Sanjay Yadav

Experience

• 

  Datavail

  May 2015 - Oct 2022

  Information Security Analyst
• 

  RSM India

  Oct 2022 - Feb 2023

  Manager IT Systems Assurance

  • Plan, lead and execute IT audits for regulatory guidelines published by the Reserve Bank of India (RBI), Insurance Regulatory and Development Authority of India (IRDAI), Unique Identification Authority of India (UIDAI), and Securities and Exchange Board of India (SEBI).• Ability to identify and communicate areas of non-compliance or potential risk to the organization's management team.• Familiarity with audit and risk assessment frameworks and tools, including PCI DSS, ISO27001, and NIST Cybersecurity Framework.• Understanding of data privacy and security regulations related to financial, insurance, and securities market entities. Show less

• 

  SBI Securities

  Feb 2023 - Sept 2023

  Deputy Manager - Information Security

  • Delivery of the allocated projects in accordance with the Project Delivery Methodology – CSR activities, Regulatory audits (SEBI) external PT done by Exchanges (NSE, BSE), NSDL CDSL and IRDA audits. Web application security reports, Vendor risk management, new projects and technologies, SCD review report, FAR & SNA review report.• Preparing a mitigation plan on the observation raised by SBI (External PT, Red team & Bitsight reports, Antimalware report).• Creation of a project schedule and the management of allocated project resources to ensure the project deliver in accordance with the documented timeline.• Conducted due diligence assessments on third-party vendors to identify potential risks and evaluate their security posture.• Conducted regular monitoring of third-party vendors to ensure they remained compliant and met the organization's security requirements.• Ensure all stakeholders are kept aware of progress and of any actions required of them.• Review VAPT reports, analyse findings, and collaborate with local teams to determine appropriate actions and closure of identified vulnerabilities.• Contribute to periodic penetration testing exercises and risk assessments to identify potential security weaknesses and recommend appropriate mitigation measures.• Provide analysis of security events and escalate identified threats based on severity, ensuring timely response and resolution.• Monitor daily SOC tickets, analyse security weaknesses, and collaborate with infrastructure and application teams to address and resolve identified issues.• Participate in designing key infrastructure architecture and develop security designs to enhance the overall security posture of platforms.• Preparing report on the KRI of security controls, present same to the steering committee and prepare plan on the actionable items. Show less

• 

  Quantanite

  Sept 2023 - now

  Global Head - Information security

  o Spearheaded the end-to-end implementation of DLP and CASB solutions, enhancing data security and mitigating risks of unauthorized access to sensitive information.o Led the seamless migration of antivirus and EDR tools, improving endpoint protection and operational efficiency.o Initiated and executed a comprehensive cybersecurity awareness program, achieving [ 90% employee participation and reduced phishing incidents by 30%.o Audit management for ISO 9001, ISO 27001, SOC 2 Type 2, and PCI DSS certifications, maintaining compliance with global security standards. Completed Audit within time and Budgeto Developed and enforced robust information security policies, procedures, and standards across multiple business units.o Collaborated with cross-functional teams to align security initiatives with business objectives and regulatory requirements.o Managed incident response processes, reducing the time to detect and remediate security threats. Show less