Profile

MAYANK SEKHAR

Information Security & Cloud Consultant

Email: Mayankshekharsingh@gmail.com Mobile: +91 8882976088 / +94 74 330 1711 LinkedIn: https://linkedin.com/in/mayank-sekhar

Who I Am

I am a hands-on AWS Solutions Architect, Cloud Security Architect, and Information Security Manager who has evolved into a strategic consultant and executive advisor. With deep engineering experience and a strong GRC foundation, I bridge the gap between business objectives and technical execution, ensuring security is not just compliant but also an accelerator for product growth, customer trust, and market expansion.

I understand how to build and protect systems at the infrastructure level, but more importantly, I know how to translate technical outcomes into business value. Whether working with C-level leadership or engineering teams, I focus on closing gaps across people, process, and technology so organisations can scale securely, pass audits confidently, and deliver products faster without compromising risk posture.

If your organisation needs someone who can design secure architectures, implement controls, assess infrastructure realities, and deliver measurable outcomes, I bring the ability to operate at both hands-on technical depth and board-level strategic height — aligning all stakeholders toward secure, growth-oriented results and providing accurate reports to stakeholders about blockers, whether cultural, knowledge-based, or human factors.

PROFILE SUMMARY

Information Security and Cloud Consultant with 12+ years of global experience delivering secure digital transformation, cloud governance, and regulatory compliance programs for European and global organisations.

I have held full-time roles with IBM, Oracle, and OpenText, building a solid foundation in cloud infrastructure, DevOps, and information security.

Additionally, I have delivered project consulting engagements with Red Hat and Microsoft, enabling enterprises to secure multi-cloud environments, establish strong governance, and achieve cross-regional regulatory compliance.

I specialise in guiding organisations through complex security transformations — from zero-trust architecture and secure CI/CD pipelines to multi-geo compliance programs aligned with ISO 27001, GDPR, CIS Benchmarks, and NIST CSF.

My work integrates governance, automation, and resilience into cloud environments, ensuring risk reduction, audit readiness, and faster delivery without operational friction.

EXECUTIVE VALUE I DELIVER

  • Align cybersecurity with business strategy, revenue protection, and product velocity.

  • Deliver secure-by-design cloud architectures with measurable guardrails.

  • Achieve audit-ready compliance for ISO 27001, GDPR, NIS2, DORA, EU AI ACT, and Cyber Resilience Act.

  • Establish governance, KPIs, and dashboards for board-level risk visibility.

  • Close organisational gaps between leadership, architecture, and DevOps.

  • Turn cybersecurity into a competitive advantage, not a cost centre.

BUSINESS IMPACT & TRUST SIGNALS

  • Reduced audit findings by 80% and achieved first-time ISO 27001 certification in record time.

  • Shortened compliance readiness from 9 months to 12–16 weeks through automation.

  • Delivered zero nonconformities in multi-region audit programs.

  • Improved DevOps delivery by 30% through secure CI/CD enablement.

  • Enabled cross-region DORA and NIS2 readiness for healthcare and fintech clients.

  • Supported enterprises in Aviation, Utilities, Fintech, SaaS, and Healthcare sectors across EU and North America.

METHODOLOGY — MY ENGAGEMENT FRAMEWORK

Assess → Harden → Automate → Assure

  • Assess: Risk analysis, maturity assessment, scope definition, and stakeholder mapping.

  • Harden: Architecture, IAM, and DevSecOps pipeline controls; zero-trust enforcement.

  • Automate: Evidence generation, monitoring, and continuous compliance.

  • Assure: Internal audit preparation, table-top tests, and regulator-ready documentation.

Also, I have a framework of my own in development: CIR³ Framework

CORE EXPERTISE

Governance, Risk & Compliance: ISO 27001, GDPR, NIS2, DORA, Risk Assessments, BCP/DRP, CSIRT, Audit Readiness

Cloud & DevSecOps: AWS Solutions & Security, Secure CI/CD, IaC Projects, Observability Plans, Zero-Trust Controls, Cloud Baselines

Advisory & Leadership: C-level Consulting, Product Ownership Support, Technical Project Delivery, Security Roadmaps, Policy Engineering, Awareness & Enablement

CORE CONSULTING OFFERS

ISO 27001 Program (8–16 weeks) From gap assessment to audit readiness — risk treatment, SoA, internal audit, and evidence management.

GDPR + NIS2 Compliance Program End-to-end governance, CSIRT setup, control documentation, and cross-regional compliance alignment.

Cloud Security Foundation for AWS Landing zone design, IAM hardening, logging, encryption, and zero-trust guardrails.

DevSecOps Enablement Hardened CI/CD pipelines, POC-based delivery, SAST/DAST automation, and evidence-first compliance.

Security Governance & Operating Model (GRC) Policies, KPIs, risk registers, and board-level dashboards to ensure governance maturity.

End-to-end execution: Architecture → Governance → Controls → Evidence → Audit → Handover

BOARD-LEVEL METRICS I ESTABLISH

  • Audit performance: Time-to-close, evidence maturity, risk coverage

  • Operational resilience: MTTD/MTTR, recovery validation, incident SLAs

  • Compliance coverage: % of systems under control mapping

  • Identity security maturity: Privilege reduction, SSO, Just-in-Time admin metrics

  • Cloud program KPIs: Pipeline pass rates, drift detection, change audit trails

RECENT CONSULTING ENGAGEMENTS

Independent Consulting – Remote Cloud & DevSecOps Consultant | July 2022 – December 2022 Delivered AWS cloud governance, secure CI/CD, and regulatory alignment for a decentralised Java-based product company.

AWS Solution & InfoSec Consultancy DORA Program (Healthcare via Software Services Partner) | March 2025 – August 2025 Delivered DORA readiness roadmap, established control ownership, and defined compliance metrics. Secured endorsement for DORA Implementation and Governance consultancy based on successful pilot delivery by Vice-President of CGI.

CALL TO ACTION

If your organisation is planning to achieve ISO 27001 certification, NIS2/DORA readiness, or secure multi-cloud transformation, I can help deliver these goals with confidence and measurable results.

Whether you need a CISM-certified Information Security Manager to strengthen governance and risk management, or an AWS Solutions Architect Professional to secure and optimise your cloud environments, I provide both executive advisory and hands-on technical delivery.

If you’re looking to build a compliant security program, secure your AWS workloads, or accelerate DevSecOps and GRC maturity, let’s discuss how I can align your roadmap to business outcomes, audit readiness, and long-term resilience.

CERTIFICATIONS

[ https://github.com/Mynkskhr/Thinkwerke/blob/main/Certifications.md ]