Zoheb Abbas
Summary
Crisis-tested cloud security & cyber risk executive with 20+ year’s leadership across regulated cloud, financial services and mission-critical infrastructure environments. Proven board-level risk advisory, regulator-facing assurance, incident command, and control-framework architecture. Led global 24x7 CSIRT operations and managed 1,000+ cyber & data incidents with regulator-defensible evidence and legal coordination. Broad multi-framework expertise (NIST, FedRAMP, ISO 27001, SOC2, GDPR, DORA, HIPAA, PCDISS, FFIEC). Experienced in applying AI-enabled audit and risk analytics (WatsonX/generative AI) to improve control validation, automation and evidence quality.
Overview
25
25
years of professional experience
22
22
Certifications
Work History
IBM Software Labs
06.2021 - Current
- ‘As A Technical Expert’ -
- Risk Leadership & Governance: Built and maintained the risk profile for business divisions; developed strategic plans to reduce risk exposure in alignment with global Technology Risk & Control Framework.
- Risk Assessments & Compliance: Conducted IT risk and assessments for applications, infrastructure, and third-party providers; closed compliance gaps against ISO, GDPR, Protected-B, DORA, FedRAMP, SOC2, Hitrust, NIST 800-171 and other global standards.
- Policy, Process & Controls Expertise: Designed, implemented, and enforced security policies, standards, and procedures; provided SME guidance to both business and technology leaders.
- Audit & Regulatory Alignment: Led internal audits and third-party regulatory reviews, maintaining certifications and ensuring compliance with evolving laws and regulations.
- Collaboration & Advisory Role: Partnered with security architects, technical teams, and business leaders to deliver secure and resilient solutions aligned with global cybersecurity strategies.
- Metrics & Reporting: Defined and tracked KRIs, KPIs, and GRC dashboards to measure risk posture, compliance maturity, and adoption of controls.
- Program & Team Development: Developed and continuously improved Technology Risk Programs; managed, trained, and mentored teams to improve effectiveness and drive security awareness.
IBM Global Business Services
08.2005 - 05.2021
Accenture India
07.2003 - 12.2005
DAKSH e-Services
12.2001 - 06.2003
Focus Netcom Ltd
06.2001 - 12.2001
Education
Bachelor of Commerce - Business Management
Lucknow University
Business Administration
Trade Wings Institute of Management
Skills
Technical Skills
GRC Implementation Control Implementation Program
Control Assurance, Planning & Testing
Supply Chain Risk Management, Security Framework
Regulatory Compliance
Internal & External Audit/Assessments
Risk Management
TPSRM, BC/DR, Audit Program
Product management
Policy, Standards and Procedures
WatsonX AI
Data Investigation (CSIRT)
Soft Skills
Team Management
Resource Management
Innovation & Automation
Customer Focused
Business Outcome
Compliance Program
ISO
NIST
DORA
GDPR
Common Control Framework
FedRAMP
SOC2
FS Cloud
Hi-Trust
HIPPA
PCI
Protected-B
Security Tools Experience
RSA Archer
One-TRUST
Process Unity
ZenGRC
ServiceNow
Decision Focus
Certification
AI & Emerging Technology
Timeline
IBM Software Labs
06.2021 - Current
IBM Global Business Services
08.2005 - 05.2021
Accenture India
07.2003 - 12.2005
DAKSH e-Services
12.2001 - 06.2003
Focus Netcom Ltd
06.2001 - 12.2001
Business Administration
Trade Wings Institute of Management
Bachelor of Commerce - Business Management
Lucknow University
Rewards & Recognition
1. The Best of IBM – Compliance Manager Award, 2. The Best of IBM – People Manager Award, 3. Chief Guest — (FinTech Cybersecurity) Indian Institute of Technology (IIT) Roopar (Punjab), 4. Chief Guest Lovely Professional University. (Punjab), 5. Chief Guest Kristu Jayanti College of Management & Technology (Bangalore), 6. International Conference on Emerging Trends in Engineering & Technology on Information Security & Analytics