HITHENDRA KUMAR
Bengaluru
Summary
Dynamic Senior Manager at Publicis Groupe with expertise in cybersecurity compliance and risk management. Proven track record in developing robust security policies and leading teams to enhance cloud security operations. Skilled in strategic planning and IT audits, driving significant improvements in compliance and operational resilience.
Overview
24
24
years of professional experience
1
1
Certification
Work History
Senior Manager
Publicis Groupe
03.2021 - Current
- Company Overview: As part of a 100+ member Global Security Organization, I am responsible for cybersecurity compliance management.
- Develop, maintain, and communicate cybersecurity policies and procedures, aligning with regulatory requirements (ISO 27001).
- Leading and managing the team handling IT Risk Management for Publicis Groupe, including regulatory compliance, audit and exception management, risk assessments, and cloud security operations.
- Serve as the liaison between IT, legal, audit, and business departments for all security-related activities.
- Prepare reports and present compliance status, risks, and recommendations to senior management.
- Revise compliance programs, and conduct regular reviews to adapt to emerging threats or regulatory changes.
- Cloud security operations which include onboarding new applications, reviewing and advising business/IT on security checks reported by cloud security solutions, (SSPM and CNAPP), and remediation tracking.
- Review cloud provider policies for implementation across the organization’s subscriptions.
- Review new projects and solutions deployed across the organization from a compliance perspective.
- Evaluate and implement security controls and technologies across the organization.
- AI Security Core Working Group – Key Contributor
- Development of AI security policy.
- AI Security Framework.
- AI security toolkit, which includes AI security controls and guidelines to adhere to.
- Assessment checklist with a focus on Agentic AI.
- Evaluation of AI assessment tools.
- I was part of the core group working on cyber risk quantification projects.
- Evaluated CRQ tools for implementation.
- Lead a team managing the OT GRC solution deployed for the organization.
Lead Consultant (CyberSec GRC)
Infosys Technologies
Bangalore
11.2020 - 03.2021
- Pre-sales support for the NA Region
- Develop solutions based on the GRC requirements identified in an RFP.
- Provide staffing and cost estimates for the GRC requirements identified in an RFP.
- Due diligence for a new client
- Understand the existing security posture and landscape.
- Perform as-is analysis to understand the existing controls and define the way forward to implement the same in the new environment.
- Review IT risk register and track risks for remediation.
- Define and agree on the compliance requirements.
Manager (Risk Advisory)
Deloitte Touche Tohmatsu India LLP
Bangalore
07.2018 - 08.2020
- Third Party Risk Management for a Consumer oriented firm
- Perform gap assessment of third-party IT vendors against the firm’s 6 control pillars.
- Review contracts, data privacy agreements, assessment reports and other IT related reports to identify gaps.
- Liaise with the internal application teams and the vendors to remediate the identified gaps.
- Define IT control metrics for a major Consumer oriented firm.
- Conduct information security assessment of Data Centre Migration of a major FMCG firm based out of India.
- Security due diligence for the new data centre (across all control domains)
- Review of network, infrastructure designs from an information security perspective and provide recommendations to step up security posture and enable Info Sec design sign offs.
- Maintain a security issue and risk register and track remediation actions through the duration of this project.
- Act as a point of contact for Info Sec through the duration of the project.
- Supplier Risk Management and Assurance for one of the major oil and natural gas firms.
- Support the on-boarding of new / existing IT suppliers to the standard enterprise supplier assurance process.
- Conduct annual planning and scoping for IT supplier assurance plans.
- Coordinate the execution and validate assurance activities with the IT suppliers.
- Facilitate and track remediation of deficiencies with IT suppliers.
Consulting Manager (RCDA)
Wipro Technologies
Bangalore
09.2015 - 07.2018
- Develop policies and standards to comply with Cloud service requirement.
- Responsible for Cloud compliance including the CSA questionnaire, ISO 27001 certifications, assurance reports and other requirements.
- Responsible for defining the Security requirements in the contract.
- Responsible for control implementation for the cloud program.
- Propose solution to close Security Risk Assessment Issues, RBAC Issues.
- Proposal on Delivery plan.
- Ensuring Security technology controls by reviewing Architecture and Design documents.
- Vulnerability Management.
- Validating customer Security, Compliance, and privacy schedule with the DLP requirement.
- Apply advanced knowledge and experience while participating on information technology initiatives requiring security review, as well as compliance assessment against the risk and information security framework.
- Recommend, establish, and reinforce Information Security policies, architecture, standards, and guidelines consistent with the overall business and information security strategy.
- Provide information security expertise with issues relating to administrative, procedural, application, operational, and project components of the organization.
- Interpret and communicate Risk and Information Security Management concepts.
- Developing Integrated Asset Classification Model.
- Gap assessment & implementation road Map for the current state and maturity index.
- Exception Management – Handling organization wide IT Exception as per SOX & ISO 27001 requirements.
- IT Security Audits & closure.
- IT Security Dashboard release.
- Responsible for risk profiling.
- Responsible for defining a Risk Management process.
- Responsible for ensuring that all identified risks are managed as per the SLA.
- Collaborate with business owners to remediate risk & acceptance.
- Ensure self-assessments are carried out for all applications before the audit as per the Self-Assessment Plan.
- Risk identification & Management.
- Compliance & Assurance in Delivery.
- Sustainability & continuous improvement for Control effectiveness.
- Define, monitor, and implement remediation activities and timely closure of findings.
- Develop and implement procedures to improve service resilience.
- Measure compliance against KPIs to aligned with Assurance Model.
- Responsible for BCP and DRP including mock drill and BCP testing.
Information Security Consultant
Capgemini Business Services India Ltd
Bangalore
07.2008 - 09.2010
- Conduct site risk assessments based on 1SO 27001.
- Perform SOX assessment.
- SAS70 facilitation and testing for CG USA and Canada.
- SAS70 control implementation for Multiple Client Processes.
- Developed the IT Operational Control Assessment (OCA) Guidelines for the year 2010 and training the stakeholders.
- Liaising with 3rd party service providers to ensure that the SAS70 operational controls are in line with client’s standard IT processes and underlying controls.
Product Service Planner
Unisys Global Services India Ltd
Bangalore
11.2006 - 07.2008
- Defining global strategic objectives for optimization of the hardware service supply chain to significantly reduce costs or improve service levels.
- Interface directly with OEM second level support staff to solve complex technical issues, utilizing strong technical communication skills to solve complex support issues.
- Manage the complete product support life cycle from pre-implementation to contract termination, to include end of life support recommendations.
- Provide post implementation support, via usage and financial analysis tools, to support GOIS contract profitability analysis.
- Participate in customer/client meetings with the ability to provide and implement solutions to a wide variety of situations.
- Development and management of a global capabilities database of service methodologies and inventory solutions.
- Provide efficient costing services at the local and global levels in support of sales and GBMO activities.
- Establish cost efficient implementations capitalizing on available GOIS resources.
- Team with SSCO business owners to support appropriate target projects which will result in significant improvement of cost or service level objectives.
IT Contractor
Coal IT Services UK Ltd
London
04.2005 - 06.2006
- Installation & configuration of the computer network
- Installation & configuration of routing & switching devices.
- Configure the servers & workstations to access various peripherals like printers, faxes, etc.
- Configuration and providing network support to access various internal tools & databases.
- Providing post-installation technical support to users
Technical Support Engineer
HP Global soft Ltd
Bangalore
08.2003 - 06.2004
- Installing & configuring Windows based OS.
- Managing users, user accounts, peripheral management.
- Administration of NT user account.
- Configuration and providing network support.
- Installation, configuration & administration of wireless networks.
Technical Support Representative
Dell International Services
Bangalore
11.2002 - 06.2003
- Installing & configuring Windows based OS.
- Managing users, user accounts, peripheral management.
- Providing support for the users to troubleshoot common software & hardware problems.
- Configuration and providing network support to access various company tools & databases.
Systems Engineer
IIHT Jayanagar
Bangalore
12.2001 - 10.2002
- Installations of Windows 95, 98, Windows NT Server & Workstation, Windows 2000 server family & Windows 2000 Professional.
- Installation of various customized software and drivers.
- Configuring DHCP, DNS & various other networking features on Windows NT & Windows 2000 servers.
- Configuring and maintenance of Cisco routers.
- Configuring MS Exchange client.
- Maintenance & troubleshooting of office LAN.
- Upgradation & maintenance of computers.
Education
Bachelor of Engineering - Mechanical
Bangalore University
Bangalore01.2001
Skills
- Strategic planning
- Leadership
- Budgeting
- Program management
- Governance
- Risk Management
- Pre-sales
- Threat lifecycle management
- Cybersecurity solutions
- Security architecture
- AI compliance and security
- IT audits and compliance
- Cloud compliance and security
- Third-party assessment
- BCP/DR
- IT infrastructure transition and transformation
- Process improvement
- Incident, threat, and vulnerability management
- Operations management
Certification
Certified Information Systems Auditor (CISA) from ISACA
Certificate of Cloud Security Knowledge (CCSK) from CSA
Training
- TOGAF
- Archer
- PMP
- Design Thinking
Timeline
Senior Manager
Publicis Groupe
03.2021 - Current
Lead Consultant (CyberSec GRC)
Infosys Technologies
11.2020 - 03.2021
Manager (Risk Advisory)
Deloitte Touche Tohmatsu India LLP
07.2018 - 08.2020
Consulting Manager (RCDA)
Wipro Technologies
09.2015 - 07.2018
Information Security Consultant
Capgemini Business Services India Ltd
07.2008 - 09.2010
Product Service Planner
Unisys Global Services India Ltd
11.2006 - 07.2008
IT Contractor
Coal IT Services UK Ltd
04.2005 - 06.2006
Technical Support Engineer
HP Global soft Ltd
08.2003 - 06.2004
Technical Support Representative
Dell International Services
11.2002 - 06.2003
Systems Engineer
IIHT Jayanagar
12.2001 - 10.2002
Bachelor of Engineering - Mechanical
Bangalore University