Jayant Pathak

• Managed a team of information security professionals in day-to-day infra IT operations.
• Led third-party information risk-assessment program, assessing compliance and vulnerabilities.
• Managed the security review and audits of new systems and frameworks such as VMware private cloud, Azure, GCP and AWS hybrid/public cloud adoption/migration, DevSecOps, Platform Engineering, Kubernetes Microservices, Enterprise Architecture tool etc., while coordinating closely with internal personnel and external vendors.
• Defined security practices and standards to safeguard Bank's assets and data.
• Reviewed and recommended updates to information security policies, standards and guidelines.
• Presented security recommendations and managed the implementation of security improvements in new or existing applications, services and infrastructure.
• Participated in business continuity and disaster recovery preparedness activities.
• Supported development, documentation and presentation of IT security awareness, education and training for management, IT personnel and users.
• Implemented cybersecurity awareness training programs for staff members at all levels.
• Reviewed security incidents and took corrective actions to prevent future occurrences.
• Assessed overall performance of information security program through audits and evaluations.
• Ensured compliance with industry regulations, such as ISO, NIST, CIS, HIPAA, GDPR, and PCI-DSS as well as regulations of RBI, MeitY, IT ACT, DPDPA etc.
• Conducted risk assessments to identify vulnerabilities and recommend appropriate controls.
• Owned security awareness program, preparing general and team-specific trainings, quizzes and workshops.
• Maintained up-to-date knowledge of emerging technologies, threats, and industry best practices.
• Collaborated with IT teams to integrate security measures into new software development projects.
• Guided leadership in decision-making related to security and risk assessment operations.
• Developed and implemented information security policies, procedures, and standards.
• Assisted with evaluation, selection and implementation of security products and technologies.
• Assessed information security performance, identifying problems, evaluating trends and anticipating requirements.
• Established key performance indicators KPIs to measure effectiveness of information security initiatives.
• Managed, trained and mentored direct reports within security architecture team.
• Evaluated existing infrastructure for potential weaknesses and recommended improvements.
• Oversaw vulnerability scanning and penetration testing initiatives to assess system security.
• Provided guidance on best practices for data protection and privacy management.
• Liaised with external vendors to assess third-party risks and develop mitigation strategies.
• Supported threat modeling workshops across applications and company infrastructure.
• Reported regularly on status of information security activities to executive leadership teams.
• Carried out end to end comprehensive information security reviews which includes application and server security testing, network architecture review, secure code review, hardening and secure configuration of servers, applications and endpoints, database and network configuration and policy security review, regulatory policy and procedures review, process review including compliance review to various global security standards, digital forensic readiness assessment, vulnerability assessment and penetration testing, api security review etc.
• Reviewed and managed the implementation of baseline hardening of servers, network devices, desktops and applications.
• Evaluated various security tools, products and services such as SWG, SASE, ZTE, ZPA, AV, DLP, SIEM, DAM, CASB, CWPP, CSPM, EDR, XDR, UEBA etc.
• Provided regular reports on audits of our current services, applications, infrastructure, as well as our internal practices, policies, systems and procedures.
• Mitigated IT security threats by gathering information and developing plans, monitoring networks for security breaches, training users on security protocols, developing best practices and security standards, creating and testing disaster recovery procedures to keep IT running in the event of a security breach while being accountable and responsible for reviewing internally developed applications, before they are deployed to production environment.
• Reviewed cloud SAAS applications in terms of zero trust security.
• Suggested process, procedures and measures to the management for implementing security tools and solutions onto the Bank's private cloud infra and define perimeter security.
• Successfully reduced security incidents by 30% through proactive threat monitoring and risk mitigation strategies.
• Implemented a comprehensive security awareness program that improved employee compliance with security policies by 25%.
• Played a key role in achieving ISO 27001 certification for the organization by ensuring adherence to security best practices.

• Carried out end to end comprehensive risk, audit, assurance and information security reviews of IT ecosystem of various IT and telecom sector companies, as well as leading private and government Banks, which included: Security testing of applications, APIs, appliances, network devices and servers as per OWASP top ten and Sans 25 benchmarks, Vulnerability Assessment and Penetration Testing of all IT devices and systems, Network architecture review of IT Infra and applications,Secure code review in terms of SAST, DAST, SCA and obfuscation, Hardening and secure configuration of servers, applications, network devices, endpoints and databases using CIS and NIST Standards, Risk assessment of network configuration, rule base review and policies, Regulatory policy and procedures review in terms of secure process review including compliance and documentation review as per various global and local security standards and IS review of digital forensic readiness assessment, logging and monitoring.
• Consulted a leading telecom company in IT and business process, management and support for E-sign Empanelment.
• Lead the internal PwC HR team for hiring information/cyber security consultants on contract basis.
• Assisted PwC senior management in pitching, auctioning, bidding for various cyber and information security projects to various PwC clients.
• Conducted risk assessments to identify potential vulnerabilities in IT infrastructure.
• Supported efforts to achieve relevant certifications such as ISO 27001 or SOC 2 Type II certifications.
• Evaluated third-party vendors' cybersecurity posture through questionnaires and due diligence reviews.
• Collaborated with IT team members to ensure secure configuration of servers, workstations, and devices.
• Handled emergency security issues and property intrusions with calm and level-headed approach.
Oversaw team of 15 to manage security for critical events.

• Built the systems from OS Level, configuring and customizing it according to the company standards for Solaris 10, Solaris 8 and Red Hat Linux systems.
• Deployed the applications on multiple Weblogic Servers and maintained Load Balancing, High Availability and Fail over functionality.
• Utilized Remedy Problem & Change management application for management of problem tickets and production change requests.
• Deployed of the .war and .ear files in Dev/Stage and production mode in Intranet/Internet Environments.
• Collaborated with infrastructure teams to plan capacity upgrades and hardware changes as needed.
• Analyzed log files for errors or potential problems affecting availability of applications.
• Monitored server performance to identify and resolve issues.
• Developed custom scripts for automated deployments and administration tasks.
• Managed domains, clusters, and node managers for efficient application deployment.
• Created backups of configurations, logs, and other critical files for disaster recovery.

• Internal IT onsite engineer for supporting various TCS projects by providing solutions to various issues related to IT infra operations and governance
• Performed lead role for around 1.5 years for managing IT infra of about 7 thousand devices and provide support for IT infra security audits, reviews and risk assessments
• Maintained Internal IT Infrastructure security compliance by performing vulnerability assessments & penetration testing of internal as well as client applications and infrastructure
• Prioritized, resolved, and reported outages and issues related to hardware, software, servers, applications, windows, printers and network within acceptable SLAs and escalated to other or higher teams if required
• Prepared incident/change management SOPs, implemented and reviewed IT and IS policies/processes and govern IT and IS compliance of TCS endpoints and Install TCS Golden Images on all laptops, desktops and servers within the scope of delivery owner.