Profile ======= MAYANK SEKHAR ============= **Information Security & Cloud Consultant** **Email:** Mayankshekharsingh@gmail.com **Mobile:** +91 8882976088 / +94 74 330 1711 **LinkedIn:** https://linkedin.com/in/mayank-sekhar --- Who I Am -------- I am a hands-on **AWS Solutions Architect**, **Cloud Security Architect**, and **Information Security Manager** who has evolved into a strategic consultant and executive advisor. With deep engineering experience and a strong GRC foundation, I bridge the gap between business objectives and technical execution, ensuring security is not just compliant but also an accelerator for product growth, customer trust, and market expansion. I understand how to build and protect systems at the infrastructure level, but more importantly, I know how to translate technical outcomes into business value. Whether working with C-level leadership or engineering teams, I focus on closing gaps across people, process, and technology so organisations can scale securely, pass audits confidently, and deliver products faster without compromising risk posture. If your organisation needs someone who can design secure architectures, implement controls, assess infrastructure realities, and deliver measurable outcomes, I bring the ability to operate at both hands-on technical depth and board-level strategic height — aligning all stakeholders toward secure, growth-oriented results and providing accurate reports to stakeholders about blockers, whether cultural, knowledge-based, or human factors. --- PROFILE SUMMARY --------------- Information Security and Cloud Consultant with **12+ years** of global experience delivering secure digital transformation, cloud governance, and regulatory compliance programs for European and global organisations. I have held full-time roles with **IBM**, **Oracle**, and **OpenText**, building a solid foundation in cloud infrastructure, DevOps, and information security. Additionally, I have delivered project consulting engagements with **Red Hat** and **Microsoft**, enabling enterprises to secure multi-cloud environments, establish strong governance, and achieve cross-regional regulatory compliance. I specialise in guiding organisations through complex security transformations — from **zero-trust architecture** and **secure CI/CD pipelines** to **multi-geo compliance programs** aligned with **ISO 27001**, **GDPR**, **CIS Benchmarks**, and **NIST CSF**. My work integrates governance, automation, and resilience into cloud environments, ensuring risk reduction, audit readiness, and faster delivery without operational friction. --- EXECUTIVE VALUE I DELIVER ------------------------- - Align cybersecurity with business strategy, revenue protection, and product velocity. - Deliver secure-by-design cloud architectures with measurable guardrails. - Achieve audit-ready compliance for **ISO 27001**, **GDPR**, **NIS2**, **DORA**, **EU AI ACT**, and **Cyber Resilience Act**. - Establish governance, KPIs, and dashboards for board-level risk visibility. - Close organisational gaps between leadership, architecture, and DevOps. - Turn cybersecurity into a competitive advantage, not a cost centre. --- BUSINESS IMPACT & TRUST SIGNALS ------------------------------- - Reduced audit findings by **80%** and achieved first-time ISO 27001 certification in record time. - Shortened compliance readiness from **9 months to 12–16 weeks** through automation. - Delivered **zero nonconformities** in multi-region audit programs. - Improved DevOps delivery by **30%** through secure CI/CD enablement. - Enabled cross-region **DORA** and **NIS2** readiness for healthcare and fintech clients. - Supported enterprises in **Aviation**, **Utilities**, **Fintech**, **SaaS**, and **Healthcare** sectors across EU and North America. --- METHODOLOGY — MY ENGAGEMENT FRAMEWORK ------------------------------------- **Assess → Harden → Automate → Assure** - **Assess:** Risk analysis, maturity assessment, scope definition, and stakeholder mapping. - **Harden:** Architecture, IAM, and DevSecOps pipeline controls; zero-trust enforcement. - **Automate:** Evidence generation, monitoring, and continuous compliance. - **Assure:** Internal audit preparation, table-top tests, and regulator-ready documentation. Also, I have a framework of my own in development: `CIR³ Framework `_ --- CORE EXPERTISE -------------- **Governance, Risk & Compliance:** ISO 27001, GDPR, NIS2, DORA, Risk Assessments, BCP/DRP, CSIRT, Audit Readiness **Cloud & DevSecOps:** AWS Solutions & Security, Secure CI/CD, IaC Projects, Observability Plans, Zero-Trust Controls, Cloud Baselines **Advisory & Leadership:** C-level Consulting, Product Ownership Support, Technical Project Delivery, Security Roadmaps, Policy Engineering, Awareness & Enablement --- CORE CONSULTING OFFERS ---------------------- **ISO 27001 Program (8–16 weeks)** From gap assessment to audit readiness — risk treatment, SoA, internal audit, and evidence management. **GDPR + NIS2 Compliance Program** End-to-end governance, CSIRT setup, control documentation, and cross-regional compliance alignment. **Cloud Security Foundation for AWS** Landing zone design, IAM hardening, logging, encryption, and zero-trust guardrails. **DevSecOps Enablement** Hardened CI/CD pipelines, POC-based delivery, SAST/DAST automation, and evidence-first compliance. **Security Governance & Operating Model (GRC)** Policies, KPIs, risk registers, and board-level dashboards to ensure governance maturity. **End-to-end execution:** Architecture → Governance → Controls → Evidence → Audit → Handover --- BOARD-LEVEL METRICS I ESTABLISH ------------------------------- - **Audit performance:** Time-to-close, evidence maturity, risk coverage - **Operational resilience:** MTTD/MTTR, recovery validation, incident SLAs - **Compliance coverage:** % of systems under control mapping - **Identity security maturity:** Privilege reduction, SSO, Just-in-Time admin metrics - **Cloud program KPIs:** Pipeline pass rates, drift detection, change audit trails --- RECENT CONSULTING ENGAGEMENTS ----------------------------- **Independent Consulting – Remote** *Cloud & DevSecOps Consultant | July 2022 – December 2022* Delivered AWS cloud governance, secure CI/CD, and regulatory alignment for a decentralised Java-based product company. **AWS Solution & InfoSec Consultancy** *DORA Program (Healthcare via Software Services Partner) | March 2025 – August 2025* Delivered DORA readiness roadmap, established control ownership, and defined compliance metrics. Secured endorsement for DORA Implementation and Governance consultancy based on successful pilot delivery by Vice-President of CGI. --- CALL TO ACTION -------------- If your organisation is planning to achieve **ISO 27001 certification**, **NIS2/DORA readiness**, or **secure multi-cloud transformation**, I can help deliver these goals with confidence and measurable results. Whether you need a **CISM-certified Information Security Manager** to strengthen governance and risk management, or an **AWS Solutions Architect Professional** to secure and optimise your cloud environments, I provide both executive advisory and hands-on technical delivery. If you're looking to build a compliant security program, secure your AWS workloads, or accelerate DevSecOps and GRC maturity, let’s discuss how I can align your roadmap to business outcomes, audit readiness, and long-term resilience. --- CERTIFICATIONS -------------- [ https://github.com/Mynkskhr/Thinkwerke/blob/main/Certifications.md ] - **AWS Certified Solutions Architect – Professional (2025)** - **CISM, ISACA (2025)** - **ISO 27001:2022 Lead Implementer, TÜV SÜD (2025)** - **NIS2 (Scoring 91.4%) & DORA Trained Professional (EU Compliance, 2025)** - **CompTIA SecurityX (Gold Level Security Architect – expected Nov 2025)** - **AWS Certified Security – Specialty** (expired, but validated skills): https://www.credly.com/badges/b9c37026-9df0-4257-920d-aba226f1f6b0?source=linked_in_profile