● Proactively monitor, report, and support the business in managing information security risks.● Support Phishing exercises for Global business.● Support Business Continuity / Disaster Recovery activity.● Support Business with Information Security and Data Protection contracts. ● Play a consulting role for the Business Team on all information security & privacy queries. ● Guide Privacy team on Information and Cyber Security requirements. ● Advice regional and global teams on Privacy by Design principle. ● Support wider Group activities in development of policies, processes, tools, and templates to efficiently deliver information security and ISO27001 certification. ● Support the Head of Information Security in operating and maintaining the Information Security Framework and the Vistra Information Security Group that oversees it. ● Provide security and risk consultancy on a range of IT and business projects, ensuring they are delivered with effective information security in mind. ● Support and coordinate requests for both internal and external IT audits and in requests for proposals(RFPs). ● Complete Information Security and Privacy due diligence questionnaire. ● Support cyber-security and Privacy training and awareness within the global regions to increase staff security awareness.

Manage the Data Privacy Program for the Bank.Maintain and update Data Privacy Policies, Procedure, Templates & Process documents as per regulatory / internal requirements.Prepare the response for client due diligence on data privacy queries.Perform Regulatory assessment to identify privacy laws applicable to the Bank.Ensure Subject Access Requests (SARs) are responded to in a timely manner.Play a consulting role for the Business Team on all privacy related queries.Assist legal team with privacy related provisions within contracts.Develop and conduct privacy awareness training.Handle the internal / external audits related to data privacy independently.Track the observation raised for closure with business teams for any data privacy assessments / audits.Ensure periodic updates are prepared as part of dashboards and the same are discussed with the relevant management team.Perform Privacy Impact Assessment and Transfer Impact Assessment.Coordination with Data Protection Consultants and Foreign representatives.Assist Data Discovery & Governance Team with Data classification.Advice Senior leadership function on Regulatory risks.Assist the CISO function with regulatory audits.Advice IT team on Privacy by Design and Default principles.Responsible for managing Information Security and Data Privacy awareness for the Bank and its group companies.Quartely & Monthly submissions to Regulators.

● Assisting the Information Security & Risk team with implementation of ISO 27001:2013 certification.● Planning, organizing and performing Information Security audits.● Performing Information Security risk assessments.● Continually assess Information Security controls to ensure that they meet the Information Security standards.● Regularly assess organization controls to ensure that they meet the legislative and regulatory compliance and to keep trackof proposed remedial actions.● Perform DPIA (Data Protection Impact Assessments) to identify risks related to collection and processing of Personal Data.● Assess onboarding of SAAS (Software as a Service).● To create an action plan to remediate existing risks and maintain a risk register.● Performing Physical Security Audits for India region.● Responsible for investigating Security Incident Breaches and liaise with company stakeholders and regulatory bodies.● Assisting Data Protection teams with ensuring compliance to emerging and existing data protection legislations.● Coordinate with infrastructure owners to implement any Information Technology security programme.● Review and consult legal teams with drafting of Data Protection and Information Security contract clauses.● Responsible for in person Information Security Training for APAC employees.● Perform Vendor risk assessments prior to vendor onboarding and follow up with refresher audits.● Assist with development and review of Information Security and Data Protection policies.● Assist CISO (Chief Information Security Officer) with building and developing Information Security strategy.

Regulatory Compliance: To ensure all regulatory submissions are done on time without any errors.● Aadhaar Compliance: Facilitate Aadhaar application assessment. Audit & assessment observation tracking & closure.● Internal Compliance: Weekly tracker submission for review of CISO and other Stakeholders within the Bank.● Privacy Advisory: Assist business with questions involving ongoing Privacy Compliance, Privacy Policy review and contractual provisions concerning privacy compliance and data use. Understand and respond to customerdata privacy requests.● Privacy Risk Assessment: Perform privacy impact assessment, ensure timely mitigation & validate remediation.● Privacy Program Implementation: Work with senior management to establish governance for privacyprograms. Assist in monitoring Bank’s Data Privacy Requirement.● ISO 27001 / ISMS : Pre-audit initiation, Maintain & update list of Stakeholders, Coordinate on remediation of gaps, non-conformance and OFI’s.

● To handle & assist all Law Enforcement and Legal Complaints received by the organization.● Assist Legal teams on Intellectual Property Law (IPR) and Cyber Law related issues.● Coordinating with Project Management teams to ensure Legal Compliance.● Assist in Technical Compliance and Legal Audits.● Ensuring adherence to legal issues, product & legal compliance and SLAs; working along with in-house Developers to implement automation strategies

● Drafting risk mitigation strategies, information security policies, information security guidelines and industry best practices in coordination with Security Researchers● Preparing reports, documenting processes and maintaining records; coordinating with lawyers to implement law enforcement issues● Managing roster, analyzing frauds & threats and performing audits on products● Executing gap analysis of security processes & standards across different business units and streamlining the security updates and compliance reports● Furnishing security related training material and conducting several security awareness programs● Establishing reporting mechanisms to report non-compliance and deviations● Evaluating internal control systems / procedures, preparing reports with a view to highlight the shortcomings and implementing / suggesting necessary recommendations

● Acted as a mentor and provided training and guidance to L1 staff; allocated tasks to staff● Managed escalations and abuse mitigation issues; performed risk assessment, incident management and abuse preventionto enhance operational security● Ensured organisational policies were adhered to and SLAs were maintained● Worked as a key point of contact between the organisation, different security agencies and law enforcement agencies

Dealt with Registrar and registry level abuse related to the organisation’s web presence by working in coordination withLaw Enforcement Agencies● Guided clients in legal & abuse cases; examined these cases and documented them● Allocated tasks to team members and organised meetings to review their performance

● Verified if domain names were involved in activities against company's AUP. ● Examined abuse issues & worked towards resolution of abuse instances by coordinating with Security Researchers● Analysed the nature of the complaints.

● Providing anti-piracy consultancy services. ● Assisting media houses with copyright takedowns.● Assisting individuals with online defamation cases.● Evidence gathering.● Technical assistance to Lawyers.