Abhishek Gautam

Team, stakeholders & governance

• Managed and mentored teams of 10+, setting objectives, delegating effectively, and maintaining high delivery standards across parallel workstreams.
• Known for clear communication and stakeholder management, aligning technical work with executive priorities, and keeping multi-party programs on track.
• Committed to continuous learning, with certifications including CIPP/E, CISM, CCNA, CHFI, CEH, ISO 27001 LA, Certified Qualys guard Professional

Security leadership and SOC

• Directed SOC operations and incident response, building playbooks and governance that improved time-to-detect and time-to-respond while maintaining SLA and compliance.
• Designed and reviewed enterprise security architectures and system hardening baselines for servers, endpoints, and networks to uphold confidentiality, integrity, and availability.
• Deployed and optimized SIEM and SOC toolchains, and established monitoring & threat-intel frameworks that turned event/log data into actionable insights for leadership.
• Ensured adherence to standards and regulations (ISO 27001, NIST, PCI-DSS, CERT-IN, applicable govt. policies) through policy guidance and continuous improvement.

Vulnerability management & security testing

• Led risk-based vulnerability management and penetration testing (network, infra, application), including manual verification and prioritization tied to business impact.
• Hands-on with Nessus, Acunetix, AppScan, Burp Suite, Kali Linux, Metasploit, and related tooling for scanning, exploitation validation, and reporting with clear fix paths.

Program & event delivery

• Delivered large-scale IT events and examinations end-to-end—planning, coordination, execution, and post-event review—with transparent controls and auditability.
• Built program monitoring frameworks for milestones, deliverables, and performance; reviewed vendor/agency output and drove corrective actions where required.
• Strengthened adoption and awareness by promoting IT/ITeS/e-Gov initiatives via seminars, award functions, and training workshops to clients.

· Coordinate with various internal & external teams / vendors & ensuring the remediation and mitigation of open vulnerabilities within a stipulated timeframe

· Performing Internal Penetration testing activities (IT Infra – N/w & Servers) & validate the VA findings manually

· POC for any escalations w.r.t VA activity & not complying with agreed SLA / OLA.

· Managing approved exceptions for the accepted risks & track any expired exceptions monthly basis

· Lead the GRC track w.r.t creation, periodic review of Policies, Process & Procedure documents

· Part of Internal IT Audit team, SPOC for any audit / assessment necessities

· Reviewing multiple weekly reports / KPI, ensuring the team is meeting the expected compliance levels

· Part of cross vertical SOX Audit team and testing the design and operating effectiveness of controls specified in approved RCM Matrix.

· Ensuring SLAs are met and timely delivery of management reports

· Managing security operations; performing root cause analysis for the high severity incidents

· Generating weekly compliance reports to present the same to the management

· Performing Vulnerability Assessment through Nessus

· Coordinating & following with Patching teams for remediating the open vulnerabilities.

· Leads the preparation and the implementation of necessary information security policies, procedures, in conjunction with the Security Committee to get appropriate approvals and feedback.

· Manage third party security assessment program to minimize risk associated with partners and vendors

· Preparing Information security, Cyber Security awareness & training material for different employee skill levels.

· Trouble shooting and maintaining the existing network system across the organization.

· Dealt with monitoring tools and network packet capture tools like Wireshark, etc.

· Upgrading and backups of Cisco router configuration files.

· Implementing and maintaining backup schedules.

· Facilitated the team to Ensure desktop computers interconnect seamlessly throughout Client Network.

Interacting with clients, understanding their needs, and providing technical support to clients by remotely accessing their networks and troubleshooting the issues raised through TeamViewer.

· Identify areas of improvement in the company and assist in creating and implementing solutions.

· Preparing Information security, Cyber Security awareness & training material for different employee skill levels.

· Assist the Team to Install, upgrade, support and troubleshoot XP, Windows 7, Linux and other authorized/Licensed desktop applications