Vivek Kumar
Riyadh,Saudi Arabia
Summary
Data Privacy & Cybersecurity Governance Consultant with over 17 years of cross-industry expertise, specializing in Privacy Governance, Regulatory Compliance, and Risk Management. Masterfully implements and manages GDPR, PDPL, ISO 27701, HIPAA, and global privacy initiatives, alongside cybersecurity frameworks like ISO 27001, PCI DSS, SOC 1/2, SAMA and NCA ECC. Demonstrates a proven track record in conducting enterprise-wide risk assessments, orchestrating business continuity planning, executing ISMS audits, and spearheading security awareness programs, enabling organizations to achieve measurable compliance and fortify data protection resilience.
Overview
17
17
years of professional experience
6
6
Certification
Work history
Sr. Data Privacy Consultant Data Privacy Practice
Capco (Wipro)
Riyadh, Saudi Arabia
01.2025 - Current
- Led comprehensive privacy governance programmes, ensuring compliance with GDPR and PDPL.
- Developed tailored DPIA methodology based on organisational risk appetite and regulatory standards.
- Conducted DPIAs for high-risk activities including AI projects and HR systems.
- Defined and implemented organisation-wide privacy strategy aligned with business objectives.
- Established Privacy Operating Model, including policies, standards, procedures, and KPIs.
- Facilitated training sessions for employees and leadership to raise privacy awareness.
- Operationalised PDPL requirements across HR, IT, and business processes.
- Drafted privacy notices and consent management frameworks to support cross-border transfers.
Senior Data Privacy and Cybersecurity Consultant
Cyberum Protection
Riyadh, saudi arabia
01.2024 - 01.2025
- Led end-to-end privacy governance programs, ensuring compliance with global and local regulations such as GDPR and PDPL.
- Developed DPIA methodology tailored to organizational risk appetite and regulatory standards.
- Conducted DPIAs for high-risk processing activities (AI projects, HR systems, marketing platforms).
- Defined and rolled out the organization-wide privacy strategy aligned with business goals.
- Established a Privacy Operating Model (policies, standards, procedures, and KPIs).
- Conducted training/awareness sessions for employees and leadership teams.
- Interpreted and operationalized PDPL requirements across HR, IT, and business processes.
- Drafted privacy notices, consent management frameworks, and cross-border transfer protocols.
- Worked with compliance and legal to integrate PDPL obligations into contracts and vendor management.
- Developed unified control framework to streamline client requirements for regulations and standards.
- Worked on NCA ECC, SAMA, CMA, PDPL regulations and frameworks to support customer based on the desired engagement
- Implemented robust cybersecurity strategies tailored to specific client needs.
- Collaborated with Sales to qualify opportunities and prioritize engagements.
- Advised clients on best practices for securing digital infrastructure.
- Responded to RFI/RFPs and client audit questionnaires on information security.
Sr. Manager – Global Information Security
Tata Communications Limited
Delhi, India
01.2022 - 01.2024
- Conducted GDPR & PDPB readiness assessments for a leading FMCG, mapping compliance gaps.
- Executed external audit support including ISO 27001 and Account Specific requirements.
- Created a control framework streamlining client regulations and guidelines across standards.
- Managed Cyber Maturity Assessments, enhancing organizational security posture.
- Led DOT Audits as External Auditor, maintaining adherence to industry regulations.
- Implemented comprehensive Cyber Security Awareness Programs across the organization.
- Developed tailored methodologies for Data Privacy Impact Assessments aligned with risk appetite.
- Established effective Privacy Operating Model with relevant policies and KPIs.
Consultant- Information Security, BCMS, Cyber Security, Governance Risk and Compliance & Data Privacy
HCL Technologies Ltd
11.2019 - 11.2022
- Managing Information Security and Governance Projects and Teams.
- Implemented the Business Continuity Management System using best practices and frameworks such as ISO 22301/Enterprise Risk Management for customers as a part of deliverables.
- Also responsible for designing and sustaining Information Security Framework ISO 27001 Standard.
- Responsible for drafting/documenting policies, procedures, and mandatory documents
- Conducted organization-wide Cyber Security Awareness Programs like classroom-based training, platform-based campaigns, Phishing Simulation, etc.
- Document and collate the inputs for Threat assessment, BIA & RA and the creation of BC plans based on the recovery strategies.
- Conducted various audits such as internal Enterprise Compliance audits, Infrastructure audits, etc. on ISO 27001, PCI DSS, and Cobit5 framework.
- Reviewing information security policies, Incident Response Plans, Change Management, and Vulnerability Management.
- Conducting Cyber Risk Assessments
- Led ISO 27701 certification roadmap for European customer, embedding RoPA, DPIAs, and staff training.
- Governance risk framework development and review.
Manager- Information Security Group
EXL Services
06.2019 - 11.2019
- Worked with external vendors and clients for enterprise-wide planning.
- Facilitated Business Impact Analysis documentation, information gathering, and publishing of final report and presentation to senior management.
- Implementing Cyber Security Program to mature Cyber Resilience through alignment with the NIST Cyber Security Framework.
- Developed and implemented a comprehensive Continuity of Operations Plan for a highly complex client organization by consulting with all departments ensuring critical functions were maintained and a smooth transition for off-site operations during both short- and long-term business disruptions.
- Participating in different client visits to help them understand the BCP strategy.
- Reviewing the different BCP, BIA, and testing documents regularly.
- Managing EXL’s Business & Supplier Information Risk Management (IRM), Technical Risk Assessment (TRA) covering all global footprints.
Assistant Manager- Quality Assurance Group
R Systems International Limited
04.2016 - 06.2019
- Managed information security and governance projects, including PCI DSS and HIPAA implementations.
- Conducted vulnerability assessments and penetration testing on internal devices and servers.
- Executed organisation-wide Information Security and Cyber Security Awareness Programs using Knowbe4 and Cofense.
- Performed internal audits for ISMS to ensure compliance with policies and procedures.
- Oversaw external audits for information security projects, ensuring adherence to standards.
- Served as single point of contact for all ISMS-related activities at organisational level.
- Engaged in tabletop exercises and simulations to evaluate incident response capabilities.
- Reviewed information security policies and incident response plans to enhance risk management.
Consultant
Paladion Networks Pvt Ltd.
Delhi, India
09.2015 - 10.2016
Oversaw information security projects, focusing on PCI DSS and ISO 27001 implementation.
Completed comprehensive PCI DSS scope and gap assessments to mitigate risks.
Implemented robust security frameworks in line with PCI DSS and ISO 27001 standards.
Led risk assessments to identify and address potential security threats.
Formulated business continuity strategies for organisational stability during disruptions.
Conducted business impact analyses to ascertain resource dependencies.
Senior Analyst- Information Security
R Systems International Ltd.
Noida, India
11.2013 - 09.2015
- Specialize in managing security governance projects, compliance frameworks including PCI DSS, HIPAA, SOC 1/2, ISMS, risk assessments, BCP/DR, and internal audits.
- Information Security Consultant with expertise in managing security governance projects, compliance frameworks (PCI DSS, HIPAA, SOC 1/2, ISMS), risk assessments, BCP/DR, and internal audits.
- Skilled in leading awareness programs, phishing simulations, VAPT, incident analysis, and SOC reviews. Act as SPOC for ISMS activities, ensuring compliance, security controls, and organizational resilience.
Senior Consultant & Project Manager
Paladion Networks Pvt. Ltd.
Malaysia, Doha- Qatar, Delhi
06.2012 - 11.2013
- PCI DSS Scope and Gap Assessment, PCI DSS Implementation, ISO 27001 Implementation, Risk Assessment, Business Continuity Planning, Business Impact Analysis.
- Vulnerability Assessment and Penetration Testing of devices and servers. (Internal).
- Configuration Reviews, log analysis, Security Incident analysis, etc.
- Reviewing information security policies, incident response plans, change management, and vulnerability management as they apply to the infrastructure in scope.
- Major Projects undertaken: Petroleum Industry (Petronas) - Kuala Lumpur, Malaysia: PCI DSS Scope and Gap Assessment, PCI DSS Implementation
- Petroleum Industry (Muntajat- Middle East) – Doha, Qatar: ISO 27001, ISO 22301, ISO 20000, ISO 9001 Implementation, Internal Audit for Integrated Management System.
- Leading Investment Firm (Qinvest- Middle East)- Doha, Qatar: ISO 27001, ISO 22301 Implementation followed by facilitating Internal Audit and External Audit
Senior Analyst
HCL Technologies Ltd
12.2010 - 06.2012
- Managed information security governance projects and compliance frameworks (PCI DSS, HIPAA, SOC 1/2, ISMS), including risk assessments, BCP/DR, and internal audits.
- Led organization-wide security awareness programs, phishing simulations, and trainings using platforms like KnowBe4 and Cofense.
- Conducted VAPT, incident analysis, SOC/data center reviews, and internal/external audit handling; acted as SPOC for ISMS activities.
- Performed configuration reviews, log analysis, tabletop simulations, and reviewed IS policies, IR plans, and vulnerability/change management.
Quality Auditor Operations
IQOR India Pvt. Ltd
06.2009 - 12.2010
- Worked on multiple software (legacy systems) based on leading OHIO bank.
- Interaction with clients comprising all detailed bank data uploaded into the respective systems and research for different sub-legacy systems.
- Database Management on Oracle11i for Ohio bank services.
- Daily/Weekly/Monthly reports preparation and review with customers.
Education
Post Graduate Diploma - Cyber Law
NLIU
Bachelor of Technology - Electronics and Communications
UPTU (Skyline Institute of Engineering and Technology)
Skills
- Data Privacy Governance
- Cyber Security Governance
- DSAR ( Data Subject Access Request )
- Governance Strategy
- Privacy Risk Management ( NIST )
- Incident Response Management
- DPIA & Data Mapping
- Regulatory Compliance
- Cyber Risk Management
- Executive Advisory
- Project Management
Certification
- CIPP/E- 000745121I
- CIPM- 000745121I
- CRISC Certified (ISACA - V124646455)
- CISM Certified (ISACA- V88324163)
- ISO 27001 Lead Auditor Certified
- ISO 27001 Lead Implementer Certified
- ITIL V3 Certified (EXIN)
- Boot camps: CISSP, CCSP, ISO 22301
Languages
English
Fluent
Affiliations
- Travelling
- Reading Blogs
- Cricket
Timeline
Sr. Data Privacy Consultant Data Privacy Practice
Capco (Wipro)
01.2025 - Current
Senior Data Privacy and Cybersecurity Consultant
Cyberum Protection
01.2024 - 01.2025
Sr. Manager – Global Information Security
Tata Communications Limited
01.2022 - 01.2024
Consultant- Information Security, BCMS, Cyber Security, Governance Risk and Compliance & Data Privacy
HCL Technologies Ltd
11.2019 - 11.2022
Manager- Information Security Group
EXL Services
06.2019 - 11.2019
Assistant Manager- Quality Assurance Group
R Systems International Limited
04.2016 - 06.2019
Consultant
Paladion Networks Pvt Ltd.
09.2015 - 10.2016
Senior Analyst- Information Security
R Systems International Ltd.
11.2013 - 09.2015
Senior Consultant & Project Manager
Paladion Networks Pvt. Ltd.
06.2012 - 11.2013
Senior Analyst
HCL Technologies Ltd
12.2010 - 06.2012
Quality Auditor Operations
IQOR India Pvt. Ltd
06.2009 - 12.2010
Bachelor of Technology - Electronics and Communications
UPTU (Skyline Institute of Engineering and Technology)
Post Graduate Diploma - Cyber Law
NLIU