Amrit MBA
Columbus
Summary
Accomplished cybersecurity and risk management leader with over 24 years of experience safeguarding critical assets, mitigating risks, and ensuring regulatory compliance for Fortune 50/500 companies and government contractors, primarily in the Defense Industrial Base (DIB). Expertise spans across legacy and modern enterprise platforms, including SAP S/4HANA, Oracle ERP, Microsoft Dynamics 365, and cloud environments. Proven success in CMMC, PCI-DSS, GDPR, HIPAA, FAR/DFARS, and other key compliance frameworks, delivering robust risk management strategies to protect sensitive data and infrastructures.
Overview
22
22
years of professional experience
Work History
Director Cybersecurity
MoveAmerica
02.2024 - Current
- Develop and execute cybersecurity strategies ensuring effective risk management and compliance
- Identify, assess, and mitigate cyber risks to protect critical assets, sensitive data, infrastructure, and applications
- Lead the initiative under OSBP’s Commercial Due Diligence program to identify a GRC COTS toolkit for streamlining and automating investigative FOCI risk management process and CMMC assurance for small businesses and contractors
- Develop secure data management solutions for CUI, ensuring compliance with CMMC/NIST standards, and deliver NIST Cybersecurity Enhancement project with key stakeholders from DoD, academia, and the private sector
- Plan & execute Secure Cloud initiative designed to serve small businesses around:
- Developing methodology, templates and a comprehensive plan for assessing small business cloud cyber risk
- Reviewing the existing AWS cloud offering security assurance including MFA, Okta directory integration, AWS Integration, SSO, RBAC, Secure SAML configuration, SCIM Integration and API Security
- Setting up a Cybersecurity laboratory to build cyber awareness capability & address skill gaps in the workforce
- As part of DoD’s NIST RIA Initiative, establish CMMC 2.0 / NIST SP800-171, FAR / DFARS readiness program development
- Level 1 & 2 Self-Assessment
- Preparation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
- 3rd Party Certification Readiness
- Managing CMMC/NIST Compliance and certification readiness for MoveAmerica
- Lead cybersecurity team development, providing mentorship, training, and ensuring the team stays current with emerging threats
- Leading R&D to identify emerging cyber technologies that help government contractors enhance service value and competitiveness, aligned with US Defense Department objectives
- Manage the cybersecurity budget, ensuring proper allocation of resources to support initiatives and projects
- Provide regular updates to executive leadership on cybersecurity initiatives, risks, and performance metrics
Director Cybersecurity & Technology Risk Management
Zions Bancorporation
02.2023 - 02.2024
- Developed and enhanced the enterprise-wide cyber risk management framework aligned with NIST CSF / 800-53, COBIT, and ISO 27001
- Introduced a comprehensive cyber risk reporting structure to inform senior leadership and the board of directors about ongoing risks and mitigation plans
- Developed and implemented a KRI framework and health check process that tracked critical cybersecurity risks, their path-to-greens, and provided real-time visibility into risk exposure
- Automated Security Exception process in ServiceNow, reducing manual efforts by 80%, and integrating with Archer GRC for improved risk coverage
- Established guidelines for PII discovery and obfuscation in production/non-production environments
- Managed RCSA process and risk data libraries, including Risk Register and GLBA/OCC compliance
- Led New Initiative Reviews to ensure cybersecurity and risk management in large programs and third-party services, including third-party risk assessments, ensuring vendor compliance (SOC 1, SOC 2, SSAE 18)
- Managed high-risk technology incidents (P1) and spearheaded incident response plans
- Optimized KPIs and KRIs within RSA Archer and ServiceNow
- Led cybersecurity awareness trainings
- Briefed the Board & Executive Committees regularly on risks, compliance, and mitigation effectiveness
- As a member of the bank’s crisis management team, led the team during significant security incidents and coordinated responses in accordance with the bank’s business continuity plans
Director IT Internal Audit
Johnson Controls Inc.
12.2021 - 01.2023
- Spearheaded the 22-member IT Audit organization for delivering basic to complex IT audits, including Cybersecurity audits, ERP audits, SDLC reviews, Cybersecurity audits, Operational Technology (OT) assessments, regulatory audits, data privacy and Cloud / third-party risk assessments
- Led the first OT Cybersecurity audit on Open Blue, the platform that collects, views and analyzes the data from other building core systems (ICS) in real time to generate meaningful insights
- Developed and implemented anomaly detection and compliance analytics using ACL Analytics, Power BI, and Python
- Led compliance testing for key regulations: Cybersecurity, CCPA, GDPR, ISO 27001, and SOX 404
- Advised CISO on cybersecurity exception/risk acceptance management processes
- Managed Continuous Controls Monitoring and Data Analytics initiatives, optimizing audit efficiency
- Supported SEC disclosure processes and conducted Cybersecurity Maturity Assessments
- Delivered regular status reports to JCI’s Governing Body, including the Board, Audit Committee, CFO, and SLT
IT Risk Compliance Director
Cummins, Inc.
06.2013 - 12.2021
- As the head of the Enterprise IT / Cybersecurity Risk & Compliance program, supported various regulatory mandates including SOX404, PCI-DSS, GDPR, PII, HIPAA, ITAR
- Directed a $3.5M Global PCI-DSS security initiative across 45 payment processes, ensuring regulatory adherence
- Spearheaded a $1M GRC/eGRC automation effort with RSA Archer and Modulo Risk Manager, achieving 30% cost savings in year one
- Led a $1.5M comprehensive quarterly global SOX 404 IT Continuous Controls testing program with an 18-member team using an onsite-offshore testing model
- Developed and implemented an integrated audit framework based on NIST CSF/800-53, reducing redundancies by 80-90%
- Nominated for 2016 Chairman’s Award
- Delivered foundational guidance / framework for Global Cybersecurity (GCS) to manage
- Cloud / third-party Risk & Internal Controls Assessment program including SOC1 / SOC2 reporting
- PII discovery and obfuscation
- Development and enforcement of security and compliance standards, procedures, and guidelines
- Led enterprise-wide IT risk assessments, identifying and mitigating high-priority cybersecurity threats
- Managed risk data libraries, including Risk Registers, RCMs, and Risk Ratings, ensuring compliance with industry standards
- Responsible for ensuring cybersecurity controls within vendor environments and Joint Ventures
Assistant Vice President, Technology Risk Services (FT)
EXL Service, Inc.
07.2006 - 06.2013
- Clientele: Nationwide Insurance, AIG, Federal Signals, Jeffries Group, SunTrust Bank, Pitney Bowes
- Led PCI-DSS security program for a Fortune 100 insurer, saving $0.5M in fines and $60K-$110K in monthly penalties
- Delivered data protection and privacy programs per State DOI and Market Conduct Exams
- Directed a $0.8M project to transition from PGP encryption to GnuPG, improving data security
- Managed SOX 404, Model Audit Rule (MAR), and FDICIA compliance for multiple clients
- Led policy governance initiatives, strengthening user access administration and reducing security risks
- Oversaw finance transformation projects, identifying control gaps and assessing new systems for risk
- Managed end-to-end RFP and vendor selection process, assisting with vendor onboarding and security assessments
- Conducted ERP security audits for Oracle, PeopleSoft, and SAP, ensuring system integrity
Senior Analyst Enterprise Risk Services
Deloitte & Touché Audit Services (I) Pvt. Ltd.
02.2005 - 07.2006
- Led COE risk initiatives, enhancing cybersecurity practices
- Implemented ERP security programs for large financial institutions, ensuring regulatory compliance and system integrity
- Developed comprehensive control libraries for Oracle/PeopleSoft Financial and HR modules, including metadata repositories and automated data extraction/analysis scripts
- Led ERP pre- and post-implementation risk assessments, identifying and mitigating potential security vulnerabilities
Business Analyst Group Technology
The Royal Bank of Scotland Group
05.2004 - 02.2005
Senior Associate
Satyam Computer Services Ltd.
06.2003 - 05.2004
Education
Credential of Readiness - Business Analytics, Financial Accounting, and Economics for Managers
Harvard Business School
MBA - undefined
Delhi School of Economics, University of Delhi
Bachelor of Computer Engineering - undefined
University of Pune
Skills
- IAM: Sailpoint, Okta, AWS IAM, RSA SecurID, MS Azure AD
- Vulnerability Assessment: Tenable, Rapid7, Nessus Pro, Qualys
- Penetration Testing: Wireshark, Nmap, Nessus, Intruder, OWASP ZAP
- DLP: Symantec DLP, McAfee DLP
- EDR Solutions: Carbon Black, CrowdStrike
- Firewall: Cisco Firepower, Barracuda CloudGen, Sophos
- Analytics: ACL Analytics, IDEA, Alteryx, Power BI, Puppet, MS SCCM
- Risk/Compliance Tools: RSA Archer, ServiceNow, MetricStream, Modulo, AuditBoard
- ERPs: SAP S/4HANA, Oracle, MS Dynamics
Accomplishments
- Developed Cyber Risk Management framework and risk assessment strategy for US defense contractors, aligning with NIST SP800-171, FAR/DFARS, SP800-53, COBIT 2019.
- Built Cybersecurity KPI/KRI framework for a Fortune 50 manufacturer and a regional US bank.
- Led a $1M GRC automation project for a manufacturer, reducing operational costs by 30% in the first year through process streamlining.
- Led comprehensive security assessments and remediation for major manufacturers, enhancing cloud and OT cybersecurity resilience.
- Managed $3.5M PCI-DSS compliance initiative for the largest diesel engine manufacturer, ensuring global regulatory adherence.
- Executed CMMC 2.0 roadmap for small businesses under NIST RIA initiative, guiding them through self-assessments and compliance.
- Built a comprehensive Data Protection and Privacy strategy for DoD’s Office of Small Businesses, driving compliance with CMMC and NIST standards.
- Reduced 80-90% redundancy in risk and compliance efforts, nominated for Chairman’s Award for innovation.
- Delivered research paper on “Energy Security of US Military Operations,” focusing on optimizing battery production and supply chain resilience.
- Mitigated a $0.5M fine and reduced monthly penalties by $60K-$110K for an insurance company through effective PCI-DSS compliance implementation.
Timeline
Director Cybersecurity
MoveAmerica
02.2024 - Current
Director Cybersecurity & Technology Risk Management
Zions Bancorporation
02.2023 - 02.2024
Director IT Internal Audit
Johnson Controls Inc.
12.2021 - 01.2023
IT Risk Compliance Director
Cummins, Inc.
06.2013 - 12.2021
Assistant Vice President, Technology Risk Services (FT)
EXL Service, Inc.
07.2006 - 06.2013
Senior Analyst Enterprise Risk Services
Deloitte & Touché Audit Services (I) Pvt. Ltd.
02.2005 - 07.2006
Business Analyst Group Technology
The Royal Bank of Scotland Group
05.2004 - 02.2005
Senior Associate
Satyam Computer Services Ltd.
06.2003 - 05.2004
MBA - undefined
Delhi School of Economics, University of Delhi
Bachelor of Computer Engineering - undefined
University of Pune
Credential of Readiness - Business Analytics, Financial Accounting, and Economics for Managers
Harvard Business School
Similar Profiles
Jameel JordanJameel Jordan
Central Supply Technician at East Alabama Medical CenterCentral Supply Technician at East Alabama Medical Center
Lexus SpearsLexus Spears
Contract Specialist GS-9 at Defense Logistic AgencyContract Specialist GS-9 at Defense Logistic Agency
Spencer GoertzSpencer Goertz
Avionics Technician at United States Air Force ReserveAvionics Technician at United States Air Force Reserve
Rasha NeffRasha Neff
Volunteer at Franklin Medical CenterVolunteer at Franklin Medical Center
Sindhu VethoddySindhu Vethoddy
Managing Director (Partner) – Cybersecurity & Data Privacy Consulting at Protiviti IndiaManaging Director (Partner) – Cybersecurity & Data Privacy Consulting at Protiviti India