management, standards, technical risk assessment.
Have been speaker on behalf of Wipro Consulting on following topics at GRC summits o Simplifying GRC Automation;
o Integrating GRC automation & security operations center EDUCATION
2005 PGDBM (Marketing) from NL Dalmia University, Mumbai, India 1998 B.Com. from L.S. Raheja College, Mumbai, Maharashtra Certifications:
BS 25999 Implementer Course
Date of Birth: 7th May, 1978
Passport No.: Z4072335
Current Resident: UK
Linguistic Abilities: English, Hindi, Gujarati
Address: Flat 65, Trident Point, 19, Pinner Road, Harrow, UK Please refer to annexure for details on projects
Tenure: Since Oct’06
Current Role: Practice Partner
o Defining cybersecurity roadmap for customers along with solution architects/ SMEs o Understand and translate vision into plan and effectively business execution thereby increasing revenue gradually.
o Nurturing team members and enabling them to withstand and grow further business in strategic accounts.
o Security Delivery Head handing security projects & operations for cybersecurity functions.
o Advising various business units on security & compliance to ensure organization wide smoother delivery.
o Advising customer security & compliance team for smoother delivery and BAU function on cloud infra & apps.
o Managing multiple security tracks and driving the security function with key focus on optimization & reducing cost y-o-y
o Lead a team of 100+ security engineers/ consultants/ auditors o Year on year improvement demonstration by reducing security tickets in the area of authorization
o Leading the security integration for authorization, SSO functions o Managed the entire program, which contains core focus on SAP security, Non SAP security such as Clarity, Hybris, Teradata, MDM, JD, etc. o Handling SAP GRC projects and operations
o Resource utilization Excellency. Managing Competency building and leading internal cross skills trainings programs.
o Focusing on attrition reduction through various mechanisms such as competency development, career aspiration discussions, making leaders + managers, staff welfare, etc.
o Lead team of cybersecurity consultants, engineers on
SAP & other applications security projects and BAU
SSO, Fed, PAM and IAM programs
Delivering Vulnerability Management program on ‘as a service’ model
GRC Automation for ERM, Compliance & Audit
SOC L1 support
ITRO, compliance & security
Managing external/ internal audits
o Leading Cybersecurity business in UK/ Europe regions for majority of the verticals. o Managing business across cybersecurity areas such as Cybersecurity consulting, GRC, IAM, SOC, App sec, Data Sec, Cloud Sec, Digital security, Managed security services, OT cybersecurity, etc.
o Assess & review new set of cybersecurity services applicable to customers. Tailor fitting the service to meet customer/ prospect expectations.
Other roles in the past:
o Delivery Lead of team GRC consultants in IME region with a team size of 150+ consultants competing against the major Big4 and being in Top 2 in the India market.
o Special focus on acquiring new talents to cater to specific account needs. Also carried out programs around Talent enrichment and Talent retention o Lead a team for integrating SOC and GRC platform and automating most of the risk & compliance management in security operations
o Conducted information security leakage assessment on business divisions for a Non Life Insurance sector
o Conducted Business Impact Analysis, Risk Assessment, development of BC Plans and strategies for its treasury and Data center operations. o Conducted business level BIA and RA for a Non-Life Insurance sector and developed multiple recovery strategies based on disaster levels. o Telecom: Project Leader- Designed and Developed Third-party security Framework and Third-party security policy and procedures for the largest Telecom Sector in India. The first one of its kind in the Indian geography. o Conducted Risk Assessment, development of policies and procedures and assisted multiple customers for achieving ISO 27001compliance. o Certified various customers for BS 25999 & ISO 27001 certification in India. Wipro is the first in India to get its customer certified for BS 25999. o BSFI: PM- Conducting Application Security Assessments for the leading Bank in India
o Government Sector: PM- DR Consulting
o Manufacturing: Assisted the client in achieving ISO 27001 certification. o Power & Energy: Assisted the client in achieving ISO 27001 certification.
o GRC Automation
Alliance establishment with IT GRC product vendors
Assessing their capabilities
Understanding customer requirements & suggesting the best fit solution o Telecom Security
Development of ISO 27011 standard policies, procedures
Development of Protection Profiles and Security Targets as per ISO 15408 standard
Development of MBSS checklist as per the ITU-T X.805, ETR 237, 3GPP TS 33-107, TS 33- 102, TS 33-401, TS 33-402 standards
Business Development/ Business Management:
o Strategizing and channelizing business sales
o Identifying Funnel strategies, key account determination and targeting customers. o Handling Sales and presales call for multiple customers across verticals in the region.
o Proposal development, effort estimation and managing pricing approvals o Maintaining the P/L for the practice
o Managing revenue collection and daily sales outstanding Company: Microland Limited
Tenure: Feb’ 05- Oct’06
Role: Security & Risk Management Consultant
Area: BS7799, BCP/DRP, Internal Vulnerability Assessment, O.S. Hardening Roles: Presales activity, Proposal development, Project Management for BS 7799 and BCP/DRP consulting assignments. International Projects Exposure:
Risk Assessment carried out on the basis of NIST Model for a Multinational Banking Organization in Saudi Arabia.
Domestic Projects Exposure:
BS 7799 consulting done for BPO sectors. The objective was to help the client’s organization certify with the BS 7799 certificate. Activities carried out were Risk Assessment, Risk Mitigation Measures, ISMS documentation and also guiding the client in implementing IT Controls.
Vulnerability Assessment carried out for a Petroleum Industry. Tools agreed & used were Nessus, & MBSA.
Operating System/ Application vulnerability patching done for banking organizations.
Operating System Hardening carried out for banking organization.
ISMS User Awareness training to client’s organization.
Operating System Review for a multinational Insurance client. Company: Kale Consultants
Tenure: July2004 – Jan 2005
Roles: Manager – IT & DISO (Divisional Information Security Officer) Area: BS7799, Disaster Recovery Procedures, Vulnerability Assessment Brief: Assisted the organisation to achieve BS 7799 Certification. Maintaining BS 7799 standards. Preparing & updating Information Asset Register, Risk Assessment and Risk Treatment Plan on periodic basis. Conducting ISMS User awareness training for all employees of Kale Consultants. Verifying the security related issues in the Network devices & OS, which is vulnerable and can be exploited & accordingly implementing solutions to harden them. Performing an External PT to determine how secured is the organization’s network from outside. Also performed and Internal VA to determine the vulnerabilities and suggesting measures to fix the same. Planned & documented the BCP/ DR for the BPO location of Kale Consultants. Developed testing plans to be conducted on a periodic basis.
Tenure: July2003 – June 2004
Roles: Security & Risk Management Technical Consultant Area: IT Security Audit, External PT, Internal VA, DRP, BS7799, Security Architecture Review, Ethical Hacking, System Audit
E-Commerce client: Carried out external penetration testing for the client’s network & vulnerability assessment done for O.S like Solaris, Windows NT & network devices like Cisco switches & Cisco PIX firewall & Nsecure IDS.
FMCG client: Carried out external penetration testing for the client’s network & vulnerability assessment for O.S. like Linux, Windows NT & network devices like Cisco router 1601 & 2600, Checkpoint firewall & Realsecure IDS.
Banking organization: GAP Analysis done, Created Security policies based on BS7799. Auditing done for the data center based on BCP/ DRP concept. Carried out external penetration testing for the clients Internet banking network & internal vulnerability assessment for devices like Cisco router, switches & Cisco PIX firewall.
Telecom: Carried out external penetration testing for the client’s network & vulnerability assessment for Solaris & Windows NT servers.
Pharmaceutical: Carried out Audit Support assignments including Network review & General controls.
IT Enabled Industry (BPO) Consulting for BS7799. Also carried out BCP/DRP consulting. Reporting all SPOF, documented strategies. Carried out internal vulnerability assessment, reviewing Security of the network, thorough examination of Network Architecture, and consulting.
Banking Organization: Reviewed the DRP of the critical data center servers. Reported all gaps regarding the DRP and implanted a new DRP. Also Carried out PT & VA on the whole network & carried diagnostic reports on Solaris servers, Cisco Routers in HSRP mode, Cisco Layer 3 switch and also reviewed the SLA with the vendors. Also carried out hardware audit.
Government Sector: Involved in the IT vendor evaluation process. Rating the skills of the vendors taking into consideration their financial health, Organizational structure, their ability to provide technical services, and capability to sustain as a long-term service provider.
FMCG Company: Involved in External Penetration Testing & Vulnerability Assessment assignments. Process audit also carried out. Making the draft and final report including solutions, based on gaps found in the PT/VA report.
Also conducted Trainings on administration and security for Linux and Cisco. Company: Wipro InfoTech
Tenure: June 2000 – June 2003
Roles: Site Manager – IT Administration/ IT Security Roles: Managing the site for IT Administration and security. Firewall configuration, Antivirus configuration, Server administration, Network administration Company: ADCC Consultancy
Tenure: May 1999 – April 2000
Roles: Senior Network Engineer
Roles: Managing various customer sites from network availability and security perspective