Gaurav Kumar
CYBER SECURITY CONSULTANT
Bangalore
Summary
Results-driven cybersecurity professional with extensive experience in developing and implementing enterprise-wide security programs, including incident management and business continuity planning. Proficient in conducting comprehensive risk and business impact analyses for IT, Cloud, OT, and embedded systems, with expertise in financial quantification of cyber risks and mitigation strategies. Exceptional ability to advise clients on cybersecurity strategies, regulatory compliance (GDPR, NIS2, EASA), and process improvement. Strong communication, stakeholder management, and mentoring skills, coupled with a track record of successful collaboration with technical experts to drive project excellence.
Overview
9
9
years of professional experience
4
4
years of post-secondary education
2
2
Certifications
Work History
Senior Solution Advisor
Deloitte
01.2023 - Current
- Its a Security Assessment project, and I was responsible for driving the interview calls with stakeholders
- Gap analysis was completed based on the answers provided by stakeholders
- I was also responsible for preparation of deliverables and reviewing them for complete Security approvals
- Assessed the applications and performed compliance check in terms of DR management, Backup management, logging and monitoring, GRC assessment and configuration management
- Conducted interviews for applications with their respective application service managers for deep dive analysis of implemented security features
- Served as a trusted advisor to senior stakeholders, influencing security strategies and initiatives across multiple teams
- Performed Application Source code review and assessed the applications based on secure coding guidelines
- Conducted risk assessment and contributed in identifying and remediating the control gaps for SOC 2 compliance readiness
- Working on the GRC assessment surveys and control review documents for final Audit by Verifying the control implementation plan
Lead Solution Advisor
Deloitte
07.2022 - 01.2023
- Reviewed the event -driven architecture utilizing the Jenkins Pipeline
- Ensured adherence to relevant regulatory standards (e.g., APRA, HKMA, MAS) by embedding necessary security requirements in organizational processes
- Worked on the credit card tokenization aspect of application
- Setting up technical review sessions with development teams and internal audit teams
- Assisting with the Data classification and security assessment questionnaires
- Application scanning- SAST & SCA scans
- Assisting with the GRC attestation and collecting the implementation plan and evidences for internal Audit
Senior Consultant
Deloitte
01.2022 - 07.2022
- Assessed the environment and conducted the architecture reviews
- Performed data classification and assisted with application scanning
- Worked with development teams to ensure security protocols and procedures are followed during the batch processing activities
- Automated process to dynamically populate the final audit report distribution list
- This automation helped saving approximately 3 hours of manual effort per audit
- Co-ordinated end-to-end compliance activities with operations team, internal audit team and the external auditor
- Gathered evidence and developed workpapers for controls related to IAM, Vulnerability management, Business continuity, Network security, Risk Governance, IT Service Management etc
Service Delivery Specialist
Accenture
07.2020 - 12.2021
- Conducted information security risk assessments using qualitative methods, identifying and mitigating key risks by 20%.
- Developed and implemented process improvements, aligning with ISO 27001 standards, which improved efficiency by 15%.
- Collaborated with cross-functional teams to design and execute security policies and procedures, ensuring compliance with cybersecurity regulations like GDPR.
- Produced comprehensive reports and presentations for stakeholders, utilizing GRC tools to support governance and risk management initiatives.
- Conducted in-depth research and data analytics, leveraging insights to propose functional and technical mitigation plans.
- Participating in hiring activities for IA staff and providing staff with coaching on process and procedures
- Supervise the execution of detailed audit work and present to the Audit team
Cloud Security Engineer 2
Dell Technologies
03.2016 - 07.2020
- Developed and implemented enterprise-wide security programs, including security incident management and business continuity planning, ensuring organizational resilience.
- Conducted risk and business impact analyses for IT, Cloud including financial quantification of cyber risks and impact assessment of catastrophic scenarios for medium to large consulting projects.
- Led project teams comprising junior and senior consultants to define and monitor functional and technical mitigation plans while employing data analytics and mathematical modeling for effective risk management.
- Planned and led consulting projects, managing small teams independently and contributing significantly to larger projects, ensuring high-quality deliverables.
- Designed and delivered security awareness and training sessions for internal and external stakeholders, enhancing their understanding of risk management and best practices.
- Provided recommendations for process improvement and tooling enhancements, ensuring alignment with industry standards like ISO 27001, ISO 31000, and NIST CSF.
- Collaborated on the preparation of bids and offers for small to medium-sized projects, supporting the proposal process for large-scale consulting engagements.
- Delivered comprehensive documentation and presentations of work results to executive-level stakeholders, demonstrating strong negotiation and influence skills.
- Advised customers on cybersecurity strategies and objectives, ensuring alignment with regulatory requirements like GDPR, NIS2, and EASA Regulations while fostering consensus among diverse stakeholders.
- Worked in collaboration with technical experts to guarantee successful project delivery, mentoring junior consultants to improve their technical and consulting skills.
Education
B. Tech - Electronics & Telecommunication
Yashwantrao Chavan College of Engineering (Autonomous)
05.2011 - 07.2015
Skills
Cybersecurity
Enterprise architecture
Project management
Technical support
Application security
Project coordination
Certification
CCSP (Certified Cloud Security Professional), 2021
Timeline
Senior Solution Advisor
Deloitte
01.2023 - Current
Lead Solution Advisor
Deloitte
07.2022 - 01.2023
Senior Consultant
Deloitte
01.2022 - 07.2022
Service Delivery Specialist
Accenture
07.2020 - 12.2021
Cloud Security Engineer 2
Dell Technologies
03.2016 - 07.2020
B. Tech - Electronics & Telecommunication
Yashwantrao Chavan College of Engineering (Autonomous)
05.2011 - 07.2015
Similar Profiles
Albert Laurentiu IonAlbert Laurentiu Ion
Junior Information Technology Consultant at DeloitteJunior Information Technology Consultant at Deloitte
Sai Rekha SuradaSai Rekha Surada
Solution Advisor - Manager FCC Investigations Team at DeloitteSolution Advisor - Manager FCC Investigations Team at Deloitte
Sai Ramesh VattiSai Ramesh Vatti
Sr. UIUX Consultant at DeloitteSr. UIUX Consultant at Deloitte