Download PDF

Employment History

June 2016Present

Regional Information Security Officer, Asia Pacific & EMEA

Carlson Wagonlit Travel

Responsible for the information security leadership for entire APAC and EMEA region covering more than 30 countries . As part of the role, he manages the communication and relationship with the senior leadership for all security matters. Part of the leadership team, role focuses on implementing a robust governance framework and aligning the security landscape with the business requirement

Sep 2015June 2016

Regional Information Security Officer, Asia Pacific

Carlson Wagonlit Travel

Part of the leadership team responsible for information security for entire APAC region covering nine countries along with partner countries. He manages a team of information security professional to ensure information security is consistently implemented and rolled across APAC. As part of the role, he manages the communication and relationship with the senior leadership for all security matters. Apart from the delivery role, he is responsible for various global projects for compliance and data security. This role span entire fulcrum of information security (such as incident management, risk and compliance, security audits, governance, etc.)

Feb 2014Aug 2015

Director - Information Security, Asia Pacific

Carlson Wagonlit Travel

Part of the management team responsible for Information Security for Asia Pacific Region. Apart from the regional security responsibilities, serving as a subject matter expert for PCI compliance for CWT. He plays a key role in delivering multiple global and regional projects to meet compliance requirements. Apart from the compliance requirements, plays a pivotal role  in managing communication and relationships with various internal and external stakeholders on advising and recommending information security.

Aug 2011Feb 2014

Manager - IT Assurance & Security

KPMG Services Pte. Ltd

Manager as part of IT Assurance Services part of Compliance Services providing security consulting services to clients in South East Asia. Apart from leading multiple projects, responsible for client relationship management and generating new business strategies for security services apart from leading security compliance practice. 

Apr 2010Aug 2011

Senior Consultant - Professional Services

Verizon Business

Harshal was part of Verizon Professional services delivering security consulting services to clients based in Asia. He played a key role in setting up new business for professional services in the region. He was also qualified security assessor for PCI DSS and certified clients for the payment security program.

Jan 2008Apr 2010

Consultant - Governance Risk and Compliance

Wipro Consulting Services

He has been working with Wipro Consulting Services in Risk and Compliance team. His main task include helping partners in development and implementation of security framework based on different standards and regulatory compliances like ISO 27001, PCI-DSS, Cobit etc.He is also responsible to assist the partners with different technical risk assessment like Vulnerability Assessment, Penetration testing, Network Architecture etc (based on guidelines of NIST, SANS). He has also been involved in development of white papers and project re-usable material for practice development

May 2006Jan 2008

ISMS Manager

NII Consulting Pvt. Ltd

Playing a dual role as a Team Leader for Compliance Consulting as well as ISMS Manager responsible for internal compliance. Delivering and managing high value consulting projects apart from leading business development exercises in Asia and Middle East.

Education

20012005

Bachelor of Engineering

Mumbai University

Information Technology

Skills

Consulting & Value Added Services

Security Selling, Business Development, Project Management, Innovation

Security Compliance Management

ISO 27001, NIST Framework, MAS TRM Guidelines, ISO 22301, CSA Guidelines

Security Program Management

Security Program Office, Security Operations, Incident Management, Security Center of Excellence

Payment Security

PCI DSS, PA DSS, Scope Reduction, Tokenization, QSA Assessment, Gap Assessment

Security Risk Management

ISO 27005, TRM Guidelines, Threat Assessment, Risk Acceptance & Mitigation

Information Security Management

Security Leadership, People Management, Mentoring, Framework Management, Vendor Management

Certifications

  • PCI – Internal Security Assessor (ISA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information System Security Professional (CISSP)
  • Certified Ethical Hacker (CIEH)
  • ITIL Foundation (EXIN)
  • ISO 27001 Lead Implementer (BSI) & Auditor (BSI)
  • Cobit Foundation (ISACA)

Governance Risk & Compliance

  • Program management for APAC high risk remediation program – Driving internal projects as part of the high risk remediation program to mitigate significant risk in the environment which impacts processes, core application and infrastructure to align regionally with business objectives
  • Security Center of Excellence program - Driving security center of excellence program for all the countries in APAC, for ensuring business stays compliant and excels in various security requirements through measurable outputs and management actions.
  • Security Incident Management Lead – Incident Management lead for the APAC region being the single point of contact with business, legal and compliance to drive various types of information security incidents and leading the triage process along with acting as a liase with management and other external stakeholders on communication and escalations
  • Risk Assessment for various mission critical applications for Tax Authority – Engagement Manager for performing security risk assessment taking reference from various security guidelines and best practices (such as IM8, TRM, ISO 27002, ITIL). Significant contribution in building and growing the business by delivering high value consulting services to reduce the risk landscape for the organization
  • Security Framework for Cloud service provider – Engagement Manager for designing Information Security Management Framework and security policy for a leading Telco in Singapore based on various cloud security best practices (such as ISO 27002, CSA Guidelines, NIST and CCM) to secure its private cloud used for providing Infrastructure-as-a-Service (IaaS) and Utility Services, Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) to various tenants.
  • Vendor Assurance Program – Driving an internal vendor assurance program to manage the various vendors providing services to the business and dealing with company vital trust data. Bigger component of the project is to get them aligned to internal security policies and processes
  • Some of the ISMS Framework Consulting Projects  across the globe
    • Engagement Manager for leading Power Plant Company in Singapore
    • Project Manager for Federal Government Entity in Abu Dhabi
    • Project Manager for leading stock brokerage company in India
    • Project Manager for KPO in India
    • Engagement Manager for design of ISMS & BCP Framework for KPO / LPO in India
    • Project Manager for gap Assessment against various security framework for leading global consulting organization
    • ISMS Lead for design of policies and procedures framework for various Ministries of Government of India
    • Project Manager for implementation of ISMS framework for leading background verification company

Technical Security Management

  • Some of the technical security assessments projects across the globe:
    • Engagement Manager for performing security assessment and control review against corporate security policy and guidelines for a leading logistic company in Singapore
    • Engagement Manager to design and improve the existing Identity Access Management framework along with To-Be Process for integration with future landscape for a leading Telco in Malaysia
    • Security Lead for performing application level review for leading island resorts in Singapore
    • Technical Lead for conducting infrastructure audit for a manufacturing giant for various locations spread across Saudi Arabia
    • Team Lead for performing Application Security Assessment for leading manufacturing giant in India using Mind map technique.
    • Team lead for conducting penetration testing for various web based applications for a leading Matrimonial sit
    • Application Security lead for biggest Insurance company in India for conducting application control assessment based on OWASP and NIST framework
    • Engagement Manager for performing security audit for core application for a leading airlines in the world
    • Team Lead for performing social engineering for a leading bank in the world
  • Designing and project management of technical solution to securely send and receive electronic fax and email  containing credit card outside the company network
  • Design and implementation of a technical solution to encrypt the major back-office application for various instances across the APAC region

Payment Security

  • PCI-DSS Project Management and Subject Matter Expert responsible ensuring back office application (used in multiple locations across the globe) is certified to PCI DSS compliance. Part of the role required extensive interaction with the vendor and various internal infrastructure teams to get this implemented within budget and timelines
  • Design of secure solution for email and fax to meet PCI DSS requirement which would be used by more than 10k users globally. Role included technical subject matter expertise along with roll out and implementation
  • Design and implementation of card discovery and remediation program across APAC region working with various stakeholders by decreasing the credit card footprints and in turn reducing the cost of compliance.
  • Some of the PCI DSS Consulting and Advisory services project included:
    • Engagement Lead for PCI DSS advisory  for a major Telco in Singapore on:
      • Scope reduction using  Business Process Remediation
      • Tokenization solution implementation
      • Technical gap assessment and remediation roadmap to achieve fast track compliance
    • Engagement Manager for a leading travel solution and service provider across Asia assisting them in:
      •  Scope Reduction and Quick Wins for PCI DSS compliance
      • Assessment for various applications and infrastructure to assess the current compliance level vis-a-vis PCI DSS
      • Recommendation and detailed strategy for achieving compliance
    • Engagement Manager for PCI-DSS Consulting and Advisory services for one of the leading banks in Thailand
    • Engagement Manager for PCI-DSS QSA Assessment and Remediation for leading banks in Thailand
    • Engagement Manager for PCI-DSS Scope Reduction Consulting & Remediation Strategy for a leading bank in Singapore and Malaysia
    • Engagement Manager for PCI-DSS Scope Reduction Consulting & Remediation Strategy for a leading bank in Nigeria
    • Engagement Manager for PCI-DSS Scope Reduction Consulting for a leading bank in Indonesia.
    • QSA for a PCI-DSS Assessment for a leading BPO for their offices in India, United States and Central America.
    • QSA for leading IT software development company developing and supporting payment applications globally
    • PCI Lead for design and Implementation of PCI-DSS Compliance Implementation project for a retail giant in India

Public Speaking

  • E-Crime Congress 2015 Abu Dhabi: Presentation of APAC perspective - Effective implementation of PCI DSS Program
  • Cyber Security Show Asia 2015: Chairing Roundtable discussion Digital payment security: Next-generation threats and defence solutions 
  • Singapore Datacenter 2015: Executive Panel Discussion on The Industry Debates on IT, Cloud, Mobility, Security and Data Center Decisions
  • E-Crime Congress 2015 Singapore: Presentation on Changing landscape and threats in Payment Security
  • E-Crime Congress 2014 Singapore: Executive Panel Discussion on Optimizing information security programme and meeting regulatory requirements
  • The 5th CXO Leadership Summit 2014 Singapore: Executive Panel Discussion on The Future Of Mobile Security
  • Singapore Datacenter Pre-event 2015: Executive Panel Discussion on The Industry Debates on IT, Cloud, Mobility, Security and Data Center Decisions