Deepak R. Rout

Experience

• 

  Indian Army

  Jun 1992 - May 2008

  Lieutenant Colonel
• 

  Infosys Technologies Ltd

  May 2008 - Oct 2009

  Head, Information Security (Assurance & Incident Management)

  • Provided security assurance to all stakeholders - clients, prospects, auditors and management.• Supported global delivery projects and pursuits as the security subject matter expert (SME).• Initiated the Security Ops Center - program managed deployment of Symantec DLP and RSA SIEM.• Established Security Incident Investigation/Management program and its automation/ integration.• Comprehensively reviewed Policies, Standards, and Procedures for Security and Risk Management.• Convened Information Security Council headed by COO and comprising of business heads.• Pioneered Security Metrics and implemented automated org-wide rollout.• Worked in tandem with Privacy team for implementation of Privacy controls involving Security solutions.• Worked closely with Privacy and Legal teams in regulatory compliant global roll-out of DLP solution.• Coordinated conduct of ITGC and Application Testing for SOX audits.• BIA based Business Continuity and Disaster Recovery planning/testing including pandemic situations.• Upgraded IT Risk Assessment for company and recommend mitigating controls.• Planned and conducted ISO 27001 compliance audits; implemented remediation plans.• ISMS consulting to internal customers; partnered in Security audits and ensured compliance. Show less

• 

  Telenor

  Oct 2009 - Dec 2011

  Chief Information Security & Privacy Officer

  • Established technology risk and security management for company and vendors/partners; developed, implemented, monitored and enforced organisational Security Policies, Standards, and Procedures.• Provided strategic management advisory on Cyber Security, IT Risk, Privacy and related projects.• Quantified business risks through analysis of threats and vulnerabilities; established Business Continuity Planning and Disaster Recovery through Business Impact Analysis.• Deployed integrated data security framework (SOX, ISO 27001, CoBIT and ITIL frameworks); ensured compliance through risk assessments, mitigating controls, periodic metrics and security audits.• Implemented customised data protection and privacy program for database of 30 million customers; conducted Privacy Impact Assessment for relevant business functions, processes and services.• Established and directed Security Operations Center (SIEM, DLP, IAM, UTM, IPS, VPN, Wireless, Vulnerability Management) for integrated monitoring of IT and Telecom operations; anchored security investigations.• Planned security architecture, and transformed security of Data Centers and Network Operations Center.• Developed a rich security metrics program, conducted security assessments, and audits to ensure compliance in a highly regulated operating environment.• Attained company-wide security awareness and incident reporting; directed security incident response.• Led cross functional initiatives, apex level Security Council and group-wide security/privacy initiatives. Show less

• 

  Microsoft

  Jan 2012 - Jul 2012

  Chief Security Advisor & Privacy Director

  • Acted as key external strategist and spokesperson for MS, on all aspects of security; set subsidiary security strategy, casted security in business language, and presented business case to leadership.• Leveraged industry familiarity and knowledge of MS’s security strategy/direction to act as trusted advisor and offered strategic, long-term guidance to C-levels in enterprises; also to Govt., and analysts.• Built key relationships with C-level executives, providing strategic security guidance and advisory.• Ensured MS security strategy is configured to country specific environment; factoring image, C-SAT, regulatory environment, partner ecosystem, emerging security problems, and industry organizations. • Ensured MS security strategy is communicated to press and analysts; articulating strategy effectively, working to overturn negative attitudes/perceptions; identified unique needs and provided responses.• Became the voice of customer and infused customer-centricity into the DNA of security strategy.• Cultivated CXO relationships and supported customer account teams to address security.• Established and led Chief Security Officers’ council, with membership from key enterprises and Govt. • Evangelized corporate Data Privacy strategy and solutions; integrated to business - provided consumable privacy procedures, aligned to enterprise practices, and local legislation.• Reduced business risks by implementing appropriate privacy policies/standards, controls and processes.• Developed and managed privacy compliance program to ensure adherence of employees, partners, vendors and agencies with Privacy requirements; and led remediation activities. • Assisted with investigation and resolution of privacy incidents related to customer, partner and employee personal data; helped drive remediation activities.• Collaborated with enterprise stakeholders to influence subsidiary-wide privacy standards related to the collection, use, storage and destruction of personal data. Show less

• 

  The Co-operators Group Ltd

  Jul 2012 - Apr 2015

  Chief Information Security Officer

  • Developed, implemented, and managed the overall enterprise Information Security strategy; created ‘Security Council’ of management executives; reported Security maturity to the Board.• Led strategic planning aligned to business goals and key IT Risks; prioritized security initiatives, coordinated risk mitigation including deployment of relevant technologies and processes. • Defined ‘Information Security Maturity Model and Dashboard’ and presented to ‘Security Council’ and the Board; provided metrics and trends consistent with security strategy and its implementation. • Implemented a risk based and business aligned enterprise security architecture which provides optimum security, operational synergy, enables business objectives and meets regulatory requirements.• Defined and instituted an ongoing Information Risk Assessment program incl. identification and classification of assets supporting critical business processes, evaluation of applicable threats and vulnerabilities, accounting for existing controls and implementing mitigation plan for residual risks.• Developed, implemented, and oversaw enforcement of comprehensive information security governance framework.• Envisaged and established a fully managed Op-ex based 24x7 Security Operation Centre (SOC).• Developed incident response preparedness capability and oversaw investigation of security breaches.• Developed, tracked, and controlled the annual operating and capital budgets for purchasing, staffing, and operations of Information Risk Management and Cyber Security portfolio of services.• Acted as advocate and primary liaison for company’s Information Risk and Cyber Security vision via regular written and in-person communications with company executives, department heads, and users.• Championed establishment and operation of equivalent level information security programs in vendor relationships.• Developed and implemented an enterprise information security awareness and training program. Show less

• 

  Assuranz

  Jul 2012 - now

  Founder

  Providing Consulting and Sourcing services focused on Cybersecurity and Privacy domains as a trusted strategic partner. • Strategic Consulting: Provide heavily differentiated strategic consulting services to our customers that is optimal, business aligned and with a collaborative approach.• Assessments and Workshops: Assess the current state of Cybersecurity and Privacy against industry standards and regulatory frameworks and provide easily consumable reports to C-suite. We also assist executives to understand the dynamic world of Cybersecurity and Privacy, help them understand where their corporation stands, and suggest efficient and effective remediations.• Strategic Roadmaps and Remediation Plans: Build short, medium and long term roadmaps to enhance the Cybersecurity and Privacy posture of the corporation, and mitigate the open risks. Further, we provide program management support for the entire course of implementation of the remediation plans.• Process Enhancement: Assist our customers in reviewing their Cybersecurity and Privacy program governance documentation including policies, standards, guidelines, processes, procedures, and checklists etc. to ensure that these are drawn from the corporate vision and mission, and contribute toward a desirable Cybersecurity and Privacy posture aligned to their strategic roadmap. • Cyber Insurance Preparedness: Help our customers in multiple complementary ways on this front including identifying the appropriate quantum of insurance coverage, handholding in the process of demonstrating strengths of their Cybersecurity posture to the Cyber insurance risk assessors, and interfacing with the Cyber Risk broker and/or insurance provider as the Cybersecurity SME for the enterprise. Show less

• 

  Protiviti

  Apr 2015 - Oct 2016

  Practice Leader, IT & Cyber Risk

  • Led the IT practice, built the business ground-up, provided leading edge consulting services to large clients fostering and leveraging C-level relationships.• Drove IT Risk and Cybersecurity business to overachieve business targets .• Provided delivery leadership while building strategic capabilities in Canada and leveraging the global practice, built and managed high calibre team of skilled practitioners and fresher talent.• Created and implemented strategic business development and marketing plans in a cost effective and timely manner including sponsoring events/conferences, speaking at key notes and panels, conducting round table discussions and other events, authoring thought leadership papers, and media interactions.• Conducted Cybersecurity current state assessment, worked out an industry leading risk-based target state, and developed program implementation roadmap for a large Nuclear and Hydrothermal Power generation company. Also reviewed and enhanced the Board Cybersecurity dashboard.• Drafted the Information Security strategy and IT Risk Management framework for a large healthcare provider, a national oil/gas/energy company, a large global manufacturing company; assessed Cybersecurity current state and developed/implemented roadmap to enhance Cybersecurity posture.• Built PCI strategy for an insurance major and instituted the PCI DSS compliance program across multiple business lines; Reviewed PCI strategy, roadmap and compliance program of large global bank.• Developed proposals and directed delivery of projects involving large cross-functional teams which included supporting Security and Privacy programs, conducting Privacy Impact Assessments, performing Security Risk Assessments, IT Governance and IT General Control (ITGC) reviews.• Developed Corporate Privacy Policy and Guidelines, and Privacy Notice for one of the largest Canadian Insurance corporations, and ran awareness sessions for multiple internal groups. Show less

• 

  Microsoft

  Nov 2016 - Nov 2022

  Executive Security Advisor

  • Evangelized customized IAM and Cloud solutions to meet digital transformation, Cybersecurity and privacy needs of large corporations by leveraging the capability of Microsoft Cloud, Mobility, Security, & Compliance suites, and built-in integral security capabilities of the end-to-end Microsoft eco-system.• Engaged with business and IT leadership of Microsoft’s enterprise customers to help them appreciate integration, security and privacy strengths inherent in Microsoft’s public cloud environment, and demonstrate how the Microsoft productivity and Identity centric security suites went beyond enabling and securing the Microsoft cloud to protecting their cloud investments, and on-prem infrastructure.• Prepared and led multi-cloud and hybrid IAM strategies for large enterprises right from evangelization to planning and execution stages. • Led thought leadership campaigns to spread awareness about the Microsoft cloud and security suites. Show less