موكيش كومار

### **GRC, Compliance & Audit**
* **Audit Excellence:** Maintained **zero major non-conformities** across ISO 27001, SOC 2 (Type 1 & 2), and ISO 22301 audits. Led enterprise-wide risk assessments and designed audit-ready control frameworks.
* **End-to-End Governance:** Managed external certification audits, coordinated evidence collection, and achieved a **98% on-time remediation rate** using JIRA-based risk tracking.
* **Executive Reporting:** Delivered quarterly KPI/KCI security dashboards and assurance certifications for **55+ products**, providing leadership with real-time governance visibility.
* **Strategic Support:** Responded to complex RFI/RFP security questionnaires, articulating security posture across AppSec and resilience domains.
* **Culture & Mentorship:** Mentored GRC interns and drove security awareness programs, reducing the central team’s workload for first-level compliance.
### **Third-Party Risk Management (TPRM)**
* **Program Management:** Led end-to-end TPRM for 30+ vendors, including onboarding, security reviews, and risk scoring.
* **Trust & Transparency:** Operated the enterprise **Trust Centre Portal**, providing real-time compliance evidence to clients, which significantly reduced pre-sales security review cycles.
* **Automation:** Developed and maintained the TPRM Portal, automating vendor workflows and **reducing manual assessment effort by 50%**.
### **Business Continuity Planning (BCP) & Resilience**
* **Risk & Simulation:** Conducted enterprise BCP risk assessments and facilitated **tabletop simulations** aligned with ISO 22301.
* **Digital Transformation:** Built and deployed the **BCP Portal** (awarded the **SPOT Award**), centralizing plan management and incident coordination.
* **Resilience:** Strengthened incident coordination processes to ensure continuous alignment with global resilience standards.
### **Application Security & DevSecOps**
* **VAPT:** Executed penetration testing for **20+ fintech web products** and **5+ mobile apps**. Identified OWASP Top 10, IDOR, and Injection flaws, achieving **40% faster remediation**.
* **AI/LLM Security:** Performed **OWASP LLM Top 10** assessments on AI-enabled products, remediating prompt injection and data leakage risks.
* **Triage Excellence:** Triaged 1, 200+ SAST findings (SonarQube, Fortify, Veracode), achieving a **35% reduction in false positives** and preventing 25+ high-severity releases.
* **DevSecOps Governance:** Integrated SAST, DAST, Secret Scanning (Gitleaks), and Container Scanning (Trivy, Prisma) into CI/CD pipelines. Achieved **100% container coverage** and a **45% reduction in production CVEs**.
### **Security Tool Development & Automation**
* **Full-Stack Development:** Designed and deployed **4 enterprise security portals** (ASP.NET/JS) including the Security Assessment and Shift-Left Portals.
* **Efficiency Gains:** Automated Application Security Posture Management (ASPM) across 55+ products, resulting in a **60% reduction in manual security review effort**.
* **Assurance:** Issued automated security scorecards and certifications to provide stakeholders with clear "go/no-go" release signals.
### **Data Privacy**
* **Monitoring:** Performed log analysis to identify anomalous access patterns and potential data exposure.
* **Compliance:** Supported **DPDPA 2023** initiatives by mapping data flows and recommending controls for Indian data protection requirements.
### **KEY ACHIEVEMENTS**
* **Sustained Compliance:** Zero major non-conformities across ISO 27001, SOC 2, and ISO 22301.
* **Innovation:** Built 4 production-grade security portals from scratch, saving 60% in manual effort.
* **Recognition:** Received the **SPOT Award** for rapid delivery of the BCP portal.
* **Technical Impact:** 45% reduction in production CVEs and 35% reduction in SAST false positives.