UTKARSH GANORKAR
Saint Marys,NSW
Summary
Experienced Cyber GRC professional with 18 years of expertise in banking, finance, and payment industry. Demonstrated success in implementing and ensuring compliance with industry-leading standards including PCI DSS, PCI PIN, ISO 27001, and SOC. Adept at navigating regulatory audits, managing cyber risks, and upholding industry standards. Skilled in developing and maintaining robust security frameworks to safeguard sensitive financial data.
Overview
17
17
years of professional experience
1
1
Certification
Work History
Senior Cyber Security Professional II (GRC)
Fiserv
09.2019 - Current
- Served as a subject matter expert and resource for both technical and non-technical staff on issues related to cybersecurity best practices, incident response, gap closure and data protection requirements
- Provided expert guidance on regulatory compliance matters, helping the internal teams navigate complex PCI SSC, AusPayNet, Payment scheme requirements related to data privacy and cybersecurity
- Streamlined communication channels between various departments, ensuring timely sharing of critical risk information at executive-level meetings, helping inform decisions on security strategy and policy direction
- Prepared detailed reports on findings from risk assessments, facilitating communication between technical and non-technical stakeholders
- Worked closely with stakeholders to prioritize remediation efforts based on risk levels associated with identified vulnerabilities
- Administer and operate GRC toolset to automate processes and programs to gain efficiencies
- Provide Program level metrics (KPI / KRI) reporting for consumption by Senior & Executive management
- Designed and executed tabletop exercises simulating real-world Cyber-attacks, preparing team members for rapid response during actual incidents
- Built strong relationships with industry peers through collaboration on joint projects, sharing threat intelligence data, and participating in professional forums
- Provided regular briefings to senior leadership on relevant cyber threats, ensuring informed decision-making and situational awareness
- Management of APAC regional Encryption Key Management Team
- Administration of Thales HSM (Host Security Module), Data at Rest Encryption system, AES, RSA Key, PKI, Payment System Encryption Keys
Senior Cyber Security Engineer
Fiserv
02.2017 - 09.2019
- Implemented multi-factor authentication across systems as part of a layered defense strategy to protect sensitive data from unauthorized access
- Oversaw penetration-testing activities, identifying vulnerabilities in critical systems before malicious actors could exploit them
- Managed sensitive data encryption processes, ensuring the protection of confidential information from unauthorized disclosure or misuse
- Developed comprehensive cybersecurity training programs for staff, increasing overall organizational security awareness
- Prioritized remediation efforts based on risk assessment results, focusing resources on addressing high-impact vulnerabilities first
- Proactively identified potential risks and implemented mitigation strategies to minimize negative impacts on projects or business operations
Manager - Technology Audit & Compliance
Edelweiss Securities Limited
10.2014 - 02.2017
- Maintenance & Implementation of Compliance Controls as per ISO 27001 standard & other regulators like SEBI, Mutual Fund, RBI, MAS, Stock Exchange, NBFC Board
- Upkeep of all Polices, Procedures, Hardening guidelines, Audit Reports, Regulatory circulars, Audit Evidences, Backup Testing Result & Access Control Review documents
- Conducted Cyber Security Risk Assessment (CSRA), Technology Risk Management (TRM), Monetary Authority of Singapore (MAS), Retail Customer Management Process Audit
- Vulnerability Management & Penetration Testing using various security VA / PT Tools to ensure all new vulnerabilities resolved in the system
- End User Security Awareness Programs across Edelweiss Group
Information Security Manager
TATA Housing
02.2013 - 09.2014
- Greenfield Implementation of ISO 27001:2013 Standard
- Identification, implementation, and maintaining processes and tools to support assurance, compliance, and remediate tracking activities (e.g
- Testing, maintenance of controls, documentation)
- POC of security tools and analysis of relevancy to requirement and organization
- Implementation of Web Sense Web Security Gateway, Data Leakage Prevention System, Antivirus Solution
- Administration of Mobile Device Management System (MDM), Registration of new device into system
- Administration of Firewall, Quarterly Policy review & documentation
- Collaborate with cross-functional teams to embed a culture of cyber risk awareness and accountability throughout the organization
- Educate employees on risk management principles, processes, and their responsibilities; foster a cyber-risk-aware culture within the organization by promoting awareness and understanding of cyber risk management across all levels
Sr. Technology Solution Engineer - Audit & Compliance
ICICI Bank LTD
12.2007 - 01.2013
- Developing, initiating, maintaining, and revising policies and procedures for the Information Security, Business Continuity and Quality assurance operation of the IT Security Compliance Programs and its related activities to prevent illegal, unethical, or improper conduct
- As a Security Champion from Network Team, Collaborate with other departments (e.g., Risk Management, Internal Audit, SOX Committee) to direct compliance issues to appropriate existing channels for investigation as well as its resolution also involved into implementation & Maintenance of ISO 27001, preparation of SOC RCM matrix & its regular walkthrough
- Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures
- Worked on RCSA and FEMA assessment process, dedicated for network and internet security process
Education
Bachelor of Engineering - Computer Engineering
Nagpur University
03.2006
Skills
- Cybersecurity Strategy
- Governance, risk, and compliance
- Cyber Policy and Procedure
- Security Architecture
- Application security
- Incident Response
- Identity Management
- Business Continuity
- Encryption Technologies
- Security audits
- Card and Payment System Security
Certification
- CISA - Certified Information Security Auditor
- EC Council - Certified Ethical Hacker
- BSI: ISO 27001:2013 - Lead Auditor
- Udemy: ISO/IEC 27005 Information Security Risk Manager
- Udemy: Artificial Intelligence Risk And Cyber Security
Affiliations
FS-ISAC
Personal Information
Visa Status: Permanent resident
Timeline
Senior Cyber Security Professional II (GRC)
Fiserv
09.2019 - Current
Senior Cyber Security Engineer
Fiserv
02.2017 - 09.2019
Manager - Technology Audit & Compliance
Edelweiss Securities Limited
10.2014 - 02.2017
Information Security Manager
TATA Housing
02.2013 - 09.2014
Sr. Technology Solution Engineer - Audit & Compliance
ICICI Bank LTD
12.2007 - 01.2013
- CISA - Certified Information Security Auditor
- EC Council - Certified Ethical Hacker
- BSI: ISO 27001:2013 - Lead Auditor
- Udemy: ISO/IEC 27005 Information Security Risk Manager
- Udemy: Artificial Intelligence Risk And Cyber Security
Bachelor of Engineering - Computer Engineering
Nagpur University
Similar Profiles
Jean WorshekJean Worshek
Supervisor Customer Service I at FiservSupervisor Customer Service I at Fiserv
Saad RazzakSaad Razzak
Software Development Engineer II at FiservSoftware Development Engineer II at Fiserv
Sarah Eby, PCIPSarah Eby, PCIP
Operations Management - Risk/PCI Compliance at FiservOperations Management - Risk/PCI Compliance at Fiserv