Summary
Overview
Timeline
Education
Work History
Skills
Certification
Accomplishments
Hobbies and Interests
Languages
Quote
Work Availability
Work Preference
SeniorSoftwareEngineer
Jayant Pathak

Jayant Pathak

Navi Mumbai

Summary

Highly qualified Information Security Officer with proven experience in designing and implementing effective security strategies. Demonstrated skills in risk management, cyber security reviews and audits, and data protection measures. Reputed for leading cross-functional teams to enhance overall information security framework while ensuring compliance with industry standards and legal regulations. Contributed significantly to the reduction of security breaches and incidents in previous roles.

Overview

8
8
years of professional experience
10
10

Certifications

1
1

Bachelors

1
1

Masters

Timeline

Information Security Officer and Manager

State Bank of India
03.2020 - 07.2024

Cyber Security Intern/Trainee

PricewaterhouseCoopers Private Limited
01.2019 - 07.2019

Weblogic Administrator

Oracle Private Limited
08.2018 - 10.2018

System Engineer

Tata Consultancy Services Limited
09.2014 - 06.2017

MTECH Cyber Security Systems and Networks -

Amrita Vishwa Vidyapeetham

B.E Computer Engineering -

University of Mumbai

HSC -

Maharashtra State Board, Nasik

SSC -

Maharashtra State Board, Nasik

Education

MTECH Cyber Security Systems and Networks -

Amrita Vishwa Vidyapeetham
05.2019

B.E Computer Engineering -

University of Mumbai
05.2014

HSC -

Maharashtra State Board, Nasik
01.2009

SSC -

Maharashtra State Board, Nasik
01.2007

Work History

Information Security Officer and Manager

State Bank of India
Navi Mumbai
03.2020 - 07.2024

• Managed a team of information security professionals in day-to-day infra IT operations.
• Led third-party information risk-assessment program, assessing compliance and vulnerabilities.
• Managed the security review and audits of new systems and frameworks such as VMware private cloud, Azure, GCP and AWS hybrid/public cloud adoption/migration, DevSecOps, Platform Engineering, Kubernetes Microservices, Enterprise Architecture tool etc., while coordinating closely with internal personnel and external vendors.
• Defined security practices and standards to safeguard Bank's assets and data.
• Reviewed and recommended updates to information security policies, standards and guidelines.
• Presented security recommendations and managed the implementation of security improvements in new or existing applications, services and infrastructure.
• Participated in business continuity and disaster recovery preparedness activities.
• Supported development, documentation and presentation of IT security awareness, education and training for management, IT personnel and users.
• Implemented cybersecurity awareness training programs for staff members at all levels.
• Reviewed security incidents and took corrective actions to prevent future occurrences.
• Assessed overall performance of information security program through audits and evaluations.
• Ensured compliance with industry regulations, such as ISO, NIST, CIS, HIPAA, GDPR, and PCI-DSS as well as regulations of RBI, MeitY, IT ACT, DPDPA etc.
• Conducted risk assessments to identify vulnerabilities and recommend appropriate controls.
• Owned security awareness program, preparing general and team-specific trainings, quizzes and workshops.
• Maintained up-to-date knowledge of emerging technologies, threats, and industry best practices.
• Collaborated with IT teams to integrate security measures into new software development projects.
• Guided leadership in decision-making related to security and risk assessment operations.
• Developed and implemented information security policies, procedures, and standards.
• Assisted with evaluation, selection and implementation of security products and technologies.
• Assessed information security performance, identifying problems, evaluating trends and anticipating requirements.
• Established key performance indicators KPIs to measure effectiveness of information security initiatives.
• Managed, trained and mentored direct reports within security architecture team.
• Evaluated existing infrastructure for potential weaknesses and recommended improvements.
• Oversaw vulnerability scanning and penetration testing initiatives to assess system security.
• Provided guidance on best practices for data protection and privacy management.
• Liaised with external vendors to assess third-party risks and develop mitigation strategies.
• Supported threat modeling workshops across applications and company infrastructure.
• Reported regularly on status of information security activities to executive leadership teams.
• Carried out end to end comprehensive information security reviews which includes application and server security testing, network architecture review, secure code review, hardening and secure configuration of servers, applications and endpoints, database and network configuration and policy security review, regulatory policy and procedures review, process review including compliance review to various global security standards, digital forensic readiness assessment, vulnerability assessment and penetration testing, api security review etc.
• Reviewed and managed the implementation of baseline hardening of servers, network devices, desktops and applications.
• Evaluated various security tools, products and services such as SWG, SASE, ZTE, ZPA, AV, DLP, SIEM, DAM, CASB, CWPP, CSPM, EDR, XDR, UEBA etc.
• Provided regular reports on audits of our current services, applications, infrastructure, as well as our internal practices, policies, systems and procedures.
• Mitigated IT security threats by gathering information and developing plans, monitoring networks for security breaches, training users on security protocols, developing best practices and security standards, creating and testing disaster recovery procedures to keep IT running in the event of a security breach while being accountable and responsible for reviewing internally developed applications, before they are deployed to production environment.
• Reviewed cloud SAAS applications in terms of zero trust security.
• Suggested process, procedures and measures to the management for implementing security tools and solutions onto the Bank's private cloud infra and define perimeter security.
• Successfully reduced security incidents by 30% through proactive threat monitoring and risk mitigation strategies.
• Implemented a comprehensive security awareness program that improved employee compliance with security policies by 25%.
• Played a key role in achieving ISO 27001 certification for the organization by ensuring adherence to security best practices.

Cyber Security Intern/Trainee

PricewaterhouseCoopers Private Limited
Mumbai
01.2019 - 07.2019

• Carried out end to end comprehensive risk, audit, assurance and information security reviews of IT ecosystem of various IT and telecom sector companies, as well as leading private and government Banks, which included: Security testing of applications, APIs, appliances, network devices and servers as per OWASP top ten and Sans 25 benchmarks, Vulnerability Assessment and Penetration Testing of all IT devices and systems, Network architecture review of IT Infra and applications,Secure code review in terms of SAST, DAST, SCA and obfuscation, Hardening and secure configuration of servers, applications, network devices, endpoints and databases using CIS and NIST Standards, Risk assessment of network configuration, rule base review and policies, Regulatory policy and procedures review in terms of secure process review including compliance and documentation review as per various global and local security standards and IS review of digital forensic readiness assessment, logging and monitoring.
• Consulted a leading telecom company in IT and business process, management and support for E-sign Empanelment.
• Lead the internal PwC HR team for hiring information/cyber security consultants on contract basis.
• Assisted PwC senior management in pitching, auctioning, bidding for various cyber and information security projects to various PwC clients.
• Conducted risk assessments to identify potential vulnerabilities in IT infrastructure.
• Supported efforts to achieve relevant certifications such as ISO 27001 or SOC 2 Type II certifications.
• Evaluated third-party vendors' cybersecurity posture through questionnaires and due diligence reviews.
• Collaborated with IT team members to ensure secure configuration of servers, workstations, and devices.
• Handled emergency security issues and property intrusions with calm and level-headed approach.
Oversaw team of 15 to manage security for critical events.

Weblogic Administrator

Oracle Private Limited
Bangalore
08.2018 - 10.2018

• Built the systems from OS Level, configuring and customizing it according to the company standards for Solaris 10, Solaris 8 and Red Hat Linux systems.
• Deployed the applications on multiple Weblogic Servers and maintained Load Balancing, High Availability and Fail over functionality.
• Utilized Remedy Problem & Change management application for management of problem tickets and production change requests.
• Deployed of the .war and .ear files in Dev/Stage and production mode in Intranet/Internet Environments.
• Collaborated with infrastructure teams to plan capacity upgrades and hardware changes as needed.
• Analyzed log files for errors or potential problems affecting availability of applications.
• Monitored server performance to identify and resolve issues.
• Developed custom scripts for automated deployments and administration tasks.
• Managed domains, clusters, and node managers for efficient application deployment.
• Created backups of configurations, logs, and other critical files for disaster recovery.

System Engineer

Tata Consultancy Services Limited
Chennai
09.2014 - 06.2017
  • Internal IT onsite engineer for supporting various TCS projects by providing solutions to various issues related to IT infra operations and governance
  • Performed lead role for around 1.5 years for managing IT infra of about 7 thousand devices and provide support for IT infra security audits, reviews and risk assessments
  • Maintained Internal IT Infrastructure security compliance by performing vulnerability assessments & penetration testing of internal as well as client applications and infrastructure
  • Prioritized, resolved, and reported outages and issues related to hardware, software, servers, applications, windows, printers and network within acceptable SLAs and escalated to other or higher teams if required
  • Prepared incident/change management SOPs, implemented and reviewed IT and IS policies/processes and govern IT and IS compliance of TCS endpoints and Install TCS Golden Images on all laptops, desktops and servers within the scope of delivery owner.

Skills

IT Security Governance, Audit, Review, Consulting, Engineering and Management

Information Security assurance

IT Risk Management

IT and IS Compliance Management

IT Infrastructure Defense and Management

Cloud Security - AZURE, AWS, GCP, VMware etc

Endpoint, Application and Server Security

SOC - Threat Hunting and Incident Management

Microsoft Office Skills

Infrastructure & Virtualization Management

Certification

  • ISACA CISM, 12/2023
  • VMware VCTA, 11/2023
  • ISC2 CC, 10/2023
  • ZScaler ZTCA, 09/2023
  • VMware Tanzu Kubernetes, 05/2023
  • EC Council CEH V11, 09/2022
  • IDRBT Security in Cloud Computing, 04/2022
  • Microsoft O365 Security Administrator, 06/2021
  • CyberArk PAM Trustee, 05/2019
  • Oracle Administrator, 10/2018
  • Microsoft Certified Professional, 01/2017
  • EC Council CEH V9, 03/2016
  • ITIL Foundation, 07/2015
  • Artificial Intelligence, 03/2014
  • Cryptography, 11/2013

Accomplishments

· Multitasking Abilities

· Efficient interpersonal communication

· Timely reporting and documentation

· Analytical Skills

· Calculative resource allocation

· Written Communication

· Long Term Goal Planning

· Active Listening

· Efficient Problem-Solving

· Organizational Skills

· Analytical Thinking

· Reliable, Adaptable and Flexible

· Work Well Under Pressure

Hobbies and Interests

  • Animal welfare work
  • Trekking
  • Music and Art
  • Meditation
  • Exploring and Seeking the Unknown
  • Discovering and Researching the Arcane

Languages

Hindi
First Language
Marathi
Proficient (C2)
C2
English
Proficient (C2)
C2

Quote

There’s no shortage of remarkable ideas, what’s missing is the will to execute them.
Seth Godin

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Work Preference

Work Type

Full TimePart TimeContract WorkInternship

Location Preference

On-SiteRemoteHybrid

Important To Me

Career advancementWork-life balanceCompany CultureFlexible work hoursWork from home optionStock Options / Equity / Profit Sharing
Jayant Pathak