Ashish Faujdar

Chief Information Security Officer (CISO):

• Provided vision and leadership for the enterprise-wide technology and cyber security initiatives.
• Developed and implemented cyber security strategy aligned with the business objectives.
• Developed, Implemented and Managed enterprise-wide cyber security governance structure, polices, processes and metrics.
• Evaluate and prioritize cyber security projects, based on enterprise risk profile, and capacity to implement the change.
• Establish and monitor security measures for data protection and access control.
• Led and oversee the efforts to conduct Cyber security risk and maturity assessments.
• Developed and implemented a proactive and continuous threat monitoring and remediation program based on the capabilities of AI/ML and automation through various products.
• Designed and initiated advance level 24*7 cyber incident response structure aligned with the Cyber Crisis Management plan of the organization.
• Designed a secured remote access channel for the employees working from remote locations.
• Initiated the design of Zero Trust Architecture.
• Ensured the IT Infrastructure and the Application Infrastructure are periodically assessed through various security assessment programs to identify the risks and test the resiliency and recoverability capabilities of the organization.
• Ensured compliance to guidelines issued by regulators such as RBI, SEBI, IRDAI, NHB etc.
• Ensured periodic update on the state of Cyber Maturity program to Board and various board/executive level committees.
• Setting up the third party risk assessment program.
• Ensured the security budget optimally utilized.
• Fostered the information security culture and awareness across the Board, Senior Management and the staff.

Data Protection Officer (DPO):

• Manage and oversee the overall planning, implementation, monitoring and continual improvement of data privacy requirements according to the Internal Data Privacy Policy as well as related policies and procedures.
• Issue his/her opinion about the feasibility of a project from a data privacy standpoint.
• Manage personal data protection related queries and complaints.
• Assess data privacy risks for the business processes involving processing of personal data implement appropriate security measures accordingly.
• Drive periodic privacy assessments in the organization and approve the results.
• Review and approve privacy policies and procedures.
• Identify requirements for cross border data transfers.
• Govern the execution of contracts/Data Processing Agreements with data processors.
• Ensure ongoing compliance with the Data Privacy Policy and associated privacy practices.
• Ensure that appropriate certification of the privacy practices is obtained and maintained.
• Liaise with Information security team to spearhead required assessments and identify privacy risks within the organization.
• Approve the training calendar for privacy trainings within the organization.
• Act as the first level approver for on any privacy risks which are accepted by the organization.

• Ensure implementation and adherence to Cyber Security Policies.
• Ensure implementation and adherence to Cyber Security Frameworks such as MITRE, NIST, ISO 27001, COBIT.
• Define and implement the controls based on Zero Trust approach.
• Ensure data protection.
• Oversee the evaluation and finalization of the new security solutions.
• Design and implement the IT & IS Governance and compliance framework.
• Ensure adherence to the IS and IT Strategy.
• Identify, Analyze, Control and Mitigate the risks the organization is exposed to.
• Ensure cyber incidents are managed effectively.
• Ensure compliance with various constantly changing regulatory guidelines as applicable in the respective countries.
• Ensure compliance with SOX and GDPR guidelines globally.
• Ensure Data Privacy by Design.
• Review of IT Processes, new tools and technologies.
• Strengthening and rationalizing the processes that helps to improve business performance and enhance decision-making within IT Board
• Internal/External Customer and Stakeholder Management.
• Periodic presentation, security postures, risk and control state, to the Executive Council.
• Identify and automate the processes to eliminate manual dependencies.
• Design and implement the IT DR framework.

• Formulate the strategy for Cyber Security and Information Systems Risk by closely working with the senior management to remain abreast with technology strategies and initiatives.
• Ensure implementation and adherence to the Cyber Security Policies, Frameworks and Control guidelines.
• Formulate the risk based plan and ensure implementation.
• Plan the assessments to assess controls weaknesses in the Technology Infrastructure, Cyber Security Framework and adherence to Information Security Policies .
• Present the risk reports to Board level committees on a quarterly basis.
• Ensure mitigation of security and IT risks through implementation of adequate controls.
• Front ending respective regulators in the interest of the organization.
• Consult and advice on the Cyber, Technology and Regulatory risks involved in the various new products.
• Mentoring and guiding other team members on various technology and cyber risks.
• Management of ISO 9001:2015 certificate.

Client: Union Bank Of India

• Ensure implementation of best practices related to Information and Cyber Security.
• Ensure implementation and management of the security tools and platforms.
• Act as a SME on current industry trends to improve controls environment across the organization.
• Assist and perform audits on Information Security.
• IT Service Management.
• Vulnerability Assessment, Penetration Testing.
• Information Security Risk Assessment.
• Designing, Consulting & Providing Security solutions to customer.
• Coordinate with offices across the country on implementation and adherence to security practices defined by the organization.
• Implement and integrate new Network and Security solutions to branch offices.

Global Client:-General Electric (GE)

• Implementation/Upgradation of network and security devices , Change Management, Policy fine tuning and handling 2nd level escalations related to troubleshooting of problems in different firewalls,
• Management of IDS, VPN, URL filtering, AAA, log reporting solutions.
• Management of customer’s entire network security infrastructure remotely.
• Configuring and troubleshooting various firewalls – PIX/ASA, Checkpoint Nortel/Nokia, Fortigate, and Juniper Netscreen.
• Outlined and maintained security patching schedule to efficiently address ongoing system issues.
• Coordinated security initiatives at various offices spread across various geographies.
• Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.

• Administration and Maintenance of Cisco router, Cisco ASA/PIX, Checkpoint firewall, L2/L3 switches, VPN, modems and lease line from VSNL and coordinating with ISP’s to resolve the problems related to internet.
• Implementation and Configuration of Security Devices.
• Managing wireless network that covers across the entire premises.
• Site survey and Configuration of devices.
• Maintenance of the setup and client configuration for usage, coordinating with the ISP’s spectra net and VSNL to make sure the internet is available 24/7.