Information Security Cloud
Resume:
BALAJI AMBADAS PASKANTI CISA CEH ISO ***** LA
******.********@*****.*** +91-990*******/982-***-**** https://www.linkedin.com/in/balajipaskanti INFORMATION SECURITY, CLOUD SECURITY AND COMPLIANCE, IT/IS AUDIT, CYBERSECURITY, GRC, AND IT RISK MANAGEMENT DYNAMIC SECURITY AND COMPLIANCE LEADER, DRIVING INFORMATION SECURITY MANAGEMENT, AND CLOUD SECURITY AUDITS With over 16.6 years of experience as a determined Information Security professional, I possess extensive expertise in IT, with a strong emphasis on Information Security domains, including IT GRC, Cloud Security & Compliance, Cybersecurity, IT Audit, Data Privacy & Security controls, and enterprise-wide IT Risk Management. As an InfoSec evangelist, I possess comprehensive knowledge and skills that help organisations achieve business objectives while adhering to relevant internal & external contexts, including stringent security requirements at the enterprise level. CORE • COMPETENCIES & SKILLSETS
Cloud Security & Compliance SOX - IT General Controls Agile & Scrum
InfoSec Management IT Audit & Compliance Secure SDLC
Vendor Risk Management SOC2 Audit & Compliance Risk Heat Map
Identity & Access Management ISO27K1 Audit & E2E Implementation Dashboard & Big Picture
Vulnerability Management Physical & Environmental Security Audit Metrics & Measurement
IT Risk Management BCP & DRP Audit Trend Analysis SIGNATURE STRENGTHS & CORE SKILL SETS
§
• Currently leading the Cloud Security and Compliance programs for VPCNG, PAAS and Classic IAAS for SOC2, SOX, PCI DSS and ISO 27001 and FS Cloud for ensuring compliance with applicable frameworks.
• Led full lifecycle ISO 27001 ISMS - Audits & End-to-end Implementations, and Governance, Risk & Compliance programs/projects.
• Assessed and decomposed compliance frameworks (ISO 27001, NIST 800-53, CMMC 2.0) into actionable security control requirements for implementation across systems and teams.
• Stakeholder management involves facilitating CXO/C-Suite executives, operations, and development organisation meetings to secure approvals for risk exceptions and also to align security compliance strategies with business goals and product roadmaps.
• Led/Implemented/participated in recommended improvements to close gaps and enhance security maturity with various security requirements as per applicable Standards, Guidelines, Baselines, Frameworks, Regulations, laws, and acts - ISO 27001/05/17/18/31K/20K, FedRAMP, COBIT, FISMA, ITGCs, CCPA, EU-GDPR, NIST, HIPAA-HITRUST & PCI DSS. Interfaced with Change Control Boards to evaluate the impact of technical changes on compliance posture & security architecture.
• Provided expertise in vulnerability management & patch governance, ensuring consistent control over security baselines.
• Acted as a trusted Security compliance advisor, capable of transparently articulating security issues & remediation at all levels
• Supported Change Control Board activities to review & approve control design changes & ensure traceability to security baselines.
• Conducted control testing and self-audits to validate the effectiveness of implemented security controls and identify gaps in adherence to established baselines.
• Acted as the local security authority, i.e. as a Business Information Security Officer (BISO), aligning global information security policies with local regulatory and compliance requirements and also adapting central security frameworks
• Hands-on exposure to Cloud Security Risks with regard to SAAS, IAAS & PAAS, cloud-native security requirements and technologies.
• Tools: ServiceNow, GitHub, JIRA, Confluence, Cisco ACL & TIARA, GRC Archer-Collective, MS Office Suite, Power BI, & SharePoint. ACADEMIC QUALIFICATIONS & CREDENTIALS
• B.Sc. (Bachelor of Science) Mathematics – Shivaji University, Kolhapur, INDIA.
• Diploma in Software Testing – Seed Infotech, Pune, INDIA. TECHNICAL CERTIFICATIONS & TRAININGS
• CISA Certified (Active) In Good Standing – ISACA, Chicago, Illinois, USA.
• ISO 27001 Certified ISMS Lead Auditor – BSI Management Systems, UK.
• CEH v7 (Certified Ethical Hacker), EC-Council, USA.
• Pursuing CISSP & CISM Certifications and completed training for CRISC, PMP and ITIL certifications.
• Organisational-specific Internal training – Cisco Ninja White Belt Certified, IBM Security & Privacy by Design & Essentials of Secure Eng. VERSATILE INDUSTRY INFOSEC EXPOSURE
• IT Audit, Consulting, Assurance and Advisory, IT Products/Services and utilities, and IT and ITES (BPOs, KPOs, and IT-enabled services).
• BFSI Banking, Financial Services & Insurance, Energy Giant Oil & Gas, and AMCs, Intermediaries and Stockbrokers.
• Non-IT MNCs, Chartered Accountants Firms, and RBI Subsidiary (Clearing Corp. of India). PROFESSIONAL CAREER CHRONOLOGY
§
IBM Public Cloud – Cloud Security Compliance Leader Feb 2021 – Current Royal Dutch Shell – Business ITSO Security Advisor (Senior Manager Band) Sep 2018 – Feb 2021 Cisco Systems – Program/Project Manager ISO 27001 Certification India Program Apr 2013 – Aug 2018 DXC-CSC (Computer Sciences Corporation) – Senior Information Security Specialist Oct 2011 – Apr 2013 ANB Solutions Private Limited. – Consultant I. S. Auditor Mar 2011 – Oct 2011 1 YEAR EMPLOYMENT GAP, Met with a road accident and suffered major injury to the right limb Mar 2010 – Mar 2011 The Bank Of New York Mellon – Operation Executive (ITAC) Oct 2007 – Mar 2010 CA Sachin S. Bhattad Co., Chartered Accountants – Assistant IS Auditor Jan 2006 – Sep 2007 BALAJI AMBADAS PASKANTI CISA CEH ISO 27001 LA
******.********@*****.*** +91-990*******/982-***-**** https://www.linkedin.com/in/balajipaskanti AWARDS & RECOGNITIONS
§
í Bluepoints Awards @ IBM: Awarded for achieving various compliance program certifications from the Cloud service SPOCs. í Connected Recognition Awards @ Cisco Systems Cisco Services: On completing the ISO 27001 Due Diligence Audits for Cisco Services. PROFESSIONAL EXPERIENCE – LEADERSHIP ROLES & RESPONSIBILITIES
§ IBM, Bangalore – In the capacity of a Security & Compliance Leader @IBM Public Cloud Feb 2021 – Present
§ Role Summary – Currently leading the Cloud Security & Compliance Program for the ConMon (Continuous Monitoring) Audits in-scope VPCNG, Classic IAAS & PAAS, i.e. reviewed Cloud Native Security Controls, ensuring adherence to various Compliance Frameworks.
§ Line of Reporting – Program Director for IBM Public Cloud Division.
§ Team Size Managing – 2 Team Members Scope of Operations – Program/Projects for VPCNG, PAAS & IAAS.
§ Applicable Compliances IBM Internal & External – SOC2, PCI DSS, NIST, ISO27001, FSCloud, FedRamp & FISMA.
§ Key Deliverables
• Delivered Continuous Monitoring (ConMon) programs/projects using Agile methodology, resulting in a 30% reduction in control assessment cycle time & 20% improvement in stakeholder feedback scores due to iterative delivery & continuous improvement.
• Established measurable KPIs, KRIs, KGIs, and strategic objectives for cloud security programs, leading to a 25% improvement in compliance tracking accuracy and a 15% enhancement in audit readiness across quarterly reviews.
• Designed quarter-wise service scope and planning for multiple cloud compliance cycles, achieving 100% adherence to planned schedules & supporting successful audit closure for 3+ major compliance frameworks (e.g., SOC 2, NIST, FSCloud & ISO 27001).
• Facilitated Cross-Functional Collaboration
With Engineering Services teams, Infrastructure (SRE/NRE) teams, ConMon and PMO teams, enabling the on-time delivery of 95% of cloud security project milestones and reducing inter-team blockers by 40% through streamlined communication & sprint planning.
• Cloud Security Controls In-Scope reviewed/tested Includes ASV Scan, Backups, BCP/DRP, Change Management, Container Patching and Health Checking, Continued Business Need, Endpoint Detection & Response, File Integrity Monitoring, Intrusion Detection, Inventory Management, Network Monitoring, Network Rule Revalidation, New Users & User Terminations, Non-Armada Devices Patching & Health checking, Risk Assessment, Root Access for QRadar, SIEM - Security Incident Management, Penetration & Segmentation Testing, Significant Changes, System Description, Vendor Management, Vulnerability Scans, Worker Nodes Health Checking & Patching, Baseline Review, Changes & Challenges.
§ SHELL, Bangalore – Business Security Advisor (Senior Manager Grade) @ Royal Dutch Shell Sep 2018 - Feb 2021
§ Role Summary – Managed the Operational Risk Management, Vulnerability Remediation and Findings Management Projects.
§ Line of Reporting – Global Risk & Compliance Lead Team Size Managed – 2 Direct and 2 Indirect Reportees.
§ Scope of Operations – GFSOM, ITSO IRM, Treasury & E-Banking, Pensions and Risk & Insurance Application Portfolio.
§ Applicable Internal & External Context – NIST, RDS ONE IT Control Framework, SOX ITGC & FCM (Financial Controls).
§ Key Deliverables & Roles (LOD – 1, 2 & 3)
LOD 1 – Sr. Risk Specialist LOB GFSOM LOD 2 – Business InfoSec Advisor LOB ITSO IRM LOD 3 – SPOC SIA-Internal Audit
• Led findings management for operational risk across BAU and non-BAU functions, driving remediation of over 85% of open issues within SLA and improving audit closure rates by 30%.
• Executed 30+ Business Impact Assessments (BIAs), Legal & Regulatory Assessments (LRAs), and Control Self-Assessments (CSAs), supporting informed risk decisions and which in turn enabled a realistic and practical approach to determine the existing residual risks and the business impact, ensuring alignment with ISO 27001 and NIST 800-53 frameworks
• Designed and deployed GRC workflows in Archer, enhancing internal control visibility and streamlining risk reporting processes within the custom-built “Collective” module, resulting in a 40% increase in user adoption.
• Oversaw end-to-end vulnerability management, coordinating across InfoSec and IT teams to remediate 95% of critical and high-risk findings and securing quarterly risk acceptances for overdue critical vulnerabilities from Line of Business CIOs. BALAJI AMBADAS PASKANTI CISA CEH ISO 27001 LA
******.********@*****.*** +91-990*******/982-***-**** https://www.linkedin.com/in/balajipaskanti
• Resolved 95% of critical vulnerabilities in remote-accessible systems and obsolete platforms (Windows, RCEs, Oracle, JBOSS, MS SQL, etc.) across Shell’s ERP and production apps, aligning with GF SOM Yellow List compliance.
§ Facilitated Cross-Functional Collaboration
With the Group CIOs, LOB Information Risk Managers, Business Security Advisors, LOD1, 2 & 3(SIA team), Compliance/Risk Specialists, SOMs (Service Operations Management), Deployment/Application Owners, Portfolio Managers, and Vendor Management teams. PROFESSIONAL EXPERIENCE – LEADERSHIP ROLES & RESPONSIBILITIES CISCO, Bangalore – Project Manager IT - ISO 27001 India Site Program @ Cisco Systems Inc. Apr 2013 - Aug 2018
§ Role Summary – Led end-to-end ISO 27001 Certification Program – Risk Assessments, Internal Audits & prep for External Audits.
§ Line of Reporting – Asia Pacific CISO & InfoSec Director.
§ Team Size Managed – 4 Direct and 8 Indirect Scope of Operations – India Site Operations (Bangalore, Pune & Chennai Sites).
§ Applicable Compliances – NIST, Cisco Internal/External & ISO 27001 & Product Specific Compliances. Key Deliverables
• Managed ISO 27001 program implementation for India sites, leading to successful surveillance audits with zero major non- conformities and maintaining continuous certification across 3+ locations.
• Oversaw Supplier and Extranet Risk Management, reducing third-party onboarding time by 25% and ensuring 100% coverage of security assessments for high-risk vendors.
• Led BCP/DRP strategy development and BCP implementation for critical IT services, delivering a 100% tested and approved recovery plan for both IT applications and infrastructure, reducing potential downtime risk by 40%.
• Automated Firewall ACL Rules Audit & Assurance project using ACL tool, decreasing manual review efforts by 60% and improving remediation timelines for non-compliant rules by 35%.
• Coordinated and facilitated ISMS and EU Safe Harbour (now GDPR) compliance meetings, achieving successful customer audit outcomes with zero critical findings and enhancing client confidence in data privacy practices.
• Facilitated Cross-Functional Collaboration
With the LOB Managers, Directors, Site VP, CISO, Engineering teams, IT Application/Infrastructure Teams, Support Functions (HR, InfoSec Ops, GPS, SSBR and WPR), Cisco Services (Advanced & Technical) teams, & Global ISO Team. DXC, Hyderabad – Senior Information Security Specialist @ DXC (CSC – Computer Sciences Corporation) Oct 2011 – Apr 2013
§ Location – Hyderabad, INDIA.
§ Role Summary – Driven the ISO27001 Certification Program activities covering Risk Assessments, Internal & prep for External Audits.
§ Line of Reporting – InfoSec Senior Manager & CISO Site in Scope of Operations – India Site Operations for the Hyderabad Site.
§ Applicable Compliances – CSC Internal Policies, ISO 27001 requirements & Product Specific Compliances.
§ Key Deliverables
• Conducted ISO 27001 Internal Audits, Risk Assessments, SOW, MSA, & Client Security Assessment questionnaires across BUs.
• Facilitated Cross-Functional Collaboration
With the CISO, ISO27001 Global Team, Testing Quality Assurance/Control Senior Managers/Directors/VPs, and Development Teams ANB, Bombay – Consultant I.S. Auditor @ANB Solutions Private Ltd. Mar 2011 - Oct 2011
§ Role Summary – Led I.S. Audits as a 3rd Auditor for various Local Banks, SEBI Agencies & RBI Subsidiaries as per IT Act/Laws.
§ Line of Reporting – Director, IT Risk Assurance and Advisory.
• Key Deliverables
• Led Third-Party IT/IS Auditing & Consulting Projects for various clients in BFSI domains. BNY MELLON, Pune – Operation Executive @ The Bank Of New York Mellon Oct 2007 - Mar 2010
§ Line of Reporting – Group Manager, ITAC (Information Technology & Access Control) Division. BALAJI AMBADAS PASKANTI CISA CEH ISO 27001 LA
******.********@*****.*** +91-990*******/982-***-**** https://www.linkedin.com/in/balajipaskanti
§ Role Summary – Acted as an Access Administrator for the Access Control Management Division/LOB for the Bank.
§ Key Deliverables
• Managed User Access Control Management process, including provisioning, de-provisioning and alterations of privileges. CA SACHIN S. BHATTAD, Solapur – Assistant IS Auditor @ Sachin S. Bhattad CA Firm Jan 2006 – Sep 2007
§ Line of Reporting – Managing Director.
§ Role Summary – Acted as an IS Auditor for local cooperative banks and small bank finance agencies.
§ Key Deliverables
• Conducted Information Systems Audits as per Local Bank Policies and RBI guidelines.
Contact this candidate