Open To Work
Sudhansu Kumar
Bangalore
Summary
Accomplished Security Leader with over 14+ years of experience shaping and executing global information security programs. Proven track record guiding organizations through regulatory complexities, orchestrating risk frameworks and driving the adoption of modern security architecture across cloud and AI environments. Adept at building cross‑functional security programs, cultivating stakeholder trust, and steering teams to deliver measurable improvements in resiliency, compliance, and business alignment.
Overview
14
14
years of professional experience
5
5
Certification
5
5
Different Industry Expertise (Finance, SaaS, Energy, Automotive)
15
15
Global Security Frameworks Implemented
Accomplishments
- Security Strategy & Leadership – Develop multi‑year roadmaps aligning security initiatives to business objectives for cloud, AI/ML, and data protection environments
- Risk & Compliance Management – Establish integrated enterprise control frameworks, conduct maturity assessments, and execute remediation plans for ISO 27001, SOC 2, HIPAA, CSA, NIST and other frameworks
- Third‑Party & Vendor Risk – Oversee due‑diligence and risk ranking for hundreds of vendors; streamline procurement workflows to improve onboarding timelines and reduce residual risk
- Cloud & Infrastructure Security – Architect secure SaaS/PaaS solutions on Azure, AWS and O365; enforce IAM, DLP and endpoint protection policies aligned with zero trust principles
- AI, Privacy & Data Governance – Define governance models, ethical AI guidelines and privacy controls for data science initiatives encompassing large language models and generative AI
- Security Architecture & DevSecOps – Lead design reviews, threat modeling, and secure coding practices; integrate automated security controls and continuous compliance in CI/CD pipelines
- Audit & Regulatory Preparedness – Partner with auditors and regulators to achieve certification readiness; deliver board‑level reporting on risk posture and remediation progress.
Work History
Principal Security Specialist
Netradyne Inc.
Bangalore
03.2025 - Current
- Lead the organization’s global security program, setting strategy and ensuring alignment with long‑term product and customer trust goals.
- Deliver executive briefings and board reporting on risk, incident response and compliance status spanning Applications, Devices, AI, IoT and cloud initiatives.
- Partner with engineering, customer success, and product leaders to embed secure design principles into AI‑driven safety platforms, improving threat detection and decreasing potential exploitation vectors.
- Mentor a team of security engineers and analysts; foster a culture of accountability, innovation, and continuous improvement.
- Provided advisory and hands‑on leadership on data loss prevention and AI/ML security, integrating advanced controls into the Uber data platform.
- Introduced vendor cybersecurity assessment workflow using standardized questionnaires (CAIQ, SIG) driving early identification of high‑risk partners.
Senior Security Technologist
Uber
Bangalore
01.2025 - 03.2025
- Led security risk, compliance, IAM governance, and security posture for cloud applications.
- Enhanced infrastructure to minimize IAM breaches, and boost compliance with Enterprise solutions.
- Incorporated technology to identify and resolve problems and further develop processes.
- Collaborated with global teams to harden IAM policies and streamline access provisioning, User re-certifications resulting in improved compliance with company standards.
Principal Engineer – Risk & Compliance
Netradyne Inc.
Bangalore
09.2021 - 12.2024
- Directed enterprise risk and compliance program for AI‑powered fleet safety product provider.
- Enhanced third‑party risk assessment processes, establishing consistent criteria that accelerated vendor onboarding cycles, cutting vendor assessment time by 30%.
- Conducted product security assessments for device, IoT, and AWS platforms.
- Developed an integrated control framework bridging ISO 27001, SOC 2, HIPAA, CSA, and privacy regulations; reduced audit preparation time by 40%.
- Implemented a dual‑internal/external continuous monitoring program; increased security incidents visibility while ensuring timely remediation.
- Collaborated closely with product engineering to embed privacy‑by‑design and secure coding practices across releases.
Senior Solution Advisor
Deloitte & Touche AERS
Bangalore
02.2019 - 08.2021
- Led consulting engagements providing security architecture design, risk assessment, and compliance advisory to Fortune 500 clients.
- Performed cloud migration security assessments and supported SOC 2, ISO 27001, and HIPAA audits.
- Designed secure systems for various cloud components.
- Developed tools for IT environment maturity reviews.
- Mentored junior consultants and collaborated with partners to deliver thought leadership on emerging technologies, including AI governance and cloud security trends.
Information Security Consultant
Infosys Ltd.
Bangalore
07.2017 - 02.2019
- Acted as security architect and project leader for large financial services clients; implemented ISO 27001 controls and drove certification readiness.
- Introduced risk assessment processes aligned to ISO 27005 and NIST, delivering clear remediation roadmaps to senior leadership.
- Assessed security for cloud migration projects, promoting secure adoption.
- Created security dashboard accelerators to halve go-live phase time.
- Conducted security training and awareness sessions, boosting staff participation and decreasing risk incidents.
Information Security Officer
IDBI Bank
Mumbai
11.2011 - 06.2017
- Implemented and maintained ISMS for data centers.
- Directed efforts, reducing vulnerabilities by 75%.
- Led risk assessments and vulnerability management, remediating critical issues and ensuring compliance with RBI, ISO 27001 and PCI‑DSS standards.
- Trained over 1500 employees on security principles.
Education
MBA -
National Institute of Technology
Surathkal, Karnataka 08.2009 - 06.2011
B.TECH - Computer Science & Engineering
National Institute of Science And Technology
Berhampur, Odisha 08.2005 - 07.2009
Skills
- AI/ML security strategies
- Security assessment
- Data loss prevention
- Cloud security architecture
- Risk and compliance management
- Data security and privacy
- Cloud security (Azure, AWS, O365)
- Identity & Access Management (IAM)
- DevSecOps
- Third-party risk management
- Security audits and assessments
- Compliance frameworks (ISO 27001, 27701, 27434, 27005, 31000, SOC 2, ISO/SAE 21434, RED EN 18031, HIPAA, NIST SP 800-53, CSA CCM)
- Product security design (cloud, apps, IoT, data, AI/ML)
- Security maturity assessment
- Patch and vulnerability management
- Team leadership and collaboration
- AI Governance & Risk Management
- Customer Trust & Assurance
- CAIQ & Security Whitepaper
Certification
- Proofpoint Certified AI Email Security Specialist
- CCSK (Certificate of Cloud Security Knowledge) v4
- AZ-500: Microsoft Certified Security Engineer
- Exam 534: Architecting Microsoft Azure Solutions
- Proofpoint Certified AI Data Security Specialist
Professional Achievements
- Deployment of SPRINTO GRC Automation Tool at Netradyne (Apr-Sep 2025)
- RFP Assistant Creation using MS Open AI Platform (Apr-Sep 2025)
- Designing the Integrated Control Framework (ICF) Dashboard (Jan-Jun 2023)
- Defining, Designing & Facilitating Audit Readiness for Independent SOC 2/ISO 27001/ISO 27701/HIPAA, ISO/SAE 21434*, RED EN 18031* Audits (Annual, since 2019, * from 2025)
- Trained over 1500 employees on security principles.
Core Competencies
· AI/ML Security Strategies ■■■■ – Advanced
· Cloud Security Architecture ■■■■ – Advanced
· Risk & Compliance Management ■■■■■ – Expert
· Data Security & Privacy ■■■■ – Advanced
· Identity & Access Management (IAM) ■■■■ – Advanced
· DevSecOps ■■■■ – Advanced
· Third Party Risk Management ■■■■ – Advanced
· Security Audits & Assessments ■■■■ – Advanced
· Compliance Frameworks (ISO 27001/27701/42001, SOC 2, HIPAA, NIST SP 800 53, CSA CCM) ■■■■■ – Expert
· Cloud Security (Azure, AWS, O365) ■■■■ – Advanced
· Product Security Design (Cloud, Apps, IoT, Data, AI) ■■■■ – Advanced
· Security Maturity Assessment ■■■■ – Advanced
· Patch & Vulnerability Management ■■■■ – Advanced
· Team Leadership & Collaboration ■■■■ – Advanced
Personal Philosophy
Honest, Optimistic, Natural, Empathic, Sincere & Transparent (HONEST) at work. Advocate for 'Go Green Go Happy' and enjoying every bit of life.
Languages
English
Proficient (C2)
C2
Hindi
Native
Native
References
References available upon request.
Timeline
Principal Security Specialist
Netradyne Inc.
03.2025 - Current
Senior Security Technologist
Uber
01.2025 - 03.2025
Principal Engineer – Risk & Compliance
Netradyne Inc.
09.2021 - 12.2024
Senior Solution Advisor
Deloitte & Touche AERS
02.2019 - 08.2021
Information Security Consultant
Infosys Ltd.
07.2017 - 02.2019
Information Security Officer
IDBI Bank
11.2011 - 06.2017
MBA -
National Institute of Technology
08.2009 - 06.2011
B.TECH - Computer Science & Engineering
National Institute of Science And Technology
08.2005 - 07.2009