Vinay Rawat

Currently Working as Lead for GRC, Oversee and directs all aspects of organization's cybersecurity program, ensuring protection against evolving cyber threats and compliance with industry standards. Below are major responsibility

Lead Governance, Risk and Compliance

• Cybersecurity Strategy and Planning:

Develop, implement, and continuously refine a robust cybersecurity strategy aligned with organizational goals and industry standards

• Risk Assessment and Management:

Conduct comprehensive risk assessments to identify potential vulnerabilities, prioritize risks, and develop strategies for risk mitigation and management.

• Security Policies and Compliance:

Establish and enforce security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices

• Security Awareness and Training:

Develop and conduct cybersecurity training programs to educate employees on security best practices, creating a security-aware organizational culture.

• Security Governance and Compliance Monitoring:

Establish and maintain a robust security governance framework, ensuring compliance with applicable laws, regulations, and industry standards.

• Budgeting and Resource Optimization:

Manage cybersecurity budgets, allocate resources effectively, and optimize expenditures to achieve security goals within budgetary constraints.

• Security Audits and Compliance Testing:

Conduct regular security audits and compliance assessments, addressing gaps and ensuring adherence to established security policies and controls.

• Team Leadership and Development:

Lead, mentor, and develop a high-performing cybersecurity team, fostering a culture of continuous improvement and professional growth.

• Business Continuity and Disaster Recovery Planning:

Develop and manage business continuity and disaster recovery plans, ensuring operational resilience in the event of a security incident or disaster.

ICT Security Analyst

• Implementing PAM solution and onboard/de-board infra onto solution.
• Analyze/track and manage Exemption requests submitted by business users.
• Providing Operational Support for Beyond Trust PAM Solution.
• Ensuring Adherence to compliance ISMS 27001 by regular follow ups with Application Owners.
• Preparing reports for Governance meet (weekly/monthly/quarterly service review call).

Critical Incident Manager/ Security Incident Manager

• As a Critical Incident Manager, was responsible for driving P1/P2 incidents & restoring the interrupted services as soon as possible.
• To schedule, chair and drive the daily operational service provider call.
• To schedule, chair and drive the Service Restoration calls.
• As an Incident Manager responsible for updating the management and End user community about any outages, status info about the incident.
• Review and verifying the accuracy of the reported severity level of an incident.
• Work closely with the Operations & Defense (O&D) and Research & Hunting (R&H) functions on the triage and management of cyber-related incidents.
• Provide timely incident updates and ensure that all engagement and communication protocols are followed
• Track follow-up documentation related to an IS Incident, including Root Cause Analyses (RCAs), Lessons Learned and SIRT Remediation Plans throughout the incident lifecycle till closure

• ITIL process management - analyze and design service management processes, research and present best practices, and drive for continuous improvements
• Manage multiple concurrent tasks and work stream
• Manage weekly and monthly Incident review meetings and provide data metrics to Leadership
• Provides Incident Management reporting to executive management teams
• Undertake and provide Post Incident Reviews (PIR) for major incidents with focus on identifying process or operational improvements
• Working closely with OCC, Problem/Change Management, technical and business groups to improve maturity levels and adoption of Incident Management processes

Worked as IT Service Management Process Manager (Incident& Problem)