Ravi Kant Tripathi
Information Security & Privacy
Noida
Summary
I may not be an extraordinary person, but capable of accomplishing extraordinary things when the need arises.
As an information security professional, prioritising comprehension of industry standards like PCI-DSS, IRAP, NIST, BCP-DR, DPDP Act, GDPR, and ISO27001 is crucial for compliance and risk management. Strict adherence to these standards as an auditor & Implementor ensures the maintenance of a secure organisational environment.
Overview
8
8
years of professional experience
15
15
years of post-secondary education
3
3
Certifications
3
3
Languages
Work History
Information Security & Privacy Officer
Fynd Retail Technologies
08.2022 - Current
- Conducted SOC2 audits, Application & Cloud Security assessments, and implemented ISO27001 and PCI standards in realm of cybersecurity and compliance.
- Specialised in risk management, overseeing secure application onboarding to ensure resilient operational environment.
- Performed comprehensive third-party risk assessments to evaluate and mitigate potential security risks.
- Evaluated Business Continuity Planning (BCP) measures, ensuring organisation's preparedness for potential disruptions.
- Expertise in integrating GDPR, DPDP Act, and privacy frameworks, emphasising robust data protection and regulatory compliance.
- Developed robust audit programs to assess internal controls for protecting sensitive information, mitigating risks across the organization.
- Established strong working relationships with regulators, demonstrating proactive engagement in privacy matters.
- Achieved efficient vendor management through detailed reviews of their privacy practices and documentation requirements.
- Conducted thorough risk assessments for the organization, identifying potential data breaches and recommending solutions.
- Assisted legal teams with privacy-related matters, providing expert testimony and support during litigation proceedings.
- Provided expert guidance on data processing agreements, safeguarding the company''s interests in third-party collaborations.
- Managed timely responses to data subject access requests, ensuring compliance with applicable regulations.
- Optimized IT systems for better security measures by collaborating closely with IT professionals on system updates and improvements.
- Spearheaded training initiatives to educate employees on privacy laws and best practices, promoting a culture of data protection awareness.
- Updated record-keeping systems to track consent preferences, ensuring accurate processing of personal data in line with individual choices.
- Oversaw incident response efforts, conducting investigations and reporting breaches as necessary to regulatory authorities.
- Enhanced privacy compliance by developing and implementing comprehensive policies and procedures.
- Launched privacy impact assessments for major projects, minimizing risks associated with personal data processing activities.
- Developed risk assessment models to identify potential compliance risks.
- Created and maintained compliant work environment.
GRC Associate
Cognizant
06.2021 - 08.2022
- Conducted comprehensive risk assessments for 3rd party app developers, evaluating and mitigating security risks.
- Ensured seamless interoperability of systems and applications.
- Implemented HIPAA compliance measures for healthcare-related projects, demonstrating commitment to safeguarding sensitive healthcare information.
- Contributed to various Governance, Risk, and Compliance (GRC) functions, ensuring holistic approach to risk management and regulatory adherence.
GRC Specialist
HCL Technologies
09.2019 - 05.2021
- Conducted 'IRAP' audits for Australian Cyber Security, meticulously assessing security controls and ensuring compliance.
- Implemented ISO 27001:2013 standards for robust information security.
Actively engaged in various Governance, Risk, and Compliance (GRC) functions, emphasising compliance and effective risk management. - Conducted IT General Controls (ITGC) audits to evaluate efficiency of IT controls.
- Ensured seamless adherence to PCI-DSS requirements, demonstrating commitment to secure payment transactions.
- Maintained strict compliance with privacy requirements across all initiatives.
InfoSec Engineer
PineLabs
12.2018 - 07.2019
- Conducted security audits for payment processors, evaluating and enhancing security controls.
- Ensured PCI-DSS compliance for processes in India and Malaysia, securing payment transactions.
- Contributed to risk management and Business Continuity Planning-Disaster Recovery (BCP-DR) activities, fortifying organisational resilience.
- Conducted IT General Controls (ITGC) audits, systematically assessing and optimising effectiveness of IT controls.
- Specialised in risk management and conducted thorough audits for banks, ensuring robust security measures.
Associate Consultant
Panacea Infosec Pvt Ltd
08.2017 - 11.2018
- Led PCI-DSS audits for clients across diverse industries, assessing compliance with payment card industry standards.
- Prepared comprehensive Reports on Compliance (ROCs) and conducted Self-Assessment Questionnaire (SAQ) assessments.
- Conducted thorough scope and gap assessments for clients, ensuring comprehensive understanding of security postures.
- Implemented ISO 27001 audits to evaluate and fortify information security controls.
- Conducted IT General Controls (ITGC) audits, systematically assessing and enhancing effectiveness of IT controls.
- Specialised in conducting audits for wide array of industries including Banking, Healthcare, Payment Processor, Manufacturing, Oil & Gas Industries, Aviation, Hotels, and BPO/KPO sectors.
Education
MBA -
Barkatullah University
Bhopal 07.2016 - 04.2018
Bachelors of Engineering -
RGPV
Bhopal 07.2010 - 06.2014
High School Diploma -
MP.Board
Bhopal 07.2009 - 05.2010
Skills
Risk Management
Vulnerability Management
Cloud Security
DPDP and GDPR Implementation
Business Continuity & Disaster Recovery
ITGC, PCI-DSS, IRAP and ISO27001 Standards
NIST Frameworks
Certification
CISA
Timeline
CISM
02-2023
Information Security & Privacy Officer
Fynd Retail Technologies
08.2022 - Current
GRC Associate
Cognizant
06.2021 - 08.2022
ISO27001
04-2021
GRC Specialist
HCL Technologies
09.2019 - 05.2021
CISA
08-2019
InfoSec Engineer
PineLabs
12.2018 - 07.2019
Associate Consultant
Panacea Infosec Pvt Ltd
08.2017 - 11.2018
MBA -
Barkatullah University
07.2016 - 04.2018
Bachelors of Engineering -
RGPV
07.2010 - 06.2014
High School Diploma -
MP.Board
07.2009 - 05.2010