Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Languages
Additional Details - Interests
Timeline
Generic

Koyel Ghosh

Mumbai

Summary

  • To leverage my skills and leadership expertise in Cyber Security and Governance, Risk and Compliance (GRC) to lead a global cross functional team, developing and executing comprehensive security strategies, proactively mitigating complex cyber threats, ensuring robust data protection across international operations aligned with local compliance regulations and ensuring organizational resilience. Seeking opportunities in international locations.
  • Experienced Cyber / information security and GRC (Governance, Risk and Compliance) Professional with 18 years of experience in leading comprehensive cyber security programs, developing risk management framework, ensuring compliance with regulatory requirements, and leading cross-functional teams across various countries (India, Asia Pacific, Australia, Middle East, and Europe).
  • Proven track record of enhancing security posture and protecting organizational assets in diverse business verticals (Finance, Insurance, Retail, Transportation and Logistics, Telecom, Ecommerce, Supply Chain), both private and public, and organizations of various sizes and type such as consulting, corporate, critical infrastructure, and IT service.
  • Adept in navigating complex and changing problems and environment by encouraging flexibility, innovation, and resilience within teams.
  • Excels in identifying and addressing challenges by fostering a culture of continuous learning and agility to meet evolving business needs.
  • Passionate about emerging technologies (Cloud, IoT, OT, AI) and subsequent security controls.

Overview

18
18
years of professional experience
6
6
Certification

Work History

Deputy General Manager - Cybersecurity & GRC

DP World
08.2018 - Current
  • Spearheaded regional information security initiatives and GRC programs with various governance and benchmarking initiatives and implementation of security solutions that improved the security posture by 120%
  • Drove the Subcontinent region to become a global leader in cybersecurity and GRC performance within DP World with highest score of 4.3 out of 5 as per COBIT assessment
  • Formulated and executed a multi-layered cybersecurity strategy in alignment with organizational objectives and regulatory requirements that improved the compliance by 50% and reduced IT risk cost by 10%
  • Established comprehensive incident response plans with threat intelligence and automated incident handling capabilities such as Security Operations Center (SOC) that reduced security incident occurrence by 50%
  • The initiative led DPWorld India to win 4th Edition Cyber Security Excellence Award by Quantic India in 2025 for best security monitoring and reporting practice
  • Implemented processes and controls that led to ISO 27001 certification for all regional entities
  • It improved the process compliance by 80%
  • Developed and implemented an information security awareness program for the workforce using various innovative methods that increased the awareness by 70%
  • Investigated and piloted emerging cybersecurity technologies such as SOAR, XDR, AI Security, IoT Security to ensure right solution is implemented

Assistant Manager - Information Technology Risk & Compliance

National Stock Exchange of India (NSETech)
09.2016 - 03.2018
  • Crafted and refined IT policies and procedures and implemented new controls to improve organizational compliance that resulted in 20% increase in compliance
  • Successfully facilitated external regulatory audits, demonstrating a commitment to transparency and regulatory compliance that resulted in zero major observations and 50% reduction in minor observations
  • Led ISO 27001 certification initiative that resulted in implementation of all controls in 6 months
  • Conducted Third-Party Information Security Assessments that improved the third-party risk posture by 30%
  • Executed detailed internal audits across diverse tools and departments, reinforcing the internal control environment that reduced assessment observations by 10%
  • Managed security audits and compliance reviews for multinational clients

Assistant Manager - Cyber Security (Risk Advisory Service)

PriceWaterhouse Coopers India
08.2015 - 09.2016
  • Developed and implemented cybersecurity framework for a government entity that had nil cyber security measures
  • Conducted detailed security audits across network infrastructures that improved the security posture by 20%
  • Ensured GDPR adherence through baseline evaluations for a financial MNC
  • Led risk assessment projects, formulated risk mitigation strategies, and supervised continuous risk oversight that reduced the risk exposure by 10%

Consultant - Information Risk Management Advisory (Global Consulting Practice)

TATA Consultancy Services
08.2007 - 09.2015
  • Conducted in-depth GRC and information risk evaluations for a global bank's Japanese subsidiary and subsequent implementation of controls
  • It improved the risk posture by 20%
  • Led the implementation of privacy controls for a leading US entity
  • Crafted and executed a risk assessment strategy for India's largest conglomerate and a premier Philippine telecom provider
  • Performed ISO 27001-compliant vendor security assessments for a top-tier US financial services corporation and Europe based MNCs
  • Identified new revenue opportunities through risk analysis of an Indian bank's Analytics division
  • Managed security audits and compliance reviews for multinational clients
  • Executed rigorous Risk and Security Audits for high-profile trading platforms, enhancing protocols for top Investment Banks at the National Stock Exchange

Assistant Manager - IT

Mjunction Services Limited
07.2005 - 08.2007
  • Spearheaded a dynamic team of 3 in executing the 'Reverse Auction Engine' initiative, optimizing online procurement processes for enterprise-level material sourcing

Education

Master of Business Administration (MBA) - General Management

Asian Institute of Management
Manila

Bachelor of Technology - Computer Science & Engineering

West Bengal University of Technology (Heritage Institute of Technology)
Kolkata

Skills

  • Cyber Security Strategy & Management
  • Risk Assessment & Management
  • Regulatory Compliance & Reporting (Security, AI, Privacy)
  • IT and Data Governance
  • Security Policies & Procedures
  • Technology, Process & Security Audits & Assessments
  • Third Party / Supply Chain Risk Management
  • Incident Response & Management (SIEM / SOC)
  • Business Continuity management and Disaster Recovery
  • ISO 27001 Implementation and certification
  • Cloud Security
  • ICS/ OT Security
  • DevSecOps & Security Automation
  • Zero Trust Architecture & IAM
  • Security Awareness Training Management
  • Artificial Intelligence related standards and regulations (EU AI Act, AI RMF)
  • Information Security & Risk Management Standards (ISO 27001, PCI DSS, Cloud Security Guidelines (CSA), NIST RMF, NIST CSF, COSO, ISO 31000, ISO 22301 NIST 800-115, NIST 800-123, CIS Benchmark, IOSCO, SEBI Guidelines, RBI Guidelines, TISAX, FISMA, SOX, SOCI Act (Australia), MAS TRM (Singapore), Essential Eight)
  • Privacy and Data protection regulations (GDPR, UK GDPR, CCPA (US), PIPEDA (Canada), PDPA (Singapore), Privacy Act (Australia), DPDP (India))
  • Security and Governance Solution Implementation (BIG ID)
  • Security Solution and Data Protection Technology Implementation (Privilege Access Management, EDR, Web Proxy, Firewall, Email Security Solution, SASE, Zero Trust Network Access, Identity & Access Management, Data Loss Prevention (DLP), Web Application Firewall (WAF), DDoS protection, External Attack Surface Management (EASM), CSPM)
  • Security Operation Center (SOC), Threat Intelligence, OSINT
  • Vulnerability Management and Penetration Testing
  • API Security
  • GRC automation tools
  • Stakeholder Management
  • Team Leadership
  • Demand Forecasting & Budgeting
  • Problem Solving & Situational Awareness
  • Contract Management
  • Program Management
  • Feasibility Analysis
  • Competitor Benchmarking

Certification

  • CISSP - Certified Information Systems Security Professional
  • CISA - Certified Information Security Auditor
  • ISO 27001 Lead Auditor
  • ISO 42001 Lead Implementer (AI Governance)
  • Data Science - Machine Learning (HarvardX)
  • ITIL v3 Foundation

Affiliations

  • ISACA (Information Systems Audit and Control Association)
  • ISC2 (International Information System Security Certification Consortium)

Languages

English
Hindi
Bengali
German

Additional Details - Interests

  • Offbeat Travel
  • Trekking & Adventure Sports

Timeline

Deputy General Manager - Cybersecurity & GRC

DP World
08.2018 - Current

Assistant Manager - Information Technology Risk & Compliance

National Stock Exchange of India (NSETech)
09.2016 - 03.2018

Assistant Manager - Cyber Security (Risk Advisory Service)

PriceWaterhouse Coopers India
08.2015 - 09.2016

Consultant - Information Risk Management Advisory (Global Consulting Practice)

TATA Consultancy Services
08.2007 - 09.2015

Assistant Manager - IT

Mjunction Services Limited
07.2005 - 08.2007

Master of Business Administration (MBA) - General Management

Asian Institute of Management

Bachelor of Technology - Computer Science & Engineering

West Bengal University of Technology (Heritage Institute of Technology)

Similar Profiles

CREATE PROFILE
Koyel Ghosh