Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Languages
Work Preference
Work Availability
Timeline
Generic
Sumit Lale

Sumit Lale

Mumbai

Summary

Results-oriented Cybersecurity Professional with 12+ years of experience leading cross-functional teams to implement robust security strategies across diverse industries. Proven track record in safeguarding corporate data and systems by driving innovation, fostering security awareness, and ensuring compliance with industry standards. Expertise in risk assessment, Cloud security , Governance, SOC implementation, OT cybersecurity, and Team development.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Group Head Information Security GRC

The Tata Power Company Limited
2023.07 - Current
  • Cybersecurity Leadership: Successfully led the development and implementation of a comprehensive cybersecurity strategy, ensuring the protection of critical digital assets and compliance with industry standards (ISO 27001, CEA). Implemented robust security measures, including OT security, DLP solutions, and risk assessment methodologies.
  • Governance & Accountability: Strengthened information security governance and accountability frameworks, establishing KPIs and security metrics for performance monitoring. Managed cross-functional security teams to drive results and ensure seamless operational continuity.
  • Technology Implementation: Successfully managed the implementation of a Security Operations Center (SOC) and deployed advanced security technologies to enhance threat detection and response capabilities.
  • Awareness & Training: Led organization-wide cybersecurity awareness programs to foster a security-conscious culture and mitigate risks from human error.

ISMS Manager

Bekaert India Pvt Ltd.
2022.09 - 2023.07
  • Security Strategy & Leadership: Led the information security team in designing and implementing a comprehensive cybersecurity strategy. Developed a robust risk management framework, managed security operations, and ensured compliance with multiple industry standards (ISO 27001, TISAX, GDPR, NIST).
  • Performance & Reporting: Established key performance indicators (KPIs) and key risk indicators (KRIs) to monitor program effectiveness and provide leadership reporting. Conducted regular risk assessments for third-party vendors and partners to mitigate external threats.
  • Awareness & Training: Implemented a proactive security awareness program to foster a security-conscious culture among employees. Mentored and developed team members to enhance their skills and capabilities.
  • Compliance & Governance: Ensured compliance with industry standards and regulations, including ISO 27001, TISAX, GDPR, and NIST. Managed security operations, including network and endpoint protection, to safeguard sensitive data.

Senior Auditor, Cybersecurity GRC

Ares Management (Ares Operations India LLP.)
2019.09 - 2022.08
  • GRC Leadership: Led the Cybersecurity GRC function at Ares India, defining governance and risk management frameworks. Developed comprehensive policies and procedures to ensure compliance with industry standards (NIST CSF, ISO 27001, SOX, etc.).
  • Risk Management: Implemented security controls to strengthen the cybersecurity program and mitigate risks across financial, business, and IT applications. Monitored and remediated control gaps, providing regular updates and risk profile dashboards to management.
  • Stakeholder Collaboration: Collaborated with IT and business stakeholders to assess infrastructure risks and ensure alignment with cybersecurity objectives. Served as a security representative for various audits and maintained and enforced cybersecurity policies and IT security standards.
  • Subject Matter Expertise: Acted as a GRC representative and subject matter expert for firm-wide projects, providing guidance and expertise on cybersecurity matters. Assessed and improved compliance with industry standards and regulations.

Cybersecurity Manager

Ernst & Young (EY India LLP)
2014.04 - 2019.08
  • Strategic Consulting & Implementation: Strategically advised senior client executives on cybersecurity trends and innovative solutions. Guided clients in implementing industry standards (NIST, ISO 27001, ISO 22301) and developed risk management frameworks. Acted as PMO for ISMS framework development and facilitated certifications across various domains.
  • Risk Assessment & Mitigation: Conducted cybersecurity maturity audits to benchmark client security against industry leaders. Developed risk management frameworks and conducted risk assessments to identify and mitigate vulnerabilities.
  • Process Improvement: Assessed IT processes and identified gaps in alignment with ITIL practices for FMCG and Manufacturing clients. Facilitated process improvement initiatives to enhance operational efficiency and security.
  • Business Development: Demonstrated account growth through effective networking and long-term contract negotiation. Built strong client relationships and expanded the scope of engagements.

System Engineer

HCL Infosystems Ltd.
2009.09 - 2012.04
  • Systems and Network Administration: Demonstrated proficiency in managing approximately 80 plus Windows, UNIX, and Linux servers, ensuring optimal performance and reliability. Configured, administered, and troubleshooted WAN networks, specializing in routing and switching. Overlooked user account management, enforced policies, and conducted daily checklists and reviews for incidents and service requests. Efficiently monitored network and server equipment to maintain seamless operations.

Education

MBA: Systems And Finance, Full Time (2 Yrs. Program) -

Symbiosis International University
Pune, India
04.2014

Bachelor of Engineering: Computer Science -

Nagpur University
Nagpur, India
05.2009

Skills

  • Risk Assessment & Management
  • Threat Detection and Response
  • Incident Management
  • Security Architecture & Governance
  • Security Awareness
  • Cybersecurity Audits
  • Data Protection, DLP - Forcepoint
  • GRC - RSA Archer, Audit Board
  • EDR - CrowdStrike, Microsoft Defender, SentinelOne
  • Firewall - Fortinet, Palo Alto, Cisco, WAF
  • Internet Security - ZScaler
  • SIEM - QRadar, Splunk, Microsoft Sentinel

Certification

  • ISO 27001:2022 Lead Auditor
  • ISO 22301 Lead Implementer
  • GCHQ - Cyber Incident Planning & Response (CIPR)
  • ITIL V3 Foundation

Personal Information

Date of Birth: 04/07/85

Languages

English
Bilingual or Proficient (C2)
Hindi
Bilingual or Proficient (C2)
German
Beginner (A1)

Work Preference

Work Type

Full Time

Work Location

RemoteOn-SiteHybrid

Important To Me

Flexible work hoursCareer advancementHealthcare benefitsCompany CultureWork from home option

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Timeline

Group Head Information Security GRC

The Tata Power Company Limited
2023.07 - Current

ISMS Manager

Bekaert India Pvt Ltd.
2022.09 - 2023.07

Senior Auditor, Cybersecurity GRC

Ares Management (Ares Operations India LLP.)
2019.09 - 2022.08

Cybersecurity Manager

Ernst & Young (EY India LLP)
2014.04 - 2019.08

System Engineer

HCL Infosystems Ltd.
2009.09 - 2012.04

MBA: Systems And Finance, Full Time (2 Yrs. Program) -

Symbiosis International University

Bachelor of Engineering: Computer Science -

Nagpur University
  • ISO 27001:2022 Lead Auditor
  • ISO 22301 Lead Implementer
  • GCHQ - Cyber Incident Planning & Response (CIPR)
  • ITIL V3 Foundation

Similar Profiles

  • RAUNAK SINGH

    RAUNAK SINGHRAUNAK SINGH

    Lead Engineer-Electrical, BD (T&D) at TATA POWER COMPANY LIMITEDLead Engineer-Electrical, BD (T&D) at TATA POWER COMPANY LIMITED

    View Profile
  • Oankar Kurale

    Oankar KuraleOankar Kurale

    Manager Communications -OT Engineering at Tata Power Company LimitedManager Communications -OT Engineering at Tata Power Company Limited

    View Profile
  • MANASI MAGAR

    MANASI MAGARMANASI MAGAR

    Lead Associate at Tata Power Company LimitedLead Associate at Tata Power Company Limited

    View Profile
Sumit Lale