Management System (9001,14001,45001,50001)

Bhanwar Singh

Certifications

 CBCP - DRI
 CCSK - CSA STAR
 CPP - ASIS
 Lead Auditor - ISO 27001
 Lead Auditor - ISO 22301
 Lead Auditor - ISO 9001
 Internal Auditor - 9001,
14001, 45001

Industry Experience

 Banking & Financial

Services
 Data Centers
 Health and Hospitals
 Aviation Industry
 Oil, Gas and Chemical
 IT/ITES
 Insurance

Skills

 Information Security
 Business Continuity
 Cloud Security
 Project Management
 IT General Controls
 IT Application Controls
 IT SOX Audits
 Account Management
 Data Privacy
 Risk Management
 Governance Risk
and Compliance
 Internal Audits
 Vulnerability Management
 Third Party Risk
Management
 Cyber Maturity Assesment
 Disaster Recovery Reviews
 Data Security
 Budgeting and
Resource Planning
 Customer
Relationship
Management
 Integrated
Summary Reliance Industries Ltd, Jamnagar

More than 12+ years of Security Analyst at Oct’11 - July’16

diverse and rich Reliance Industries Ltd, Hazira
experience in
overseeing Information
Education
Security Management,
Data Security & Privacy,  MBA (Risk Management), from Suresh Gyan Vihar
Governance, Risk, University, Jaipur
Compliance, and Project  BSc (Mathematics), from Jaipur National University
Management across
multiple countries. Awards
Having wide experience
in successfully  Received “ Accelerator Award “ for Security and Privacy
delivering several team at Protiviti India
 Received 4.75 rating out of 5 for the Saudi Smart City
enterprise-level project for customer satisfaction for managing their
initiatives, projects, and Compliance Program
consulting
engagements. Contact Details
Currently, part of
Protiviti, a firm with 5k+ Mob no – +91 9265312228/9998943599
employees, across the Email – [email protected]
world with an approx. Address - Flat no 2402, SUN 5, Migsun Twiinz, ETA II,
annual revenue of Greater Noida , Uttar Pradesh, India
around 1.3 billion USD. LinkedIn - linkedin.com/in/bhanwar-singh-462730169/

Primary role to oversee

Protiviti’s Security &
Privacy consulting
engagements as a
Senior Manager of
Technology Consulting
to lead the Information
Security and Data
Privacy projects across
India and Middle East
region to help clients
from Banking & Finance,
Data Centers, Health,
Insurance and Oil/Gas
and Chemical.
Bhanwar connects well
with external and
internal leadership
teams in matrix
organizations to develop
relationships and drive
leadership agendas.

Work History Snapshot

Senior Manager – Security and Privacy
Protiviti India Member Private

National Manager – Security Program

G4s Secure Solution (India) Pvt
Security Officer – Information Security
Lords Chloro Alkali Ltd, Alwar

Security Executive at
 Professional Experience

Protiviti India Member Pvt Ltd, Noida Jan 2023 - Current

Senior Manager - Technology Consulting: Security and Privacy

▪ Hired by Protiviti as a Project Manager to lead the compliance program for the
Saudi Smart city. The certifications in scope included ISO 27001, ISO 27017,
ISO 27018, PCI DSS V4.0, ISO 27701, PDPL, GDPR, NCA ECC / CCC / TCC / CSCC
/ DCC / OSMACC, NDMO, CRF-CST, ISO 9001, ISO 14001, ISO 45001, ISO
50001, ISO 22301, ISO 20001, CSA STAR, SOC 2 Type 2, HIPAA, FISMA within a
span of an year with and led a team of over 10 consultants to accomplish the
program in the timelines provided.
▪ Achieved Permits & Licenses required as per KSA regulations for the
Data centers commissioned for the Saudi Smart City.
▪ Prepared Compliance Operationalization Framework for the achieved
certifications post data center commissioning for the Saudi Smart City.
▪ Prepared UCL – Unified Control Library – to map multiple international
security, privacy and management system standards and utilize the same
during audit planning and documentation preparation.
▪ Worked as a Project Manager for Cloud Security Assesment for an Aviation
authority client in UAE for cloud platform with SAAS/PAAS/IAAS in scope as
per CSA CCM and UAE National Cloud Security Policy.
▪ Implementation of ISO 27001:2022 for a major Hospital chain in India.
▪ Worked on Tokenization and VKYC audit for a major public sector bank in India.
▪ Worked as a Project Manager for a Cybersecurity and Controls review of a KSA
client based on NCA controls and ISO 27001 and ensured external audit is
completed with zero non compliances.
▪ Managed multiple Azure and AWS assessments for India and Middle East clients.
▪ Conducted Cyber Security and ISNP audit for 2 of the big Insurance companies in India.
▪ Worked on multiple RFPs to prepare proposals and finalize agreements with
clients for the projects won and ensured resource alignment for end-to-end
execution.
▪ Interviewed and hired information security professionals, trained them
on security standards before onboarding them for multiple projects.
▪ Drove business opportunities, revenue targets & managed stakeholder
relationships across senior leadership team.
▪ Trained Security & Privacy team members for multiple security and privacy projects.

G4s Secure Solution (India) Pvt Ltd, Noida Oct 2021 - Jan 2023
National Manager – Security Program

▪ Responsible for end-to-end implementation of Business Continuity

Management System across the Organisation which involved conducting gap
analysis, performing BIA, risk assessments, identifying critical processes,
establish the RTO and MTPD for all processes, captured critical processes
details to establish the minimum operating requirement for process recovery
and continuity.
▪ Responsible for end-to-end implementation of Data Privacy Management
System across the Organisation which involved conducting gap assessment,
preparing Data Privacy Framework and Operating Model, Data Protection
Roadmap and conducting training.
▪ Performed application control review for In-house developed applications.
Scope of review included obtaining the understanding of business
application, review of input controls, output controls, interface controls,
processing controls, management controls and general controls pertaining
to the application. Review also included to evaluate the efficiency of
controls related to application data storage, data migration etc.
▪ Responsible for end-to-end implementation of Information Security
Management System across the Organisation which involved conducting gap
analysis, performing Risk assessment, internal audit followed by external
 audits.
▪ Performed ITGC testing focusing on and covers testing of key controls over
Logical Access Controls, Change Management, Patch Management, Asset
Management, Incident Management, IT Governance, Physical and
environmental security controls, IT disaster recovery & business continuity,
IT capacity & performance monitoring, etc.
▪ Performed Cyber Security Maturity Assessment as per NIST Cybersecurity Framework.
 Lords Choro Alkali Ltd, Alwar Jan 2019 - July 2021

Security Officer – Information Security

▪ Worked as a Management Representative for the company to manage the

certifications, management reviews, internal audits, external audits,
certification bodies and trainings.
▪ Development, maintenance, and control of documentation related to the
management systems including manuals, procedures, work instructions,
forms, and records.
▪ Focal point for coordinating all activities related to the implementation,
maintenance, and improvement of all the management systems in scope.
▪ End to End implementation of ISO 27001 and ISO 22301 for the organization.
▪ End to End implementation of ISO 9001:2015, ISO 14001:2015, ISO
45001:2018 and ISO 50001 for the organization.
▪ Conducted IT Risk Assessment in accordance with the local regulations. Hands
on experience in developing the Risk register, Process universe, IT/IS Audit
Plan etc. Identified risks pertaining to IT processes, IT application, IT
Infrastructure components, IT Projects, Information security, Industrial control
system (ICS) governance etc. followed by categorization of risk based on
impact & likelihood of occurrence.

Reliance Industries Ltd, Jamnagar August 2016 - Jan 2019

Security Executive

• Responsible for end-to-end project management activities which included

ongoing operations, delivery quality, stakeholder management, ongoing
operations, escalation handling and team management.
• Performed end-to-end Business Continuity and Disaster Recovery audit
covering critical applications and processes and associated controls around
review of policy and procedures, BIA assessment, RTO and RPO, type of tests
conducted and training schedules.
• Conducted various audits across Information Security domains, scope of
these included understanding the organization context and processes,
review and testing of controls across domains such as Information Security
Policy, Asset Management, Human Resources Security, Physical and
Environmental security, Access control, Vendor Risk Assessment etc.

Reliance Industries Ltd, Hazira October 2011 - July 2016

Security Analyst

▪ Developed security policies and procedures to mitigate threats, enhance

resilience, and ensure compliance with industry regulations and standards
such as ISM Code, ISPS Code, and IMO guidelines.
▪ Assist in preparing documentation and participating in regulatory
audits related to security.
▪ Provided expert guidance and training to maritime personnel on
cybersecurity best practices, incident response procedures, and security
awareness to strengthen the organization's cyber defense capabilities.
▪ Implement and enforce security policies to ensure compliance with industry
regulations and international standards.
▪ Ensure that the organization's cybersecurity practices comply with
relevant maritime industry standards.
▪ Collaborated with cross-functional teams including IT, operations, and
management to integrate cybersecurity into maritime operations and
promote a culture of security.
▪ Analyze and assess the security of shipboard control systems, navigation
systems, and other critical maritime technologies.
▪ Work closely with the Maritime Security Officer to address security issues and
implement solutions.