Summary
Overview
Work History
Education
Skills
Certification
Timeline
Accomplishments
Generic
Kshitij Gunale

Kshitij Gunale

Senior Analyst
Mumbai

Summary

VAPT & Regulatory Compliance Specialist – Banking Sector
Managed end-to-end VAPT activities with external vendors, ensuring adherence to RBI guidelines and industry standards (OWASP, NIST, CVSS). Prepared and submitted regulatory reports, supported RBI audits, and tracked remediation of vulnerabilities. Maintained cybersecurity documentation, dashboards, and risk registers while collaborating with IT, InfoSec, Risk, and Compliance teams to strengthen the bank’s security posture. Provided insights to senior management and Board-level reporting on vulnerabilities, compliance, and risk mitigation.

Overview

8
8
years of professional experience
4
4
Certificates

Work History

Senior Analyst

IndusInd Bank
08.2024 - Current

Vendor Management for VAPT Activities

  • Coordinate with external vendors to conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) across bank assets.
  • Review and validate vendor reports for accuracy, completeness, and compliance with RBI guidelines.
  • Ensure vendors follow industry-standard methodologies (OWASP, NIST, CVSS) while maintaining confidentiality and data security.


Regulatory Submissions & RBI Audit Support

  • Prepare and submit RBI-mandated VAPT reports, closure documents, and compliance matrices.
  • Serve as a liaison between vendors and internal teams during RBI audits, ensuring timely and accurate responses.
  • Track and close audit observations related to VAPT and cybersecurity, maintaining comprehensive records of actions taken.


Security Governance & Risk Oversight

  • Monitor remediation of vulnerabilities identified by vendors, ensuring timely closure and risk mitigation.
  • Maintain documentation of cybersecurity posture, including risk registers, vulnerability dashboards, and remediation logs.
  • Align VAPT activities with RBI’s Cyber Security Framework for Banks and other applicable regulatory standards.


Compliance & Reporting

  • Ensure VAPT frequency and scope meet regulatory requirements (quarterly, half-yearly, or as mandated).
  • Generate internal reports for senior management and compliance teams, providing actionable insights on vulnerabilities and risk exposure.
  • Support Board-level reporting on cybersecurity metrics, VAPT outcomes, and risk management initiatives.


Collaboration & Stakeholder Engagement

  • Work closely with IT, InfoSec, Risk, and Compliance teams to ensure VAPT findings are addressed and mitigated promptly.
  • Actively engage stakeholders in remediation planning, risk prioritization, and process improvements to strengthen the bank’s security posture.

Cybersecurity Consultant

Network Intelligence Private Limited
04.2022 - 08.2024
  • Vulnerability Assessment & Configuration Audits: Conducted end-to-end VAPT, configuration audits, and PCI DSS ASV scans for BFSI and international clients using Tenable Security Center, ensuring CIS benchmark compliance and alignment with regulatory standards.
  • Team Leadership & Mentorship: Managed and mentored teams of up to 17 consultants, facilitating training sessions, cross-training, and knowledge-sharing initiatives to enhance team technical proficiency and operational efficiency.
  • Client Engagement & Advisory: Delivered actionable findings, reports, and strategic recommendations to clients and internal stakeholders, helping organizations improve security posture and risk mitigation strategies.
  • Process Improvement & Innovation: Participated in continuous improvement initiatives, identifying operational gaps and providing innovative solutions.
  • Training & Knowledge Development: Created training materials, prototypes, and SOPs, coaching team members on best practices, security frameworks, and client service standards.
  • Cross-Functional Collaboration: Coordinated with multiple internal and external teams to resolve issues quickly, maintain operational continuity.
  • Recognition & Achievements: Earned multiple client and organizational commendations for diligent efforts, technical expertise, and proactive risk management.

Associate Consultant

SEQURETEK
06.2020 - 03.2022

VAPT & Configuration Audit Specialist | 4 Years Experience


  • Conducted end-to-end vulnerability assessments and configuration audits for BFSI clients using Tenable Security Center, ensuring 100% alignment with CIS benchmarks.
  • Developed and implemented a custom vulnerability management tool, streamlining reporting, and improving leadership visibility on remediation progress.
  • Coordinated scanning operations and vulnerability remediation, increasing team resolution efficiency by 40%.
  • Delivered actionable findings and strategic recommendations to internal stakeholders and clients, supporting informed decision-making.
  • Trained and mentored junior analysts , enhancing team productivity and technical proficiency.
  • Conducted on-site observations and structured interviews to assess individual and team strengths, aligning tasks with skillsets for optimal performance.
  • Ensured adherence to regulatory compliance standards and industry best practices (OWASP, NIST, CVSS) across all assessments.

Senior Cybersecurity Analyst

Network Intelligence Private Limited
11.2017 - 06.2020

Cybersecurity & VAPT Specialist | SOC & Client-Facing Experience

  • Conducted regular user access reviews, significantly reducing exposure to insider threats and compromised accounts.
  • Led 24/7 SOC assessment team, mitigating cyber risks through continuous vulnerability assessments and penetration testing using OWASP Top 10 and SANS 25 frameworks.
  • Performed WAF analysis and tuning using Imperva WAF, strengthening web application security.
  • Engaged directly with BFSI clients to plan and execute VAPT tasks, ensuring regulatory compliance and security best practices.
  • Delivered VAPT, VLAN segmentation, and PCI DSS ASV scanning for international clients, ensuring robust security posture across diverse environments.
  • Received multiple client and organizational commendations for diligence, insights, and proactive problem-solving.
  • Managed multiple concurrent projects with strong attention to detail, organization, and strict adherence to deadlines, optimizing team productivity and client satisfaction.

Education

Bachelor of Engineering - Information Technology

KCE Society
Jalgaon
04.2001 -

Skills

Client management

Certification

Certified Information Security Manager (CISM) by ISACA

Timeline

Certified Information Security Manager (CISM) by ISACA

12-2024

Certified Cloud Security Engineer (CCSK)

10-2024

Senior Analyst

IndusInd Bank
08.2024 - Current

ISO 27001 LA by GSDC Council

08-2024

AZ 900

06-2024

Cybersecurity Consultant

Network Intelligence Private Limited
04.2022 - 08.2024

Associate Consultant

SEQURETEK
06.2020 - 03.2022

Senior Cybersecurity Analyst

Network Intelligence Private Limited
11.2017 - 06.2020

Bachelor of Engineering - Information Technology

KCE Society
04.2001 -

Accomplishments

  • Received Client Appreciation for consistently delivering projects on time and meeting expectations.
  • Awarded Excellence for outstanding performance, quality delivery, and dedication.

Similar Profiles

  • Simi Kunnathully

    Simi KunnathullySimi Kunnathully

    CHIEF MANAGER – PORTFOLIO MANAGEMENT & SALES (CREDIT CARDS CONTACT CENTRE) at IndusInd BankCHIEF MANAGER – PORTFOLIO MANAGEMENT & SALES (CREDIT CARDS CONTACT CENTRE) at IndusInd Bank

  • Neha Shukla

    Neha ShuklaNeha Shukla

    Relationship Manager at Indusind BankRelationship Manager at Indusind Bank

  • Pradeep N

    Pradeep NPradeep N

    Senior Bussiness Development Manager at Indusind BankSenior Bussiness Development Manager at Indusind Bank

  • Hardik Shah

    Hardik ShahHardik Shah

    Representative - South Asia at EHL Hospitality Business SchoolRepresentative - South Asia at EHL Hospitality Business School

  • Shivam Bhat

    Shivam BhatShivam Bhat

    Senior Consultant at EYSenior Consultant at EY

CREATE PROFILE
Kshitij GunaleSenior Analyst