Summary
Overview
Work History
Education
Skills
Certification
Technology Stack
Timeline
Generic
Debasis Behera

Debasis Behera

Bengaluru

Summary

Cybersecurity leader with 18 years of expertise in technology risk management, cloud security architecture, and AI governance. Successfully implemented zero trust frameworks and secured multi-cloud environments across AWS, Azure, and GCP. Proficient in threat modeling, security operations, and compliance management, including ISO 27001, SOC 2, GDPR, and PCI DSS. Holds multiple certifications, including CISSP, CISA, CISM, AWS Security Specialty, and AI Security Governance.

Overview

19
19
years of professional experience
1
1
Certification

Work History

Principal - Cyber Risk & Assurance

GSK Global Capability Centre
Bengaluru
06.2024 - Current
  • Led technology risk assessments for critical infrastructure including cloud platforms (Azure, GCP, M365), ZTNA, CASB, SSO/SAML, privileged access management, achieving 95% security posture compliance.
  • Orchestrated implementation of advanced security stack (Zscaler, CrowdStrike, Beyond Trust, Wiz, Akamai) delivering 60% improvement in threat response time and $2M annual cost optimization.
  • Architected and deployed enterprise-wide Zero Trust security framework across 15,000+ endpoints, reducing security incidents by 40% and improving threat detection capabilities.
  • Established AI governance program to secure adoption of generative AI technologies, mitigating data leakage risks and ensuring compliance for AI-powered applications.
  • Built and mentored team of 12 security professionals across architecture, engineering, and risk assessment, achieving 95% retention and 100% on-time project delivery.

Senior Manager & Lead - Technology Risk

Mphasis Ltd.
Bengaluru
11.2020 - 06.2024
  • Directed enterprise-wide cloud security transformation across AWS and Azure environments serving 30,000+ users, implementing CSPM, CWPP, and automated compliance monitoring achieving 100% audit success rate.
  • Pioneered comprehensive Generative AI security strategy addressing Shadow AI risks, implementing DLP controls preventing 250+ data exfiltration attempts and securing Microsoft Copilot, GitHub Copilot, and Azure OpenAI integrations.
  • Spearheaded migration and integration of critical security solutions (Netskope SASE, Prisma Cloud, CrowdStrike Falcon, Okta SSO) improving security coverage by 85% while reducing operational complexity by 30%.
  • Developed AI governance frameworks and policies in collaboration with legal, compliance, and engineering teams, aligning with NIST AI Risk Management Framework and EU AI Act requirements to mitigate risks.
  • Managed cross-functional security engineering teams specializing in DLP, CASB, ZTNA, and CSPM, overseeing 500+ security policy implementations and 1,000+ change requests, maintaining zero security incidents.

Manager & Delivery Compliance Officer - Risk & Compliance

HCL Technologies
Chennai
07.2018 - 11.2020
  • Led global compliance operations across 25+ client engagements, executing enhanced compliance assessments and achieving 98% client satisfaction scores through proactive risk management.
  • Orchestrated completion of compliance audits (ISO 27001, ISO 9001, ISO 20000, SOC 1 Type II, GDPR, PCI DSS) with zero critical findings across offshore delivery centres, ensuring adherence to regulatory standards.
  • Collaborated with cybersecurity teams on incident investigations and remediation, achieving 45% reduction in mean time to resolution (MTTR) and enhancing effectiveness of security incident response.

Senior Manager - Information Security Services

DBS Bank
Mumbai
04.2017 - 07.2020
  • Executed IT security audits and vendor risk management programs for banking infrastructure, implementing privileged access controls and system hardening aligned with RBI and PCI DSS requirements to enhance overall security posture.
  • Led cross-functional teams to enhance client engagement strategies and service delivery.
  • Developed and implemented risk management frameworks for financial products and services.
  • Streamlined operational processes to improve efficiency and reduce turnaround time.

Head - Information Security

Netcore Cloud
Mumbai
03.2011 - 04.2017
  • Established enterprise information security program from ground up, achieved ISO 27001 certification within 18 months, maintained continuous compliance through 6 successful annual audits, enhancing organizational security posture.
  • Designed and deployed comprehensive security infrastructure across AWS, Digital Ocean, and Rackspace environments, including WAF, IPS, SIEM, DDoS mitigation, resulting in 70% reduction in security incidents.
  • Completed day-to-day duties accurately and efficiently.
  • Contributed innovative ideas and solutions to enhance team performance and outcomes.
  • Worked successfully with diverse group of coworkers to accomplish goals and address issues related to our products and services.

Linux Systems Administrator & Infrastructure Specialist

NH Infomedia & BIZ Technologies
Mumbai
06.2007 - 03.2011
  • Administered enterprise Linux infrastructure with Apache, DNS, DHCP, FTP, SAMBA, NFS, AutoFS, NIS in high-availability clustered datacentre, ensuring reliable support for 10,000+ users.
  • Administered server environments to ensure optimal system performance and reliability.
  • Implemented security protocols to safeguard sensitive company data and systems.
  • Managed network configurations to support seamless connectivity for users.

Education

Post Graduate Diploma in Management (PGDM E-Business) - IT Infrastructure, Information Security & Governance, IT Compliance

Welingkar Institute of Management
Mumbai, India

Skills

  • Cybersecurity Strategy & Governance
  • Enterprise Risk Management
  • Security Architecture & Engineering
  • Zero Trust Architecture
  • Identity & Access Management (IAM)
  • Cloud Security (AWS, Azure, GCP)
  • DevSecOps & Secure SDLC
  • AI/ML Security & Governance
  • Penetration Testing
  • Vulnerability Management
  • Data Loss Prevention (DLP)
  • SIEM management
  • Compliance auditing
  • ZTNA (Zero Trust Network Access)
  • SASE (Secure Access Service Edge)
  • CASB (Cloud Access Security Broker)
  • CSPM (Cloud Security Posture Management)
  • CNAPP (Cloud-Native Application Protection)
  • WAF (Web Application Firewall)
  • SWG (Secure Web Gateway)
  • EDR/XDR (Endpoint/Extended Detection & Response)
  • PAM/PIM (Privileged Access/Identity Management)
  • SOAR (Security Orchestration Automation Response)
  • API Security
  • Container Security
  • Business continuity

Certification

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• ISO 27001 Lead Auditor
• AWS Certified Security Specialty
• Microsoft 365 Security Administration Associate
• AI Security Governance Certification
• API Security Architect
• Netskope SASE (Vendor Training)
• Cloud Guard CNAPP (Vendor Training)
• Red Hat Certified Engineer (RHCE)
• ITIL Foundation
• AI in Cybersecurity Specialist (Training)

Technology Stack

Zscaler, Netskope, Akamai, Cloudflare, Prisma Cloud, Wiz, CrowdStrike Falcon, Palo Alto Networks, Microsoft Entra ID (Azure AD), Okta, Ping Identity, SailPoint IdentityIQ, CyberArk, Beyond Trust, AWS, Microsoft Azure, Google Cloud Platform, Microsoft 365, GitHub, Azure DevOps, Kubernetes, ArcSight, Splunk, ServiceNow, Alert Fusion, Coverity, BlackDuck, Acunetix, Qualys, Tenable Nessus, Microsoft Information Protection, Titus, Druva, Rubrik, Commvault, Varonis, Microsoft Copilot, GitHub Copilot, Azure OpenAI, Kong API Gateway, ColorTokens Micro-segmentation

Timeline

Principal - Cyber Risk & Assurance

GSK Global Capability Centre
06.2024 - Current

Senior Manager & Lead - Technology Risk

Mphasis Ltd.
11.2020 - 06.2024

Manager & Delivery Compliance Officer - Risk & Compliance

HCL Technologies
07.2018 - 11.2020

Senior Manager - Information Security Services

DBS Bank
04.2017 - 07.2020

Head - Information Security

Netcore Cloud
03.2011 - 04.2017

Linux Systems Administrator & Infrastructure Specialist

NH Infomedia & BIZ Technologies
06.2007 - 03.2011

Post Graduate Diploma in Management (PGDM E-Business) - IT Infrastructure, Information Security & Governance, IT Compliance

Welingkar Institute of Management

Similar Profiles

  • Rishi Raj SinghRishi Raj Singh

    Lead - Information Technology Risk at ING Bank AustraliaLead - Information Technology Risk at ING Bank Australia

  • ASHOK KUMAR J DASHOK KUMAR J D

    Associate Director - Information Security at Crisil LimitedAssociate Director - Information Security at Crisil Limited

  • Martheed DagharMartheed Daghar

    Cybbersecurity Advisory Manager at KPMG Professional ServicesCybbersecurity Advisory Manager at KPMG Professional Services

  • Andre NelsonAndre Nelson

    Senior Classified Cyber Assurance Analyst at Space Exploration Technologies Corp (SpaceX)Senior Classified Cyber Assurance Analyst at Space Exploration Technologies Corp (SpaceX)

CREATE PROFILE
Debasis Behera