Tripurari Rai

Tripurari Rai

GRC Solution Architect, Information Security Consultant

  • Singapore SGP
  • Close to 9 years of information security experience with payment leader of the world (Visa Worldwide Pte. Ltd), Singapore and Wipro Consulting Services (one of the biggest IT Consulting firm of India and world). Ability to lead and co-ordinate with global virtual teams, customers, management, staff members and vendors with well-versed communication, good organizational and project management skills.


    Worked for various organizations i.e. Banks, manufacturing, IT service providers, ITES, Energy located in different geographies like Singapore, UAE, US and India to provide them information security services.


    I have a Masters in Cyber Laws & Information Security and am a member of the Information Systems Audit and Control Association (Singapore) and Open Compliance and Ethics Group (OCEG) 


    My key areas of expertise include:


    • IT Security management

    • Vulnerability Assessments

    • & Penetration Testing
    • Web-application security assessments

    • IT Security Project management

    • IT Security Findings Management

    • Cyber Security Threat Intelligence

    • Architect and develop Governance, Risk and Compliance (GRC) solutions for several Business processes

Work History
Work History
Jan 2011 - Present
Senior Software Engineer
Visa Worldwide Pte Ltd

Establishing effective collaborations with IT, Risk, Compliance, Finance and other management BPO (Business Process Owner) and BPOD (BPO Delegates) for development, testing and support for Visa Worldwide eGRC (Enterprise Governance Risk & Compliance) program requirements.

Current Responsibilities:

  • Implement, Support and monitor a comprehensive enterprise wide risk and compliance program requirements to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Visa;
  • Assist the Senior Business Leaders in coordinating and driving compliance in all information security streams (GIS, AML, SOX);
  • Assist the BPO’s in developing and conducting security training and awareness programs
  • Work closely with Internal Audit and TeamMate system owners to ensure successful operation of the system
May 2007 - Jan 2011
Senior Consultant
Wipro Consulting Services

I worked as senior consultant in Governance Risk and Compliance practice of Wipro Consulting Services.


  • Execute and manage medium to large scale projects as a team leader;
  • Perform attack and penetration tests, vulnerability assessments, systems and network devices configuration reviews and network architecture design and reviews;
  • Perform Information Security Risk & Control Assessments (via interviews, network and application vulnerability assessments, penetration tests, walkthroughs, and physical inspections) of IT systems & related areas at the client site;
  • Coordinate with clients, analyze their business processes, understand security system requirements to design and develop comprehensive information security management systems;
  • Design, implement and lead the Application Security program;
  • Analyze, develop and manage information security policies and procedures in line with the client’s business needs so as to ensure preventive and recovery strategies are in place to minimize the impact of realized threats;
  • Present findings and work products to senior management of the organization during and after projects.


Selected Projects


UK Leading Energy Giant–  Performing IT Risk Assessments and Reviews of IT projects running across the world by executing following key activities:


  • Finding Management
  • Supplier Accreditation (Third Party Audits)
  • Managing Risks in RFx processes
  • Change Management
  • Assistance with security testing
  • DSOP – checklist reviews


Real Estate giant in Abu Dhabi - ISMS implementation


  • Involved in ISMS implementation (against ISO 27001 standards) in the largest Real Estate business group of Abu-Dhabi.
  • Primarily I was responsible for risk assessment of networking devices, VoIP, blackberry services web applications and their supported critical infrastructure.
  • In this project as part of the implementation team I performed various activities like current state analysis, technical infrastructure assessment, asset register preparation etc. For this project performance he achieved Best Project Team-Member award in year 2009.


Application Security Advisory - I was tasked with establishment of Secure Software Development Life Cycle (SSDLC) which essentially involved defining SSDLC framework for application development, develop Security Policies, Checklist, Risk Assessment and Threat modeling procedures, carry out Application security assessment, prepare Secure Coding Guidelines for the developers, and carry out Application Security Awareness training for developers and user groups.

Jan 2016 - Jan 2019
Certified Information Security Manager
Information Systems Audit and Control Association

Certification Number: 1115769

Jan 2012 - Jan 2017
RSA Certified Security Professional
EMC RSA Archer Certified Administrator 5.x Exam

Jan 2009 - Present
Certified Ethical Hacker
EC Council

Jun 2009 - Present
BSI ISO 27001 Lead Implementer
British Standards Institute

Professional Development

  • Participated in OWASP Code review tool development project (3 members) for unmanaged code security audit for Java & ASP.NET web applications. This tool is in beta stage and was released in year 2010.
  • Silver Medalist in Master of Science in “Cyber Laws & Information Security” from Indian Institute of Information Technology, Allahabad, India
  • Go beyond Award Certificates in the year 2013, Visa Inc.
  • Hall of Fame award in year 2009 from Wipro Consulting Services, India.
  • Best All-rounder Team-member award from Wipro Limited in year 2008