Kuldeep Kumar Kaushal
Cyber Security Leader
Noida
Summary
Results-driven Information Security executive with 23+ years of global experience spanning BFSI, Mobile VAS, IT, and CPaaS sectors. Proven track record as CISO and DPO for multinational organizations, with 14+ years in senior security leadership roles. Adept at aligning cybersecurity strategy with business growth objectives, managing enterprise-wide risk, and leading high-performing global security teams across multiple time zones. Currently serving as Sr. VP – Information Security | CISO & DPO at Sinch India (formerly ACL Mobile Ltd.).
Overview
23
23
years of professional experience
20
20
Certifications
2
2
Languages
Work History
Sr. VP - Information Security | CISO & DPO
Sinch India (formerly ACL Mobile Ltd.)
05.2020 - Current
- Developed and executed an enterprise-wide cybersecurity and data privacy strategy aligned with business objectives, regulatory mandates (ISO 27001, NIST, GDPR, PDPPA, PCI-DSS, RBI, TRAI), and long-term growth priorities.
- Delivered board-level reporting on cybersecurity posture, risk exposure, budget utilization, and investment priorities — enabling informed governance decisions at the highest level.
- Conducted cybersecurity due diligence for M&A activities, identifying integration risks and ensuring seamless security control adoption post-acquisition.
- Championed security alignment across IT, legal, compliance, risk, and business units — embedding security as a business enabler rather than a constraint.
- Supported customer security audits, RFPs, and due diligence engagements, strengthening trust with enterprise clients and partners.
- Implemented risk-based cybersecurity frameworks to proactively identify, assess, and mitigate threats across the organization's threat landscape.
- Established a robust third-party risk management program covering vendors, partners, and cloud service providers — reducing supply chain exposure.
- Ensured continuous compliance with GDPR, India's PDPPA Act 2023, PCI-DSS, RBI guidelines, and TRAI norms through automated controls monitoring and periodic audits.
- Oversaw Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) for new products and services, embedding Privacy by Design principles into the development lifecycle.
- Developed and maintained data governance frameworks, including privacy policies, data classification standards, and cross-border data transfer compliance.
- Managing a 24/7 Security Operations Center (SOC), driving proactive threat intelligence, vulnerability management, VAPT programs, and dark web monitoring.
- Led incident response and recovery operations — minimizing business disruption through rapid containment, remediation, and post-incident reporting.
- Evaluated and deployed security automation solutions (SOAR, SIEM, XDR, AI-driven detection), significantly reducing manual effort and mean time to respond (MTTR).
- Optimized the security technology portfolio through strategic tool consolidation and selective MSSP/SOC outsourcing — reducing costs while improving coverage.
- Adopted cloud-native security models including Zero Trust and SASE frameworks, enhancing security posture for a distributed, cloud-first workforce.
- Implemented and governed IAM and Privileged Access Management (PAM) solutions, enforcing least-privilege access across the enterprise.
- Pioneered the enterprise AI Security and Governance function at Sinch, defining strategy, policies, and controls aligned with ISO 42001 & NIST AI RMF, enabling secure scaling of GenAI-powered features across customer-facing CPaaS and messaging platforms.
- Embedded AI security into product architecture at design stage, ensuring secure-by-design AI capabilities across APIs, platforms, and customer communication workflows handling high volumes of financial and personal data.
- Implemented security guardrails for Generative AI use cases leveraging platforms such as ChatGPT and similar LLMs — preventing prompt injection, data leakage, model abuse, and unauthorized access to sensitive financial and customer data.
- Established an enterprise Responsible AI framework aligned to trust, transparency, and fairness, creating governance workflows for AI use-case approvals that accelerate innovation without compromising risk controls.
- Conducted AI risk assessments and DPIAs for AI-powered features involving PII, financial data, and customer communications, ensuring alignment with GDPR, PDPPA Act 2023, and the EU AI Act.
- Defined enterprise-wide AI usage policies governing safe and compliant use of AI tools across all employees and product development teams.
- Integrated AI security controls into DevSecOps pipelines, enabling rapid yet secure deployment of AI features across SaaS products without compromising security standards.
- Secured the full AI lifecycle: training data integrity (data-poisoning and fraud prevention), model validation (bias detection, explainability checks), secure API and inference endpoint hardening, and LLM input/output filtering.
- Implemented data masking, tokenization, and granular access controls to prevent leakage of sensitive financial and customer data across AI training and inference environments.
- Partnered with SOC service provider to integrate AI system monitoring into the SOC, enabling real-time detection of model misuse, anomalous query patterns, and model drift with dedicated incident playbooks for prompt injection and data exfiltration via AI responses.
- Evaluated and governed third-party AI providers and APIs used in SaaS platforms defining onboarding and due diligence standards to ensure secure integration of external AI services into core product infrastructure.
- Established API security best practices and defined security requirements for internal integrations and external developer APIs.
- Oversaw application security architecture across IT, cloud, network, and application environments — managing SAST and DAST assessments aligned with OWASP Top 10 and SANS Top 25.
- Embedded automated security testing within CI/CD pipelines, enabling shift-left security and continuous validation throughout the SDLC.
- Drove security governance for emerging technologies including AI, 5G, IoT, and blockchain — proactively managing novel risk vectors.
- Built, mentored, and scaled a high-performing cybersecurity and privacy team with specialized skills across multiple domains.
- Designed and enhanced security awareness and training programs for employees and leadership, cultivating a security-first organizational culture.
- Developed and tested Business Continuity & Disaster Recovery (BCP/DR) and Pandemic Response plans, ensuring organizational resilience against cyberattacks and natural disruptions.
- Sinch India is part of Sinch AB, a global cloud communications leader based in Stockholm. It provides CPaaS solutions, widely used by banks and BFSI firms for secure, large-scale customer communication.
SVP - Information Security | Global CISO & DPO
Moody’s Analytics Knowledge Services
08.2017 - 05.2020
- Led the global information security program, defining strategy, policies, and risk appetite — regularly briefing the executive committee on cyber posture, emerging threats, and recommended countermeasures.
- Partnered with executive management to balance security requirements with business objectives, identifying risk factors and delivering pragmatic, scalable solutions.
- Acted as the organization's primary representative for security inquiries from customers, regulators, and senior stakeholders — reinforcing trust and transparency.
- Successfully achieved SOC 2 Type II attestation, a key milestone that strengthened client confidence and competitive positioning.
- Published a security dashboard for the Executive Committee, providing real-time visibility into security posture and driving accountability across business units.
- Developed and maintained enterprise-wide information security policies, procedures, and control frameworks — ensuring adequate protection without impeding business operations.
- Conducted periodic information security risk assessments, gap analyses, and compliance reviews against statutory and regulatory requirements.
- Oversaw security hardware/software selection, testing, deployment, and management — including outsourced security service arrangements.
- Managed incident response processes: investigation, containment, reporting, and liaison with relevant agencies for cybersecurity breaches and data privacy violations.
- Maintained comprehensive security procedures covering Business Continuity, Disaster Recovery, Emergency Operations, and Incident Response protocols.
- Oversaw application and API security programs — managing SAST and DAST assessments aligned with OWASP Top 10 and SANS Top 25 frameworks.
- Embedded automated security testing (SAST/DAST) within CI/CD pipelines, enabling continuous validation and reducing vulnerability exposure at release.
- Guided engineering and product teams in enforcing encryption, secure authentication (MFA, OAuth), and least-privilege access principles across all applications and APIs.
- Implemented tools and processes to mitigate risks from third-party integrations, open-source components, and vendor software supply chains.
- Oversaw the organization's security function spanning data privacy, cybersecurity, and physical security — ensuring consistent policy enforcement across all domains.
- Implemented and monitored vulnerability remediation procedures, ensuring timely closure of identified risks within agreed SLAs.
- Drove security awareness and compliance through structured training programs and periodic internal and external security audits.
- Evaluated and recommended new security technologies and countermeasures to address evolving threats to information assets and privacy.
- Moody’s Analytics Knowledge Services provides research, data, and analytics support to financial institutions, helping them with risk management, compliance, and informed decision-making.
Chief Security Architect
Mahindra Comviva
02.2014 - 08.2017
- Led incident response efforts, effectively mitigating damage caused by cyber attacks and data breaches.
- Managed relationships with external vendors, ensuring timely delivery of hardware and software solutions that met strict security requirements.
- Streamlined enterprise-wide security policies, improving overall compliance with industry standards and regulations.
- Provided technical guidance on best practices for securely deploying cloud-based services and infrastructure.
- Collaborated closely with IT leadership providing expert counsel on key decisions related to information security investments.
- Delivered strong cybersecurity defense by creating custom intrusion detection systems tailored to specific environments.
- Evaluated emerging technologies for potential inclusion in future security architecture designs.
- Played an instrumental role in securing company assets through the development of comprehensive disaster recovery plans.
- Conducted penetration testing exercises to evaluate the effectiveness of implemented defenses against potential cyber threats.
- Reduced cyber threats through thorough vulnerability assessments and risk analysis.
- Spearheaded cybersecurity awareness training programs, fostering a culture of vigilance among employees at all levels of the organization.
- Drafted detailed technical documentation outlining architectural design principles, guidelines, and best practices.
- Collaborated with cross-functional teams for seamless integration of security protocols into existing infrastructure.
- Developed robust encryption algorithms to protect sensitive data from unauthorized access.
- Conducted regular security audits to identify weaknesses and implement appropriate countermeasures.
- Proactively identified opportunities for process improvement resulting in streamlined operations across multiple departments.
- Designed user authentication systems, ensuring secure access to critical applications and resources.
- Championed change management processes to minimize disruptions during the rollout of new security initiatives.
- Enhanced security measures by designing and implementing comprehensive network architecture strategies.
- Optimized system performance through the implementation of advanced monitoring tools and techniques.
- Created policies and procedures for emerging security technologies and proposals.
- Engaged business and technology stakeholders to gather goals and requirements.
- Designed, installed and configured email encryption gateways with data loss prevention.
- Developed security metrics and technical analysis to give insight into performance and trends.
- Performed network troubleshooting to isolate and diagnose common problems.
- Worked with business partners to balance requirements, security and risk reduction.
- Translated strategy into solutions and operating models by leading or managing others,
- Created frameworks by designing and developing technical solutions.
- Liaised with third parties to respond to security events and understand threat landscape.
Education
B.Tech. - Computer Science
Delhi University
Two Year Professional Certification Program - undefined
NIIT
Senior Secondary School Examination - undefined
Modern School
Higher Secondary - undefined
Sanjay Bal Vidyalaya
Skills
Strategic leadership
Strategic plans
Process improvements
Digital transformation
IT management
Operational excellence
Financial management
KPI tracking
Mergers and acquisitions
Strategic planning
Cross-functional collaboration
Data-driven decision making
Talent development
Troubleshooting and problem resolution
Cross-functional communication
Budget oversight
Cross-functional team leadership
Relationship and team building
Problem-solving abilities
Executive leadership
Stakeholder management
Change and growth management
Certification
GDPR, CCPA and PDPPA 2023 Trained Professional
CORE COMPETENCIES
Cybersecurity Strategy & Governance; IT Risk & Compliance; Cloud & Application Security; Data Privacy & Protection (GDPR / PDPPA 2023); Vulnerability Management; Identity & Access Management; Security Operations & Incident Response; Mergers & Acquisitions Due Diligence; Business Continuity & Disaster Recovery; Managed Security Services; People Leadership & Team Building.
Strategic Leadership & Board-Level Engagement
- Defined and owned multi-year cybersecurity roadmaps and KPIs, translating cyber risk into measurable business outcomes reported to executive leadership and the Board of Directors.
- Designed and presented quarterly and annual security dashboards to senior management, enabling data-driven decision-making and investment in cybersecurity investments align with organizational strategy.
- Partnered with Product, Engineering, Technology team and peer members via Cyber Security Governance Committee (CSG) to set security standards, drive accountability, and embed security into business operations.
- Managed Information Security budgets and delivered long-term roadmaps covering application, physical, cryptographic, logical access, and operational security controls.
- Led security due diligence during M&A activities, identifying and mitigating risks arising from acquisitions and major business transformations.
Risk, Compliance & Governance
- Achieved and maintained certifications across ISO 27001, ISO 27701, HIPAA, GDPR, PCI-DSS, SOC 2 Type II, PA-DSS, and SOX compliance frameworks.
- Designed and implemented a Common Control Assessment framework to evaluate controls against multiple regulations, standards, and corporate security policies simultaneously maximizing efficiency and audit readiness.
- Automated Information Security controls monitoring, Incident Management, and IT Risk Management processes—reducing manual overhead and improving response times.
- Led enterprise risk management programs leveraging network, information security, and regulatory frameworks, ensuring the organization remains adaptable to evolving compliance requirements.
- Conducted technology and information security assurance audits, gap analyses, and assessments to derive optimum ROI from security investments.
Cybersecurity Operations & Incident Response
- Built and led a global security team of highly skilled professionals across multiple time zones, fostering a culture of excellence, cross-functional partnership, and continuous improvement.
- Directed high-severity incident response operations—coordinating with relevant agencies for cyber incidents, data breaches, and privacy violations.
- Established an end-to-end Vulnerability Management lifecycle framework, encompassing identification, prioritization, remediation, and continuous monitoring.
- Defined cybersecurity governance strategies for emerging technologies including cloud & containerization, blockchain, and distributed computing.
AI Governance & Secure AI Lifecycle
- Defined and operationalized enterprise AI security and governance strategy, enabling secure scaling of GenAI-driven platforms (chatbots, copilots, automation engines) across high-volume, customer-facing environments in payments, messaging, and SaaS.
- Implemented security guardrails for Generative AI use cases — preventing prompt injection, data leakage, model abuse, and unauthorized access to sensitive financial and customer data.
- Established an enterprise Responsible AI framework aligned to trust, transparency, and fairness — with governance workflows for AI use-case approvals that enable risk-based decision-making without slowing innovation.
- Ensured regulatory alignment with GDPR, DPDP Act 2023, and the EU AI Act, enabling compliant AI adoption for cross-border data processing and automated decision-making systems.
- Secured the full AI lifecycle — from training data integrity (data-poisoning and fraud prevention) and model validation (bias, explainability) through to secure inference endpoints and LLM output filtering.
- Integrated AI security controls into DevSecOps pipelines, enabling rapid yet secure deployment of AI features across SaaS products.
- Evaluated and governed risks from third-party AI providers and APIs, defining onboarding and due diligence standards for secure integration of external AI services into core products.
Application & Cloud Security
- Established application and API security frameworks based on OWASP Top 10 and SANS Top 25, overseeing SAST and DAST assessments across the SDLC.
- Embedded automated security testing (SAST/DAST) within CI/CD pipelines, enabling continuous security validation and shift-left security practices.
- Partnered with development leadership to champion secure Software Development Lifecycle (SDLC) practices across engineering teams.
- Defined cloud security governance and control strategies for evolving infrastructure models including containerization and distributed computing environments.
Data Privacy & Protection
- Served as Data Privacy Officer (DPO), driving planning, implementation, and management of privacy programs in compliance with GDPR, DPA 1998, and India's PDPPA 2023.
- Led Third-Party Information Security Assessments, Data Protection & Encryption programs, and Identity & Access Management initiatives to safeguard customer and employee data.
- Managed privacy-related engagements with regulatory agencies, addressing information security breaches and data privacy obligations proactively.
Cyber Resilience
- Designed, implemented, and regularly tested Business Continuity Plans (BCP) and Disaster Recovery (DR) programs, ensuring organizational resilience against cyberattacks, natural disasters, and pandemic scenarios.
- Established risk-free and scalable security operations frameworks that support business agility while maintaining robust controls across all threat vectors.
Accomplishments
Developed and executed enterprise-wide cybersecurity strategy aligned with business objectives, regulatory requirements, and global standards (ISO 27001, GDPR, DPDPA, PCI-DSS, SOC 2)
Led end-to-end cybersecurity governance, risk, and compliance (GRC) programs, improving audit readiness and reducing regulatory risk exposure
Built and managed a 24/7 Security Operations Center (SOC) with SIEM, SOAR, and XDR capabilities, improving threat detection and reducing incident response time (MTTR)
Implemented Zero Trust Architecture and SASE framework, securing cloud-first and hybrid infrastructure environments
Established AI Security and Responsible AI governance framework, mitigating risks such as data leakage, prompt injection, and model abuse
Integrated security into DevSecOps pipelines (SAST/DAST), enabling early vulnerability detection and reducing production security defects
Achieved and maintained SOC 2 Type II, ISO 27001, ISO 27701, PCI-DSS, HIPAA compliance, enhancing customer trust and business opportunities
Designed and implemented third-party risk management (TPRM) program, reducing supply chain and vendor-related risks
Led incident response and cyber crisis management, minimizing business disruption and ensuring regulatory compliance during security incidents
Conducted cybersecurity due diligence for M&A activities, identifying risks and enabling secure integration of acquired entities
Implemented identity and access management (IAM) and privileged access management (PAM), enforcing least privilege and reducing insider risk
Established enterprise vulnerability management program, improving risk prioritization and remediation timelines
Developed board-level cybersecurity dashboards and KPIs, enabling data-driven decision-making by executive leadership
Optimized security technology stack through consolidation and automation, reducing operational cost and improving efficiency
Enabled secure cloud adoption (AWS, Azure, GCP) through cloud security frameworks and governance controls
Led data privacy program as DPO, ensuring compliance with GDPR and DPDPA, including DPIA, PIA, and data governance frameworks
Strengthened application and API security architecture aligned with OWASP Top 10 and SANS Top 25
Designed and tested Business Continuity (BCP) and Disaster Recovery (DR) plans, improving organizational resilience
Built and led high-performing global cybersecurity teams, improving delivery capability and operational maturity
Supported customer security audits, RFPs, and due diligence, contributing to business growth and client acquisition
Reduced incident response time by X% through SOC and automation
Achieved 100% audit compliance across ISO 27001, SOC 2, PCI-DSS
Reduced security tool cost by X% via consolidation
Improved vulnerability remediation SLA adherence by X%
Led security for platforms handling millions of transactions/users
Timeline
Sr. VP - Information Security | CISO & DPO
Sinch India (formerly ACL Mobile Ltd.)
05.2020 - Current
SVP - Information Security | Global CISO & DPO
Moody’s Analytics Knowledge Services
08.2017 - 05.2020
Chief Security Architect
Mahindra Comviva
02.2014 - 08.2017
B.Tech. - Computer Science
Delhi University
Two Year Professional Certification Program - undefined
NIIT
Senior Secondary School Examination - undefined
Modern School
Higher Secondary - undefined
Sanjay Bal Vidyalaya