Summary
Overview
Work History
Education
Skills
Timeline
Generic
UTKARSH GANORKAR

UTKARSH GANORKAR

Sydney,Australia

Summary

Experienced cyber GRC professional with 18 years of expertise in banking, finance, and payment industry. Proven track record in implementing and ensuring compliance with industry-leading standards including PCI DSS, PCI PIN, ISO 27001, and SOC. Successful in navigating regulatory audits, managing risks, and upholding industry standards. Skilled in developing and maintaining robust security frameworks for safeguarding sensitive financial data.

Overview

18
18
years of professional experience

Work History

Manager - Cryptographic Key Management Services

Fiserv
09.2019 - Current
  • Designed and Implemented Key Management program with best security practices to effectively undertake business encryption key requirements & achieve PCI PIN certification.
  • Up-keeping Key Generation lifecycle records, key management protocols, Key safe logbooks, HSM Access logs, key exchange evidence, key destruction records, key refresh logbook.
  • Host Security Module (HSM) Security configuration management and its annual review based on the Cyber Policy and platform requirement.
  • Collaborate with Solution Architect and Project team for new project's Secure Key exchange approach and adoption of encryption key security in development stage.
  • Risk assessment of critical applications from Data Encryption perspective and planning of encryption solution roll-out.
  • Management of Key custodian on-boarding formalities, authorization and encryption security awareness trainings.
  • Upkeep listing of Critical applications and their respective encryption status. Maintain non-compliances in risk register to regularly update management committee.
  • Managing PCI-DSS , AusPayNet, SOC and PCI PIN security audit program.

Senior Cyber Professional II

Fiserv
02.2017 - 09.2019
  • Lead and manage a team of risk analysts in APAC region
  • Reporting and communicating methods that ensures relevant stakeholders within IT and business leadership have an accurate and timely view of IT risks
  • Analyze and process data related to risk, issues, and deficiencies to identify patterns and trends
  • Manages risk inventory into Archer system, dashboard publishing for monthly management report
  • Vulnerability Management - manages team that will perform remediation management, reporting, and escalation of vulnerabilities identified through Cyber Resilience testing activities to include penetration testing and application security testing.

Manager - Technology Audit & Compliance

Edelweiss Securities Limited
10.2014 - 02.2017
  • Maintenance & Implementation of Compliance Controls as per ISO 27001 standard & other regulators like SEBI, Mutual Fund, RBI, MAS, Stock Exchange, NBFC Board
  • Upkeep of all Polices, Procedures, Hardening guidelines, Audit Reports, Regulatory circulars, Audit Evidences, Backup Testing Result & Access Control Review documents
  • Conducted Cyber Security Risk Assessment (CSRA), Technology Risk Management (TRM), Monetary Authority of Singapore (MAS), Retail Customer Management Process Audit
  • Vulnerability Management & Penetration Testing using various security VA / PT Tools to ensure all new vulnerabilities resolved in the system
  • End User Security Awareness Programs across Edelweiss Group.

Information Security Manager

TATA Housing
02.2013 - 09.2014
  • Greenfield Implementation of ISO 27001:2013 Standard
  • Identification, implementation, and maintaining processes and tools to support assurance, compliance, and remediate tracking activities (e.g.
  • Testing, maintenance of controls, documentation)
  • POC of security tools and analysis of relevancy to requirement and organization
  • Implementation of Web Sense Web Security Gateway, Data Leakage Prevention System, Antivirus Solution
  • Administration of Mobile Device Management System (MDM), Registration of new device into system
  • Designing of MDM policy & enforcing on all devices
  • Tracking & Erasing data on device in theft or loss event
  • Administration of Firewall, Quarterly Policy review & documentation
  • Collaborate with cross-functional teams to embed a culture of cyber risk awareness and accountability throughout the organization
  • Educate employees on risk management principles, processes, and their responsibilities; foster a cyber-risk-aware culture within the organization by promoting awareness and understanding of cyber risk management across all levels.

Sr. Technology Solution Engineer - Audit & Compliance

ICICI Bank LTD
12.2007 - 01.2013
  • Developing, initiating, maintaining, and revising policies and procedures for the Information Security, Business Continuity and Quality assurance operation of the IT Security Compliance Programs and its related activities to prevent illegal, unethical, or improper conduct
  • As a Security Champion from Network Team, Collaborate with other departments (e.g., Risk Management, Internal Audit, SOX Committee) to direct compliance issues to appropriate existing channels for investigation as well as its resolution also involved into implementation & Maintenance of ISO 27001, preparation of SOC RCM matrix & its regular walkthrough, Quarterly User Access Management Audit, Annual Risk Management Program etc
  • Analysis & Closure of identified gaps in audits & walkthrough
  • Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures.

Education

Certification - CISA - Certified Information Security Auditor

ISACA
USA

Certification - CEH - Certified Ethical Hacker

EC Council

Certification - ISO 27001 - Lead Auditor

BSI

Certification - ISO/IEC 27005 Information Security Risk Manager

Udemy

Certification - Artificial Intelligence Risk And Cyber Security

Udemy

Computer Engineering -

Nagpur University
Nagpur India
03.2006

Skills

  • Cybersecurity risk management
  • Compliance Management
  • Vendor Risk Management
  • Cybersecurity Strategy Development
  • Risk Assessment
  • Security metrics
  • Security Architecture
  • Disaster Recovery Planning
  • Project Planning
  • IT infrastructure proficiency
  • HSM - Safenet, Thales
  • PCI DSS, PCI PIN, SOC, SOX, ISO27001,AS2805, AusPayNet

Timeline

Manager - Cryptographic Key Management Services

Fiserv
09.2019 - Current

Senior Cyber Professional II

Fiserv
02.2017 - 09.2019

Manager - Technology Audit & Compliance

Edelweiss Securities Limited
10.2014 - 02.2017

Information Security Manager

TATA Housing
02.2013 - 09.2014

Sr. Technology Solution Engineer - Audit & Compliance

ICICI Bank LTD
12.2007 - 01.2013

Certification - CISA - Certified Information Security Auditor

ISACA

Certification - CEH - Certified Ethical Hacker

EC Council

Certification - ISO 27001 - Lead Auditor

BSI

Certification - ISO/IEC 27005 Information Security Risk Manager

Udemy

Certification - Artificial Intelligence Risk And Cyber Security

Udemy

Computer Engineering -

Nagpur University

Similar Profiles

  • Rohit Aggarwal

    Rohit AggarwalRohit Aggarwal

    Technical Lead at FiservTechnical Lead at Fiserv

    View Profile
  • Josephine Gallo

    Josephine GalloJosephine Gallo

    CLIENT SERVICES MANAGER at FISERVCLIENT SERVICES MANAGER at FISERV

    View Profile
  • Lakshmi Prasanna Basavaraju

    Lakshmi Prasanna BasavarajuLakshmi Prasanna Basavaraju

    Lead Product Owner at FiservLead Product Owner at Fiserv

    View Profile
UTKARSH GANORKAR