Anil S Soni

• Led enterprise-wide ISO/IEC 27001:2022 implementation across Allcargo entities, including first-time certification for Terminals.
• Designed and implemented a comprehensive TPRM framework covering onboarding, assessment, monitoring, and offboarding.
Assessed 50+ new vendors and established governance for existing vendors.
• Established a centralized Vendor Governance model, ensuring compliance for vendors with logical access.
• Built and trained the TPRM team to manage the vendor risk lifecycle.
• Revamped IT and InfoSec risks in ERM into measurable risk statements, with residual risk plans.

• Collaborated with the CISO, CIO, CTO, and Infra leadership for risk alignment.
• Expanded KRIs from 25 to 60+, improving risk visibility and compliance coverage.
Drove improvements in USB access, VAPT closure timelines, license and software management, and phishing simulations.
• Led internal and external ITGC audits across group entities.

• Led the ISMS upgrade from ISO 27001:2013 to 2022, enhancing documentation, improving the risk register, conducting internal audits, closing IR observations, and successfully obtaining the ISO 27001:2022 certification.
• Managed end-to-end stakeholder and vendor management for GRC projects and audits, including vendor evaluation, SOW finalization, project execution, and delivery.
• Led and successfully obtained the SOC 2 certification, understanding business requirements for client assurance, overseeing the audit process, and ensuring compliance with SOC 2 controls.
• Drove NIST CSF implementation, enhancing security maturity to industry standards over three years.
• Spearheaded security awareness initiatives, including phishing simulations, tabletop exercises, and Cybersecurity Awareness Week, to strengthen the organization’s security posture.
• Managed and streamlined exception management processes, ensuring timely risk assessment, approvals, and remediation.
• Ensured compliance through Legatrix, tracking and managing monthly security tasks, evidence collection, and reporting to stakeholders, clients, and regulators.
• Optimized client assessment questionnaire responses by collaborating with the AI team to develop a keyword-based FAQ model, significantly reducing man-hours spent on repetitive assessments.
• Conducted qualitative and quantitative risk assessments, monitoring KPIs and KRIs based on NIST and IS controls to enhance risk visibility and decision-making.

• Led end-to-end IT audits and security engagements, including ITGC, IT Security Assessments, Cybersecurity Audits, Regulatory Compliance Reviews, and IT Consultancy projects for multiple clients, including large NBFCs.
• Managed the complete audit lifecycle, from engaging with clients to understand audit requirements, aligning on scope, conducting audits, finalizing reports, and ensuring timely report delivery and payments.
• Designed and implemented IT Policies, Procedures, and SOPs, aligning with ISO 27001 and NIST CSF to enhance client security and compliance.
• Provide strategic risk advisory, helping clients strengthen security postures, improve risk management frameworks, and meet regulatory requirements.

• Conducted, coordinated, and facilitated internal and external IT audits, ensuring compliance with regulatory and industry standards.
• Effectively managed the IT Risk Register (Infra & App) across all regions, overseeing risk assessments, gap analyses, and mitigation strategies for infrastructure and applications.
• Evaluated processes and controls, identifying recurring audit patterns, and prioritizing remediation based on aggregated risk insights.

• Led internal quality assurance for a Cloud business unit with 750 users serving 250 clients, ensuring adherence to quality standards.
• Implemented company-wide quality controls and ISO standardization requirements, strengthening compliance and operational efficiency.
• Developed and executed the IQA plan, conducting internal audits and gap assessments to drive continuous improvement.
• Spearheaded the ‘Zero Incident Program,’ leading to a 30% year-over-year reduction in reported incidents through process improvements.

• Provided Level 2 support for Exchange and Outlook across all Siemens Industries, including Siemens Energy, Siemens Healthcare, Siemens Automation, and Siemens Business Technology.
• Managed mailbox operations, including quota management, delegation, rights management, and individual mail restoration.
• Handled mailbox permission delegation, distribution list (DL) creation, and modifications based on user requirements.