Summary

Overview

Work History

Education

Skills

Websites

Certification

Accomplishments

Affiliations

Awards Recognition

Key Exposure

Timeline

ASHOK KUMAR J D

Associate Director - Function Head Cloud Security, Vulnerability Management, Security Operations, CyberDefence, Security Assurance and AI Security & Governance

Chennai,TN

Summary

Associate Director - Information Security | Head of Security Function with 23+ years of cybersecurity leadership in BFSI sector, having served at Crisil Limited (a company of S&P Global). Owns end-to-end security across Cloud Security, Vulnerability Management, Application Security, DevSecOps, Security Operations, Cyber Defence/SOC, AI Security, AI Governance, IAM Security, Third-Party Risk Management (TPRM), and Security Assurance, with experience as a Fractional/vCISO. Proven track record in driving cybersecurity strategy, budgets, Board and CXO-level risk governance, building security-first cultures and high-performing teams, and leading multi-country (India, UK, Argentina, China, US & Poland), global, matrixed initiatives enabling secure business transformation by influencing business decisions, partnering with business, technology, and global stakeholders, aligning security with priorities, delivering scalable security services, and accelerating time-to-market while balancing risk, compliance, and resilience. Delivered compliance across ISO 27001, NIST, SOC 1/2, SEBI, and RBI frameworks with zero major audit findings. Recipient of the Execution Excellence Award (2012-2025, 13 consecutive years).

Overview

years of professional experience

Certification

Work History

Associate Director - Information Security

Crisil Limited

04.2019 - 02.2026

Architected and executed enterprise Cloud Security Foundation - CSPM, CWPP, CASB, SSPM, SaaS Security, and AI Security Posture Management (AISPM) - embedding governance and risk controls across 3 cloud platforms and reducing cloud misconfiguration exposure by 60%+.
Governed cybersecurity budget of ₹25-35 Crore+; directed investment allocation across SOC (SIEM, SOAR, UEBA, EDR), DevSecOps, IAM Security, TPRM, and Vulnerability Management - achieving measurable cost optimisation through strategic vendor consolidation.
Directed regulatory compliance across ISO 27001, NIST CSF, SOC 1/2, SEBI CSCRF, RBI Cybersecurity Framework, and DPDP Act readiness - sustaining zero major audit findings across 6 consecutive annual certification cycles.
Operationalised SOC automation for augmentation - predictive risk modelling, brand monitoring automation, and adaptive defence - reducing MTTD by ~40% and enabling 24/7 autonomous triage of 10,000+ daily security events.
Integrated SAST, DAST, SCA, CNAPP, and API Security into CI/CD pipelines across 40+ application teams; institutionalised TPRM for 150+ applications - reducing critical vulnerability remediation time by 60%.
Directed across 7,000+ endpoints and servers, managing enterprise antivirus, EDR, XDR, virtual patching, proxy, WAF, DDoS, DLP, encryption, and data classification. Enforced automated HIPS policy compliance, achieving more than 95% compliance.
Strengthened SOC and Cyber Defence by embedding SIEM, SOAR, UEBA, CLM, EDR, DLP, WAF, DDoS, and Proxy - driving faster threat detection, automated incident response, and enterprise resilience.
Governed IAM Security with least-privilege enforcement, SaaS access reviews, and automated lifecycle management; expanded Dark Web, Deep Web, and Brand Monitoring integrated into SOC and Threat Hunting workflows.
Authored enterprise cybersecurity policies, standards, playbooks, and secure coding guidelines - embedding a security-first culture across the organisation.
Validated enterprise defences through Blue Team and Purple Team exercises, Internal and External Penetration Testing, Active Directory Security, O365 Security, Cloud and API Security testing, and Breach & Attack Simulation (BAS).
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Manager - Security Management & Governance

Crisil Limited

04.2013 - 03.2019

Owned client-facing security governance including contractual agreements, RFP responses, control framework assessments, and regulatory audit management for top-tier BFSI clients.
Directed SOC audit readiness, ISO 27001 gap assessments, ITGC, and SOX compliance programs - reporting directly to CIO and CISO on quarterly risk posture.
Led Antivirus, EDR, and Patch Management operations across 6,000+ endpoints; reduced unpatched critical CVEs to below 1% within a 72-hour SLA window.
Monitored control frameworks and compliance obligations; managed strategic relationships between InfoSec, IT, Development, and Business units.
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Assistant Manager - Technology

Crisil Limited

04.2011 - 03.2013

Served as Relationship Manager for enterprise clients; directed operations and led incident and problem management across the organisation.
Managed Data Centre operations including Antivirus, Exchange, Blackberry, Virtualisation, Citrix, and FTP; oversaw system development, security, network communications, and end-user support.
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Senior Engineer - Technology

Crisil Limited

04.2010 - 03.2011

Directed IT infrastructure activities for external clients and headed multi-location operations, client IT relationship management, and end-user escalation resolution.
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Engineer - Technology

Crisil Limited

03.2009 - 03.2010

Provided IT infrastructure support and management for client environments; led SOP and knowledge base standardisation initiatives.
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Assistant Engineer - Technology

Crisil Limited

12.2007 - 02.2009

Delivered IT helpdesk support for multiple client users; headed client IT relationship management and end-user operations management.
India's largest credit rating agency | S&P Global subsidiary | ₹2,000+ Cr revenue | 5,000+ employees | Operations across 7 countries | Regulated by SEBI & RBI

Service Engineer

ACELA Computer Pvt Ltd

08.2002 - 12.2003

Support Engineer

Network Solution Technologies Pvt Ltd.

10.2006 - 12.2007

System Administrator

Pearl Logics Pvt Ltd

01.2004 - 12.2005

Education

B.E. - Electrical & Electronics Engineering

Madras University

01.2002

EPGDM - Information Technology

Alliance University

01.2018

Diploma - Electrical & Electronics Engineering

Directorate of Technical Education

01.1999

Skills

Cybersecurity Strategy & Governance
Cybersecurity Roadmap
Enterprise Security Architecture
CISO Advisory
VCISO
Security Budget Management
Board-Level Risk Reporting
Security Policy Authoring
Security-First Culture
Cloud Security Posture Management (CSPM)
Cloud Workload Protection (CWPP)
CASB
SSPM
SaaS Security
API Security
AI Security Posture Management (AISPM)
Generative AI in Cybersecurity
CNAPP
SIEM
SOAR
UEBA
EDR
DLP
WAF
DDoS Protection
Proxy
Threat Intelligence
RDP
Dark Web & Deep Web Monitoring
Brand Monitoring
Threat Hunting
Purple Team
Blue Team
Breach & Attack Simulation (BAS)
Deception Technologies
Antivirus
XDR

Virtual patching
Encryption
Data security
Data classification
SAST
DAST
SCA
Secure SDLC
CI/CD Pipeline Security
Vulnerability Prioritisation & Remediation
Penetration Testing
Attack Surface Management
IAM Security
Privileged Access Management (PAM)
Least-Privilege Enforcement
SaaS Access Reviews
Automated Lifecycle Management
ISO 27001
NIST CSF
SOC 1/2
SEBI CSCRF
RBI Cybersecurity Framework
DPDP Act
GDPR Alignment
ITGC
SOX
Audit Management
TPRM
Vendor Due Diligence
Team Building
Succession Planning
Leadership Development
Cross-Functional Stakeholder Management
CXO & Board Reporting
Budget Optimisation
Vendor Management

Websites

Certification

SIEM Microsoft Sentinel & IBM QRadar
SOAR Google (Chronicle SOAR)
BAS Cymulate
DRP SOC Radar & CloudSEK
Threat Intelligence Platform CloudSEK
Deception Zscaler
EASM SecurityScorecard, BitSight, SOCRadar & CloudSEK
AM Microsoft Entra ID, Keycloak, ARCON (PAM), HashiCorp Vault
Encryption Symantec PGP & Microsoft BitLocker
DLP Symantec, Microsoft Purview & Proofpoint
EDR CrowdStrike, Microsoft Defender, Trend Micro, Symantec & Cybereason
XDR Trend Micro
Proxy Symantec, BlueCoat & Zcaler
VA Tools Tenable, Rapid7 Nexpose & Qualys VMDR
Server Config Review Rapid7 Nexpose & Qualys VMDR
Network Config Review Nipper, Rapid7 Nexpose & Qualys VMDR
SAST Checkmarx & OpenText Fortify
DAST BurpSuite & OpenText Fortify
API Security AppSentinel
SCA / SBOM JFrog Xray
Patch Management Symantec & Microsoft SCCM
Virtual Patching Symantec & Trend Micro
CNAPP/CSPM/CWPP/IaC/SSPM PaloAlto Prisma Cloud
Firewall Review AlgoSec

Accomplishments

Managed ₹25-35+ Crore Information Security budget covering cloud security, SOC, cyber defence, AI security, and regulatory compliance across global operations. Led and mentored 30+ cybersecurity professionals to strengthen enterprise security posture and governance.
Built enterprise cloud security framework including CSPM, CWPP, CASB, SSPM, IAM Security, and API security, reducing misconfiguration risks by 60%+. Integrated DevSecOps controls such as VA, SAST, DAST, SCA, and CNAPP across 40+ development teams.
Implemented SOC automation and SOAR for threat detection and response, reducing MTTD by ~40%. Managed enterprise security operations for 7,000+ endpoints using EDR, XDR, WAF, DLP, and encryption.
Established enterprise AI security framework including self-hosted LLM governance, browser isolation, and protection against prompt injection and data leakage risks.
Maintained zero major audit findings across six ISO 27001 certification cycles while ensuring compliance with SEBI, RBI, SOC 1/2, and NIST frameworks. Implemented Third-Party Risk Management across 150+ applications.
Delivered IT infrastructure programs in Argentina, China, and the United Kingdom.

Affiliations

CEH - Certified Ethical Hacker (EC-Council)
AI Governance Professional
Certified Artificial Intelligence Security & Risk (CAISR)
ITIL Foundation
CCNA - Cisco Certified Network Associate
DPDPA - Digital Personal Data Protection Act Certification
Certified CISO
CISA - Certified Information Systems Auditor (ISACA)
CISM - Certified Information Security Manager (ISACA)
AWS Certified Solutions Architect - Professional
AWS Certified Solutions Architect - Associate
MCP - Microsoft Certified Professional
AIGP - Artificial Intelligence Governance Professional

Awards Recognition

Execution Excellence Award, CRISIL Limited, 2012-2025

Key Exposure

Security Strategy & Leadership, Cyber Defence, Security Operations, Attack Surface Reduction / Vulnerability Management, Cloud Security, Security Assurance, IT Infrastructure, IT Operations, BFSI, IT, Chennai, Mumbai, UK, Argentina, China, 45, Information Security budget up to 50 Cr INR

Timeline

Associate Director - Information Security

Crisil Limited

04.2019 - 02.2026

Manager - Security Management & Governance

Crisil Limited

04.2013 - 03.2019

Assistant Manager - Technology

Crisil Limited

04.2011 - 03.2013

Senior Engineer - Technology

Crisil Limited

04.2010 - 03.2011

Engineer - Technology

Crisil Limited

03.2009 - 03.2010

Assistant Engineer - Technology

Crisil Limited

12.2007 - 02.2009

Support Engineer

Network Solution Technologies Pvt Ltd.

10.2006 - 12.2007

System Administrator

Pearl Logics Pvt Ltd

01.2004 - 12.2005

Service Engineer

ACELA Computer Pvt Ltd

08.2002 - 12.2003

B.E. - Electrical & Electronics Engineering

Madras University

EPGDM - Information Technology

Alliance University

Diploma - Electrical & Electronics Engineering

Directorate of Technical Education

Summary

Overview

Work History

Associate Director - Information Security

Manager - Security Management & Governance

Assistant Manager - Technology

Senior Engineer - Technology

Engineer - Technology

Assistant Engineer - Technology

Service Engineer

Support Engineer

System Administrator

Education

B.E. - Electrical & Electronics Engineering

EPGDM - Information Technology

Diploma - Electrical & Electronics Engineering

Skills

Websites

Certification

Accomplishments

Affiliations

Awards Recognition

Key Exposure

Timeline

Associate Director - Information Security

Manager - Security Management & Governance

Assistant Manager - Technology

Senior Engineer - Technology

Engineer - Technology

Assistant Engineer - Technology

Support Engineer

System Administrator

Service Engineer

B.E. - Electrical & Electronics Engineering

EPGDM - Information Technology

Diploma - Electrical & Electronics Engineering

Similar Profiles

Scott PerryScott Perry

Azmat KhanAzmat Khan

Mark SpiveyMark Spivey

LYDIAH WANJIRU KARIBALYDIAH WANJIRU KARIBA