Aashish Bende (CISM, CCSP)
NH
Summary
Senior Information and Privacy Manager (CISM, CCSP) with 8+ years of experience in Governance, Risk, and Compliance (GRC) and Data Privacy across automotive, fintech, and IT/ITES sectors. Drives the architecture and implementation of comprehensive risk management frameworks (NIST, ISO 27001/27018, DORA), including expertise in AI Governance. Experienced in leading cross-functional teams, directing complex compliance projects, and delivering strategic audit insights to C-level executives.
Overview
10
10
years of professional experience
Work History
Senior Information Security Manager
TomTom
11.2023 - Current
- Led 15+ complex risk assessments across cybersecurity, data privacy, cloud, and operations, providing actionable mitigation plans.
- Performed gap assessments for various IT General Controls (ITGC) and Sarbanes-Oxley (SOX) controls, identifying risk areas, and remediation strategies.
- Conducted AI maturity and compliance assessments for generative AI initiatives, ensuring alignment with security posture.
- Developed and deployed comprehensive security risk management frameworks based on NIST and ISO standards (27001/27018).
- Presented audit and risk reports to CXOs for strategic decision-making, and defined/tracked key privacy and risk KPIs.
- Led the successful ISO 27001 certification implementation, managing risk assessments, control design, and organizational compliance to achieve certification readiness.
- Spearheaded third-party risk management, leading vendor assessments, and collaborating with legal to embed privacy clauses.
- Led cross-functional teams in risk assessments and security audits to identify risks.
Risk Analyst
Booking.com
08.2022 - 11.2023
- Conducted comprehensive Privacy Risk Assessments and Data Protection Impact Assessments across 15 privacy risk areas, ensuring alignment with the NIST Risk Management Framework (RMF), and maintaining over 100 controls.
- Performed maturity assessments for software development processes, such as CI/CD, infrastructure, software asset management, etc.
- Utilized frameworks like DORA to ensure compliance for the organization's fintech arm, enhancing operational resilience.
- Prepared and presented quarterly risk reports to C-level executives, providing actionable mitigation strategies.
- Executed detailed gap assessments and risk evaluations for ITGC and SOX controls, supporting organizational audit readiness.
- Assisted in SOC 2 compliance efforts by reviewing and testing ITGC controls across cloud and operational systems.
Assistant Manager - Security
Disney+ Hotstar
03.2022 - 07.2022
- Led GRC assessments and managed a team of four individuals during the launch of Disney+ Hotstar in multiple countries.
- Assessed potential security risks associated with proposed application and platform changes, recommending and validating necessary mitigation strategies.
- Evaluated over 100 applications to identify GRC gaps, and ensured compliance with SOX and GDPR controls.
- Provided strategic advice to the CTO and CIO on identified process gaps, emphasizing necessary security and control measures.
- Developed and executed training programs for staff on emergency response procedures.
Experienced Consultant (Privacy and Infosec)
EY
05.2021 - 03.2022
- Collaborated with financial clients (e.g., Goldman Sachs, Credit Suisse) to ensure compliance with GDPR and PCI DSS.
- Conducted regular security assurance assessments for client environments to evaluate the effectiveness of IT security controls and compliance.
- Achieved a 20% reduction in project risk through effective risk management strategies.
- Analyzed over 30 applications for compliance with GDPR and CCPA regulations.
- Directed cross-functional teams to implement process improvements and organizational change.
Risk Analyst
eClerx Shared Services
08.2017 - 05.2019
- Analyzed risk data to identify trends and mitigate potential impacts on business operations.
- Managed a team of four junior analysts, ensuring high-quality deliverables for ITGC and SOX audit assignments.
- Prepared and maintained detailed reports for internal stakeholders on control performance, utilizing metrics to track audit readiness, and compliance KPIs.
- Enhanced IT governance and compliance by analyzing complete process flows as a process consultant.
Senior Analyst
Searce
06.2015 - 07.2016
- Contributed to SOX and SOC 2 compliance projects by evaluating control design and operational effectiveness, ensuring alignment with regulatory requirements.
- Executed project planning and coordination using RACI and Gantt charts for IT audit engagements.
- Performed post-implementation reviews to evaluate the security impact of technological changes, and validate the integrity of implemented controls.
- Conducted risk identification and analysis, and implemented mitigation strategies.
Education
MBA - Analytics and Finance
SIDTM
Pune01.2021
Skills
- Governance, Risk & Compliance (GRC)
- Third-Party Risk Management
- GDPR Compliance
- Policy & Procedure Development
- Security Architecture
- ISO 27001/27018,
- NIST 800-53/37
- Incident Management
Timeline
Senior Information Security Manager
TomTom
11.2023 - Current
Risk Analyst
Booking.com
08.2022 - 11.2023
Assistant Manager - Security
Disney+ Hotstar
03.2022 - 07.2022
Experienced Consultant (Privacy and Infosec)
EY
05.2021 - 03.2022
Risk Analyst
eClerx Shared Services
08.2017 - 05.2019
Senior Analyst
Searce
06.2015 - 07.2016
MBA - Analytics and Finance
SIDTM