Meet Naik

Cyber Security Assessment (ISO 27001, ISO 27701, HIPAA, NIST CSF, NIST 800-53, NIST 800-171, NYDFS, UK Online Safety Act 2024, NIS 2.0, HICP, HHS)

• Conducted interviews, reviewed documents, performed gap analysis, and developed action plans to address non-compliance.
• Created roadmaps to achieve target compliance scores, and enhance security.
• Prepared and presented detailed compliance reports and recommendations to management.

Control Testing:

• Performed NIST-based control testing using sample testing and walkthroughs.
• Identified control deficiencies, proposed improvements, and prepared concise reports for management.
• Presented findings and risk mitigation roadmaps to stakeholders.

GenAI Application Assessment PMO

• Led a team of seven to develop and execute assessment plans for thirty-two in-house GenAI applications.
• Led the effort to conduct initial assessments, identify findings, and provide recommendations.
• Managed resource allocation, tracked assessment progress, and coordinated daily team and weekly executive status updates.
• Supported the development and presentation of final reports to managing directors. Also, developed material to propose to the clients and bring GenAI assessment projects.

Application Assessment:

• Led a team of three to conduct application security assessments by performing client walkthroughs and collecting responses through control questionnaires.
• Performed gap analysis and identified improvements for nine ePHI-processing applications.

Issue & Exception Management:

• Designed strategies to manage the existing issue backlog and process the daily issues coming for policy exceptions, vulnerability exceptions, and bug exceptions.
• Proposed process enhancements by leveraging the AI tools and modifying the workflow to prioritize the high-severity items.
• Led the team and conducted day-to-day operations to reduce the backlog of over 800 issues.

Policy Redesign:

• Proposed strategies to redesign the policies to reduce the policy count from over 100 to 60 by consolidating the relevant requirements.
• Leveraged GenAI tools to identify the cross-connections between content and content reduction for effective communication.
• Socialized the policies across the organization by conducting walkthroughs.

Cyber Security Metrics:

• Architected and enhanced cyber metrics infrastructure, deploying capability heat maps, advanced KRIs/KPIs, and a formalized metrics lifecycle for risk quantification and threat analytics.
• Developed strategic roadmaps, business cases, and governance models to mature metrics-driven security operations and reporting.
• Delivered training and knowledge transfer to operationalize security analytics and metrics-based risk management across the enterprise.

Cyber Security PMO:

• Directed 7 GRC projects, leading a 6-member team in audit remediation (550+ findings), IT standards/policy development, third-party risk assessments, and cyber resilience initiatives.
• Managed project status, risk registers, issue logs, and budget reporting for executive stakeholders; ensured regulatory alignment and continuous process optimization.
• Facilitated stakeholder engagement, vendor risk management, and executive communications to drive program delivery and risk mitigation.

Cyber Security Assessment:

• Led ISO 27001:2013 assessments for major Indian IT and healthcare BPO clients, managing a 2-person team, and delivering executive-ready reports to CISOs.
• Directed internal audit for a healthcare BPO, executing ISO 27001:2013 audits across six sites, and supporting four PCI DSS, nine ISO 27001, and one HITRUST external audits via readiness assessments and policy/procedure development.

Privacy Assessment:

• Led GDPR, CCPA, UK DPA, and ISO 27701 (PIMS) assessments for IT service providers, delivering enhanced Data Privacy Frameworks, DPIAs, PI Inventories, privacy policies, and awareness training.

Cloud Security Assessment:

• Led the ISO 27018 and ISO 27017 assessments to strengthen cloud PII security controls, and ensure contractual compliance for client environments.