Subrata Das

Cybersecurity GRC Lead

Bengaluru, Karnataka, India

12+ Years Exp

Summary

Subrata Das, an accomplished cybersecurity professional, brings over 12 years of expertise in various areas including GRC, AWS Cloud Security, and Security Operations. With a focus on risk management, audit compliance, and findings management, Subrata leverages tools like Archer, IGRCS, and Jira to deliver exceptional results. His extensive experience encompasses working on multiple compliance programs such as HIPAA, GDPR, SOC1, SOC2, and NIST-CSF. Notably, Subrata holds certifications in ISO 27001 and 31000 Risk Management, demonstrating his commitment to industry best practices. He excels in stakeholder management and has a proven ability to build strong relationships. Currently serving as a Cybersecurity GRC Lead, Subrata plays a vital role in conducting application risk assessments, security posture assessments, and vendor risk assessments. His skillset includes conducting business impact assessments, designing effective controls, and performing internal audits. Furthermore, Subrata possesses valuable knowledge of security architecture, having closely collaborated with architect teams in his previous positions.

Technical Skills

Detailed View

Cybersecurity GRC
ISO 27001 Standard
Agile
Archer GRC
IGRCS
PCI DSS and HIPPA Compliance
NIST-CSF
GDPR
PCI DSS V3.2
ServiceNow
IT Act 2000
Amazon Web Services
JIRA
Computer Audit
Information Security Audit

Work Experience

Cyber Security Guidance and Assurance Specialist

Signify Innovation Labs

Full Time | 20/07/2021 - Present

India

Formerly Philips Lightning
  • Performing Third Party Risk assessment and Vendor Risk assessment.
  • Drafting comprehensive Vendor risk assessment report with complete gaps and identifying potential risks.
  • Experience using tools like Archer and Service Now.
  • Engaged in conducting Risk and Controls Assessments following the guidelines and framework outlined by NIST standards and the NIST framework.
  • Performing Business Impact Assessment and assessment of Control.
  • Working on Control selections and control designing to mitigate the identified risk.
  • Providing recommendations and Performing Risk Assessment on cloud and on Prem.
  • Working on each controls and evidence gathering and planning and execution of the internal Audit.
  • Cloud Security Risk assessment Audit and Cloud Security Service assessment and posture management (like AWS).

Associate Manager

T-Systems India Private Limited

Full Time | 19/11/2019 - 08/07/2021

Bengaluru, Karnataka, India

  • Performed Security Assessment in terms of Risk and BIA.
  • Performed Information Risk Management.
  • Managing risk and ensuring compliance with the GDPR regulations.
  • Closely worked with Architect team stakeholders and Project Management team.
  • Identified the risk, treated the risk and worked on control onboarding.
  • Tracked the Risks in IGRCS and Jira, checked the Design of the control and effectiveness of the control.

Technical lead and Cyber Defense Consultant

Wipro Technologies Limited

Full Time | 21/01/2019 - 06/11/2019

Bengaluru, Karnataka, India

  • Cyber Defense Consultant and Risk Management.
  • Performed Internal audits as per ISO 27001.
  • Created a security awareness training and program.
  • Successfully managed PCI DSS requirements for a banking client by conducting internal audits in alignment with the PCI standards.
  • Presented IOC and Threat Indicators and Offenses triggered in Weekly status report to the customer.
  • Provided breach analysis for any security Incidents or offences in the Weekly & Monthly Deck.
  • Provided breach analysis for any security Incidents or offences in the Weekly Deck.
  • Assisted with internal controls walkthroughs and obtaining evidence requested from audit teams.
  • Aided in designing new processes or controls to enhance risk management programs.
  • Aided the remediation effort for control failures and process improvements.
  • Aided in reviewing internal controls and security of systems under development as well as major IT projects and initiatives.

Technical Specialist

IBM India Pvt Limited

Full Time | 23/01/2017 - 05/12/2018

Bengaluru, Karnataka, India

  • Information Technology audit and risk management.
  • Experience in evaluating the adequacy and effectiveness of policies, procedures and processes.
  • Performed Gap analysis, identified the risk, and set up appropriate risk mitigation plan.
  • Experience in review and development of risk ratings.
  • Identified and evaluated Technology risks and controls, including supporting technology processes.
  • Experience with control evaluation and testing that included documentation of testing and reporting.
  • Continuously engaged with senior and line management to ensure timely closure of IT audit recommendations.
  • Reviewed processes and policies, shared best practices for improvement, and assisted investigations.

Security Operation Lead

Attra Infotech Pvt Limited Company

Full Time | 20/10/2015 - 11/01/2017

Bengaluru, Karnataka, India

  • Security Operations Lead Managing L1 and L2 Security engineers.
  • CSIRT mail box is monitored for any suspicious mails.
  • Investigated on Phishing e-mails and failures on multiple login attempts, Firewall, Blue Coat proxy deny issues.
  • Ensured active DDOs monitoring is performed, proper owner is assigned.
  • Prepared and reviewed Weekly and Monthly status reports and performed SLA breach analysis.
  • Led and managed team of Security operations team.
  • Ensured Security monitoring team acknowledges all the events related to suspicious and malicious activity.
  • Ensured incidents were investigated before confirming as false positives.

Incident & ITSM Manager

HCL Technologies Limited

Full Time | 20/08/2013 - 08/10/2015

Noida, Uttar Pradesh, India

Project: Anglo American (Mining Project)
  • Worked with GRC Manager for any security breach incidents.
  • Assisted in drawing up risk-based Annual IT audit plan based on HCL's IA methodology and submitted for IT Audit Lead's inputs.
  • Ensured use of IT Audit tools where applicable and Ensured documentation quality and compliance to the HCLs Inter Audit methodology.
  • Regular tracking to ensure timely completion of IT Audit engagements.
  • Ensured regular coordination between IT consultant and HCL stakeholders to ensure uninterrupted and regular flow of information, observations, mitigation plan and other relevant information.

NOC Analyst and Incident Analyst

Aon Hewitt Associates (Consulting and Technology)

Full Time | 21/08/2012 - 10/07/2013

India

Project: In-House Support
Tools used: Network Operation Center.
Responsibilities as NOC Analyst and Incident Analyst:
  • Responsible for working in a 24x7 NOC Operation Center.
  • Followed detailed operational processes and procedures to appropriately analyze, escalate and assist in remediation of critical information security incidents.
  • Monitored, Analyzed and notified the alerts to respective stakeholders and took action as applicable.
  • Followed Incident management procedure.
  • Followed up on Reported Security incidents.
  • Maintained device health and security update status.
  • Updated Knowledge base.
  • Coordinated and followed up with other support groups for remediating security incidents within SLA.

Command Center & IT Analyst

Tata Consultancy and Services Limited

Full Time | 24/05/2011 - 09/08/2012

Gurugram, Haryana, India

Project: Boston Scientific (US Healthcare)
  • Datacenter operations: Worked as monitoring operations analyst for all servers and network devices in Solarwinds tool.
  • Acknowledged all critical alerts, raised incidents accordingly, and assigned to appropriate distributed offshore or onshore teams.
  • Responsible for following ITIL processes like Incident Management, Change Management, and Problem Management.

Incident Analyst

HCL Technologies Limited

Full Time | 19/02/2008 - 11/05/2011

Noida, Uttar Pradesh, India

  • Worked as Incident Analyst and handled users’ desktop Issues, Outlook Issues, SAP password VPN Issues.
  • Worked in Global Access management team and handled Service Request to grant access and permissions to user’s shared documents, shared files and folders in Windows Active directory.

Education

Bachelor of Technology

DR.M.G.R Educational and Research Institute(Deemed University)

11/06/2003 - 06/06/2007

Major in Computer Science

Cyber Security 1 Year Program

NIT Rourkela (Edureka)

Certifications

 logo

GDPR Certified from TUV NORD , PCI DSS and HIPPA Compliance

 logo

ISO 31000 TUV NORD, CEH Version 11 and Certified Threat Intelligence

 logo

ISO27001:2013 TUV

EC Council logo

Certified Network Defender

EC Council

Amazon Web Services logo

AWS Cloud Solution Architect trained (Associate Level )

Amazon Web Services

 logo

Windows Active Directory Certified

 logo

Server Administration on 2008 server

 logo

2012 CCNA Internal Certified

 logo

AWS Cloud Security trained, Fundamentals on Cloud Security

 logo

ITIL V3 Foundation Certified

 logo

CompTIA Security +

EC Council logo

CEH trained

EC Council

 logo

Certified in Exin Cloud Computing

Edureka logo

Trained on Splunk

Edureka

line-stroke

Hire Faster. Innovate Faster.

Hyqoo AI streamlines the entire process, moving seamlessly from precise skill matching to interviews and onboarding. The moment your request enters the system, our intelligent algorithms spring into action, identifying the ideal talent with laser focus. With Hyqoo AI, you spend less time searching and more time building your dream team. Get the best talent, faster, and focus on innovation

1

24 hours

Requirements Discovery

You request talent on the Hyqoo platform and the process formally begins.

2

48 hours

Opportunity Mapping

Hyqoo talent specialists combine AI matching with real-world experience to find the best available talent to fill your role.

3

72 hours

Team Evaluation

Hyqoo specialists review talent profiles and present them to you for evaluation.

4

Offer & Onboarding

Hyqoo talent specialists work with our professionals on your behalf – helping expedit

Hyqoo Experts

Prompt Engineer

AI Product Manager

Generative AI Engineer

AI Integration Specialist

Data Privacy Consultant

AI Security Specialist

AI Auditor

Machine Managers

AI Ethicist

Generative AI Safety Engineer

Generative AI Architect

Data Annotator

AI QA Specialists

Data Architect

Data Engineer

Data Modeler

Data Visualization Analyst

Data QA

Data Analyst

Data Scientist

Data Governance

Database Operations

Front-End Engineer

Backend Engineer

Full Stack Engineer

QA Engineer

DevOps Engineer

Mobile App Developer

Software Architect

Project Manager

Scrum Master

Cloud Platform Architect

Cloud Platform Engineer

Cloud Software Engineer

Cloud Data Engineer

System Administrator

Cloud DevOps Engineer

Site Reliability Engineer

Product Manager

Business Analyst

Technical Product Manager

UI UX Designer

UI UX Developer

Application Security Engineer

Security Engineer

Network Security Engineer

Information Security Analyst

IT Security Specialist

Cybersecurity Analyst

Security System Administrator

Penetration Tester

IT Control Specialist

Instagram
Facebook
Twitter
LinkedIn
© 2025 Hyqoo LLC. All rights reserved.
110 Allen Road, Basking Ridge, New Jersey 07920.
V0.6.1
ISOhr6hr8hr3hr76