Summary
Overview
Work History
Education
Skills
Certification
Websites
Timeline
Generic

Siddharth Mukhia

Borivali East

Summary

Dynamic Corporate Internal Auditor at Huntsman with expertise in IT audits and cybersecurity assessments. Proven track record in enhancing compliance with PCI DSS and ISO 27001 standards. Skilled in developing Java automation tools and mentoring teams, driving significant improvements in audit accuracy and operational efficiency. Adept at aligning security strategies with business objectives.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Corporate Internal Auditor

Huntsman
Mumbai
04.2022 - Current
  • Planned, Led and executed IT and OT audits in line with IIA standards, ensuring independence, objectivity and risk-based planning.
  • Conducted Tests of Design (TOD) and Effectiveness (TOE) for IT/OT controls to assess both adequacy and operational reliability.
  • Audited SAP systems, infrastructure (networks, servers, cybersecurity tools), cloud platforms (IaaS/PaaS/SaaS) like Azure, Workday and SailPoint along with SCADA/DCS/PLC.
  • Reviewed SOC 1/SOC 2 reports including subservice organizations and CUECs to assess vendor and third-party risk.
  • Performed internal cybersecurity reviews using NIST CSF and NIST SP 800-171, identifying control gaps in data confidentiality, integrity and availability and providing recommendation to ensure that gaps are closed to reduce the overall security risk to the organization.
  • Assessed SDLC processes including code repositories, change management, secure coding methodologies and release management procedures.
  • Evaluated application security controls, peer reviews, build/release pipelines and infrastructure as-code (IaC) deployments.
  • Developed Java automation scripts to reduce audit effort and improve accuracy in control testing and data validation.
  • Delivered audit reports highlighting control gaps, risk exposures and recommendations tailored to both IT and business leadership.
  • Supported environment risk assessments to align audit focus with risk exposure.
  • Conducted validation of closed audit issues through evidence-based remediation reviews.
  • Used TeamMate for audit planning, execution and issue tracking.
  • Guided junior auditors on IT/OT audit practices, cloud, cybersecurity and automation techniques.

Vice President Risk Management

YES BANK
Mumbai
09.2021 - 04.2022
  • Performed comprehensive due diligence through vendor risk reviews/assessments and monitored third-party compliance with bank's policies and external regulatory requirements ensuring proper risk classification and mitigation strategies.
  • Conducted Risk and Control Self-Assessments (RCSA) across business units to identify control gaps, evaluate residual risk and support the bank's enterprise risk management framework.
  • Reviewed the security posture of new products and partnerships, ensuring secure-by-design implementation through proactive involvement in product assessments from an information security standpoint.
  • Acted as Security Custodian for key management activities related to ATM and HSM devices, ensuring secure handling and compliance with cryptographic security policies.
  • Led the implementation of PCI DSS and PCI PIN Security standards, coordinating with cross functional teams and managing 2 resources from a Big 4 firm to ensure successful compliance and audit readiness.
  • Advised Business Units and IT Teams on security best practices, balancing operational needs with robust information security controls and regulatory compliance.
  • Acted as a liaison between risk, compliance and technical teams to ensure secure architecture design, appropriate control mapping and sustainable risk mitigation strategies.

Information Security Manager

OneAssist
Mumbai
08.2020 - 09.2021
  • Led compliance and regulatory security programs including ISO 27001, PCI DSS, RBI and statutory audits, ensuring continuous audit readiness and timely remediation of findings.
  • Supervised a direct report and collaborated with vendors to drive security operations and regulatory compliance.
  • Conducted security risk assessments and third-party risk reviews, delivering actionable insights and mitigation strategies.
  • Developed and enforced security policies and procedures aligned with business objectives and compliance mandates.
  • Contributed to security architecture design, providing input on secure system configurations, network segmentation, data flow protection, cloud security controls and implementation of zero-trust architecture.
  • Delivered secure-by-design solutions that balanced regulatory compliance with operational usability.
  • Oversaw key IT governance functions such as User Access Management, Vulnerability Management, Patch Management, Change Management and supported secure development practices.
  • Assessed CI/CD and DevSecOps pipelines, including Infrastructure-as-Code (IaC) configurations, secure code repositories, automated deployments and integrated security controls to identify misconfigurations and control gap.
  • Delivered secure-by-design solutions, balancing regulatory requirements with operational usability.
  • Partnered with cross-functional teams (e.g., Legal, DevOps, IT, Engineering) to integrate security into product development, cloud operations and change workflows.
  • Contributed to the organization's security strategy and roadmap, aligning security initiatives with business priorities and risk appetite.
  • Defined and tracked key security metrics and KPIs, reporting risk posture and control effectiveness to senior leadership for informed decision-making.
  • Participated in the development and testing of Business Continuity Plans (BCP) and Disaster Recovery (DR) procedures to enhance organizational resilience.
  • Monitored security operations including SIEM alert analysis, incident response and threat mitigation to minimize security exposure.
  • Utilized tools such as Palo Alto Prisma for cloud security posture management and threat detection.
  • Conducted information security training across the organization to raise awareness and promote secure behaviors.
  • Assessed and deployed security tools to strengthen the overall control environment.
  • Built Java-based automation tools to streamline security reviews and enhance audit accuracy.
  • Used JIRA for tracking security tasks, remediation efforts and managing issue workflows across teams.

Lead Consultant

Controlcase LLC
Mumbai
04.2016 - 08.2020
  • Led and delivered PCI DSS, PA DSS, PCI 3DS and PCI PIN assessments for clients across MENAP and APAC, including banks, payment processors, BPOs/KPOs, retailers, telecoms and cloud service providers (IaaS).
  • Conducted end-to-end gap assessments, certification audits and remediation planning across application, infrastructure and cloud-native environments ensuring alignment with shared responsibility models in platforms such as AWS and Azure.
  • Supported ISO 27001 implementation, control design and internal audits in customer environments enhancing overall security governance.
  • Helped clients accelerate certification timelines and reduce compliance costs by optimizing control implementation using existing security investments.
  • Completed over 100 engagements across industries, identifying critical gaps and reducing non compliance exposure through structured remediation planning.
  • Advised CISOs, risk managers and compliance leads on security roadmap planning, control prioritization and resource alignment to meet both audit and business goals.
  • Reviewed client security architectures across on-premise and cloud ecosystems, offering recommendations on network segmentation, data protection, encryption and ensuring secure cloud environment.
  • Performed ATM/HSM reviews and validated cryptographic key management practices in alignment with PCI PIN and 3DS security standards.
  • Executed third-party/vendor risk assessments on behalf of clients, evaluating their vendors' compliance with customer-specific security policies, contractual obligations and applicable regulatory frameworks (e.g., PCI DSS, ISO 27001, data privacy laws).
  • Developed reusable policies, procedures and implementation playbooks for PCI and ISO frameworks, streamlining certification efforts and operationalizing controls.
  • Trained and mentored client teams on PCI DSS and PCI PIN Security, building internal capability and reducing external audit dependency.
  • Delivered detailed audit reports and implementation documentation that supported formal certification and continuous compliance.

Assistant System Engineer

Tata Consultancy Services
Mumbai
11.2014 - 03.2016
  • Developed secure web applications using Struts 2.0, Hibernate, and SQL.
  • Built REST/SOAP APIs and front-end interfaces with AJAX, jQuery, and JavaScript.
  • Addressed application security issues and conducted peer training.

Education

Bachelors of Engineering - Information Technology

Mumbai, India
Mumbai, India
01.2014

Skills

  • CISSP
  • CISA
  • IT/OT audit execution
  • PCI DSS / PCI 3DS / PCI PIN
  • ISO 27001
  • AWS/Azure
  • Cybersecurity reviews
  • Security Architecture
  • Risk assessments
  • Automation scripting
  • Regulatory compliance
  • Risk management
  • Vendor assessments
  • Security policy development
  • Effective communication
  • Problem solving
  • Internal controls
  • SOC1/SOC2/SOX
  • NIST CSF/800-171
  • IaC, CI/CD and Cloud Security

Certification

  • Certified Information Systems Security Professional
  • Certified Information Systems Auditor
  • Former PCI Qualified Security Assessor

Timeline

Corporate Internal Auditor

Huntsman
04.2022 - Current

Vice President Risk Management

YES BANK
09.2021 - 04.2022

Information Security Manager

OneAssist
08.2020 - 09.2021

Lead Consultant

Controlcase LLC
04.2016 - 08.2020

Assistant System Engineer

Tata Consultancy Services
11.2014 - 03.2016

Bachelors of Engineering - Information Technology

Mumbai, India
Siddharth Mukhia