Abhishek Gurav Email and Phone Number

Primarily responsible for the Information security governance and control environment for Ugam operations. Information Security: • Define, review and maintain the organizational information security policies, processes, procedures and control framework in-line with ISO 27001:2013 standard and best practices to ensure it is adequate to address the emerging risks due to changing environment and technology• Develop the information security strategy for the organization and ensure plans are in place and implemented• Conducting Information security risk assessments/ threat modelling for new/existing projects/applications to identify security control requirements/ solutions• Assess and approve Infosec/ change/ privileged access requests with regards to Information security risks• Review and evaluate the design and operational effectiveness of security-related controls by performing internal audits – IT Infra, Network, Access Governance etc.• Lead the Information Security audits/ assessments of Ugam vendors/ suppliers based on Standardized Information Gathering (SIG) framework• Oversee information security incident management process• Conduct monthly and quarterly Information security review meetings with management team on InfoSec and IT Security monitoring results, incidents, critical changes in environment, audit results and status of corrective actions • Oversee the security operations center for monitoring using Alien Vault tool• Lead Information Security awareness & training programs • Assist and co-ordinate for in client, third party, external certification and internal auditsData Protection /Privacy: • Established Data Protection Governance Framework inline with the EU General Data Protection Regulation – (GDPR) • Defined Data Protection Policy, Privacy Impact Assessment Process • Data flow diagrams• Established the privacy awareness & Privacy Breach management process

Responsible for providing information security consulting services to Daimler Group companies across the globe which include: • Conduct Information Security Assessments/ Reviews of Mercedes Benz locations viz. Research & Development, Financial services and design centers in compliance to Daimler information policies and standards & ISO 27001 standard requirements• Conduct third supplier/ vendor compliance audits on Information security controls based on Daimler AG security requirements and highlighting the risks to the management• Perform Information security risk assessments and risk management• Provide security advisory to business stakeholders based on ISO 27000 Information Security Standards and best practices• Project management activities for Information Security assessments

Responsible for:• Establishing and Managing Information Security and Business Continuity Management control framework for offshore operations in India and Sri Lanka• Oversight of Logical Access Management governance for offshore users • Ensuring compliance to Aviva Plc. Information Security and Business Continuity standards • Providing assurance and highlighting risks to leadership team by performing InfoSec & BCM audits/reviews for suppliers• Conducting review meetings with CISO team and supplier partners• Oversight of BCM testing activities• Part of Crises Management Team• Providing assurance to business on design and effectiveness of controls in Business processes by conducting reviews and highlighting risks to leadership teamOversight of UK Data Protection - Information security controls.

Establishing and Implementing Information Security Management SystemAssisting and coordinating with external auditors during external certification audits (Certification Audit, Pre-assessments and Surveillance audit) Information Risk assessment and Risk treatment/mitigationDesigning information security policy,processes, procedure and guidelinesInformation Security Audits ( ISO/IEC 27001:2005) Compliance reporting, audit issues follow up & closureVulnerability Assessments Business continuity management system implementation.Business Impact Analysis IT Service Management