CISO - 25+ Years Leading Cybersecurity Strategy and Risk
Resume:
HIRAL SHAH
HEAD INFORMATION
SECURITY (CISO)
*******@*****.***
Galloway, NJ 08205, USA.
https://www.linkedin.com
/in/hiralshah20
PROFESSIONAL SUMMARY
Results-driven InformaƟon Security Leader with 25+ years of experience implemenƟng comprehensive cybersecurity strategies, IT governance frameworks, robust risk management protocols, and regulatory compliance iniƟaƟves for large-scale organizaƟons. Proven ability to enhance organizaƟonal security posture through expert threat analysis and effecƟve incident response. Adept at collaboraƟng with cross-funcƟonal teams to protect criƟcal assets and miƟgate risks. CommiƩed to fostering a culture of security awareness and conƟnuous improvement.
EDUCATION
Bachelor of Science
Gujarat University, Ahmedabad, Gujarat,
India 1995–1998
AREA OF EXPERTISE
Cybersecurity Strategy & Leadership
Regulatory Compliance (GDPR, ISO
27001, SOC2, PCI DSS, DPDP, NIST,
HITRUST, ISO 22301 BCMS)
Comprehensive Risk Assessment,
Management & Incident Response
Security OperaƟons Center
(SOC/SIEM) Management
Data Privacy & ProtecƟon
Third-Party Risk Management
Business ConƟnuity & Disaster
Recovery (ISO 22301)
Cloud & Emerging Technology
Security
IdenƟty & Access Management (SSO,
MFA, PIM/PAM)
Security Awareness & Training
WORK EXPERIENCE
Chief Information Security Officer - CISO
Elecon Engineering Company Ltd. (Elecon Group)
Anand, Gujarat, India • 10/2024 - 10/2025
Led global compliance and information security initiatives across Elecon Group
(India, Europe, UK, UAE, US) aligned with business objectives.
Conducted organization-wide cybersecurity maturity assessments, identifying technology gaps and risk mitigation strategies.
Managed data privacy assessments, policies, ROPA, procedures, and controls compliant with DPDP, GDPR, and privacy standards.
Established 24x7 Security Operations Centers (SECOPs), SIEM, and InfoSec controls across the organization.
Integrated AI capabilities to enhance cybersecurity defenses and threat detection.
Redefined network security in accordance with industry best practices and standards.
Implemented organization-wide Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions.
Chief Information Security Officer – CISO
Dhani Group (Formerly Indiabulls Consumer Finance) Mumbai, India • 09/2022 - 05/2024
A team of cybersecurity professionals implemented advanced information security programs using cutting-edge technologies and methodologies to identify vulnerabilities and mitigate risks in a dynamic digital landscape, aligning with typical CISO responsibilities.
Achieved PCI DSS and ISO 27001 certifications, establishing a comprehensive ISMS to ensure adherence to industry standards and enhance security governance.
Led strategic migration of data centers from AWS to GCP, strengthening cyber resilience and ensuring compliance with SAR requirements. Page 2 of 3
CERTIFICATIONS
ISO 42001 Auditing AI
Management Systems (AIMS)
Lead Auditor.
C CISO Certified from EC-Council
Certified Information Security
Auditor (CISA)
Certified Information Security
Manager (CISM)
Certified in Risk and Information
System Control (CRISC)
Certified in Project IN Controlled
Environments PRINCE2
Practitioner.
Certified in ISO/IEC 27001/2013
ISMS Lead Implementer from BSI.
Trained in Project Management
Professional (PMP) –PMP.
Certified in ITIL® V3 Foundation.
Certified in CCNA (Cisco Certified
Network Associates).
Trained in Oracle DBA &
Specialized in Oracle RDBMS.
Microsoft® Certified Professional
in Windows® Networking.
TECHNICAL SKILLS
Comprehensive risk assessment
for IT, IoT and AI/ML.
Vulnerability Assessment &
Penetration Testing (VAPT)
Application Security
Infrastructure and Network
Security
Endpoint Security & Management
(DLP/CASB)
Cloud Security (AWS, GCP, Azure)
Business Impact Analysis
Threat Intelligence & Security
Architecture
Ensured regulatory compliance with Indian authorities, including SEBI and RBI, across all exchange platforms and NBFCs, mitigating regulatory and operational risks.
Developed and implemented a Third-Party Risk Management framework, integrating IT and InfoSec strategies to effectively address third-party vulnerabilities.
Managed Application Security programs, including VAPT, WAPT, and SOC/SIEM operations, to detect, prevent, and respond to security threats.
Established InfoSec protocols for Data Privacy, Cookie Consent, and PII compliance in accordance with DPDP standards.
Oversaw IT and InfoSec operations, ensuring continuous risk mitigation and asset protection through best practices in security management. Achievements:
Seamlessly transitioned data center infrastructure with zero downtime and improved security posture.
Recognized for leadership excellence, driving operational efficiency and cost- effective security solutions.
Senior Manager, Information Security & Compliance
Acqueon Technologies Pvt. Ltd.
Bengaluru, India • 03/2022 - 09/2022
Directed the company's information security strategies and compliance initiatives, achieving key certifications and strengthening data privacy measures.
Managed compliance programs including PCI DSS, ISO 27001, and SOC2 Type 2, ensuring continuous adherence to industry standards.
Led Information Security Operations and maintained compliance with ISO/IEC 27018 for cloud privacy, safeguarding customer data.
Developed and implemented a Third-Party Risk Management framework to mitigate supply chain and vendor-related risks.
Achieved ISO/IEC 27018 certification, reinforcing data privacy and protection for cloud-based personal data.
Executed data privacy initiatives such as cookie consent management and PII protection, aligning with best practices to strengthen user trust. Achievements:
Secured essential security certifications (PCI DSS, ISO 27001, SOC2 Type 2), enhancing the organization’s compliance posture and security maturity. Manager, Information Security
Automation Anywhere Inc., Vadodara, Gujarat, India Vadodara, India • 10/2017 - 03/2022
Spearheaded the establishment and global implementation of comprehensive information security initiatives, ensuring robust protection and compliance across the organization.
Led the development and global deployment of comprehensive information security strategies, ensuring organizational protection and regulatory compliance.
Established foundational security initiatives and frameworks aligned with ISO Page 3 of 3
AWARDS & RECOGNITION
CISO 100 Awards “The Game
Changer of 2025” – Asia Foundry
CISO 100 Cyber Sentinel Awards
2025
CISO Platform 100 Awards India
2024 & 2023
CIO Accelerator X Awards 2024
MIA Circle CXOS India Award 2023
CEO Insight: Top 10 Global
Leaders of the Year 2023
27001/2013, strengthening enterprise security posture.
Designed and managed a 24/7 Security Operations Center (SOC) utilizing AlienVault, DELL SecureWorks, and Wazuh, enabling proactive threat detection and incident response.
Developed and enforced security policies encompassing Physical & Environmental Security, Change Management, Incident Management, Vulnerability & Patch Management, and Backup & Restoration, safeguarding organizational assets.
Conducted vulnerability assessments and penetration testing (VAPT) using Qualys and Tenable IO to identify and remediate security gaps proactively.
Implemented Business Continuity Planning (BCP) and Disaster Recovery (DR) strategies in accordance with ISO 22301 BCMS, ensuring operational resilience.
Managed third-party risk assessments and aligned customer contractual security requirements with organizational policies.
Led quarterly internal ISMS audits to monitor IT and information security controls, ensuring continuous compliance and improvement.
Achievements:
Initiated the organization’s first comprehensive Information Security Program, significantly reducing security incidents.
Achieved compliance with GDPR, Data Privacy, ISO 27001, ISO 22301, Cyber Essentials, HiTrust, and SOC standards, enhancing stakeholder confidence.
Built and operationalized a security infrastructure from inception to full compliance, elevating overall security resilience. PREVIOUS ASSIGNMENTS
2012-04
2017-09
Head, Information Technology
Dimexon Diamonds Ltd, Mumbai, India
2011-05
2012-03
Manager, Information Technology
Landmark Group, Dubai, UAE
2010-02
2011-05
Manager, IT Infrastructure
Supreme Global Service Solution, Dubai, UAE
2008-01
2010-02
Manager, Information Technology
Dewanchand Group, Gujarat
2006-01
2008-01
IT Officer / IT in-charge
Dalma Energy Company Ltd.
2005-01
2006-01
IT Officer – Contract
Kusters Calico Machinery Ltd., Gujarat
1999-04
2003-08
Programmer / System Administrator
Shri Dinesh Mills Ltd., Gujarat
Contact this candidate