Open to opportunities

ABHILASH GUJAR

@abhilashgujar

Information Security & GRC leader transforming regulatory requirements into scalable, engineering-friendly security controls.

France

Message

What I'm looking for

I’m looking to lead security compliance and digital operational resilience in fast-moving, cloud/SaaS environments—turning regulation into pragmatic controls, strengthening third-party risk, and partnering with Engineering to deliver measurable risk reduction.

I’m an Information Security & GRC leader with 15+ years of experience building and maturing security compliance, digital operational resilience, and ICT risk frameworks across multinational, cloud-native, and highly regulated environments. I turn regulatory requirements into practical, scalable, and engineering-friendly controls that teams can actually run.

I’m an expert in ISO 27001, DORA, GDPR, NIS2, SOC 2, and EU regulatory frameworks, and I’ve consistently partnered with Engineering, Risk, Internal Audit, and senior leadership to embed secure-by-design and resilience-by-design principles. I focus on translating governance into clear policies, standards, and control designs that reduce ambiguity and drive measurable outcomes.

Hands-on, I lead audit programs and evidence management, build risk registers, and define KRIs/KPIs for security performance. I also run ICT third-party risk management—due diligence, contracts, monitoring, and exit strategies—and manage incident reporting and regulatory notifications with a compliance-first, pragmatism-forward mindset.

In my recent roles, I’ve strengthened ISO 27001 and NIST-aligned governance frameworks for cloud and AI-driven environments, coordinated internal/external audits, and introduced continuous control monitoring to reduce findings. I’ve also been recognized with “Star in the Box” for exceptional leadership in regional audit and compliance, and an International Remediation Recognition for improving security posture and regulatory alignment.

Experience

Work history, roles, and key accomplishments

Current

Security Advisor (GRC)

Current

Nativis

Apr 2026 - Present (2 months)

Provide security governance, compliance, and advisory to help business owners identify vulnerabilities across their digital footprint and AI stack before they are exploited. Support assessment and control thinking aligned to regulatory expectations for early risk detection.

GRC Advisory AI Risk Management Security Assessments Policy And Control Guidance

InfoSec & GRC Lead

Cyber Agentic AI

Apr 2025 - Apr 2026 (1 year)

Led independent security governance and compliance advisory for cloud and SaaS environments, including ISO 27001 and NIST-aligned control framework work. Partnered with Engineering and Risk teams to embed secure-by-design and resilience-by-design principles while preparing for audits and regulatory reporting.

ISO 27001 Gap Analysis Security By Design ICT Risk Assessments And KRIs KPIs

Security Risk Manager

AXA Group Operations

Dec 2022 - Mar 2025 (2 years 3 months)

Transformed enterprise cyber security risk management across 15+ countries and improved compliance operations aligned to ISO 27001 and EU regulatory expectations. Centralized evidence management and introduced continuous control monitoring, reducing audit findings by 30%, while supporting third-party risk assessments and audit remediation closures.

Enterprise Risk Management Continuous Control Monitoring Third Party Risk Management Evidence Management

Information Security & Risk

Prium Consultancy

Feb 2020 - Dec 2022 (2 years 10 months)

Led security governance and compliance engagements for large international clients across Europe and the Middle East, translating ISO 27001, GDPR, and NIST requirements into engineering-friendly guidance. Coordinated penetration testing, assessed risk severity, and supported audit preparation through evidence management and regulatory alignment.

GDPR Compliance Security Governance Audit Preparation Evidence Management

Lead - InfoSec & Risk

First Abu Dhabi Bank

Oct 2014 - Jan 2020 (5 years 3 months)

Managed regional security governance, risk, and compliance across 11 countries spanning Europe, the US, the UK, and the Middle East. Supported ISO 27001 control deployment and audit remediation while reporting risk posture and compliance status to IT management and risk committees.

Regional Security Governance Security Risk Management ISO 27001 Audit Remediation Compliance Reporting Stakeholder Management

Senior Security Analyst

National Bank of Abu Dhabi

Oct 2012 - Oct 2014 (2 years)

Strengthened cybersecurity GRC across group entities by coordinating regulatory compliance assessments and driving audit remediation. Reported cybersecurity risk posture to IT management and risk committees while ensuring alignment with varying regional regulatory requirements.

Cybersecurity GRC Compliance Assessments Audit Remediation Risk Posture Reporting Security Risk Assessment

Assistant Manager - IS Auditor

Serco Global Services

Oct 2010 - Oct 2012 (2 years)

Optimized audit processes for a global services organization serving 130,000+ users, reducing compliance violations by 30% and cutting audit costs by 15%. Implemented comprehensive data classification policies to improve data management efficiency by 30%.

Compliance Management Data Governance Audit Cost Reduction Compliance Violation Reduction

Senior Information Security Consultant

Vista Infosec

Nov 2007 - Sep 2012 (4 years 10 months)

Designed and implemented security architecture for banking infrastructure and deployed core security technologies across clients. Implemented IDS/IPS, WAF, firewalls, and DLP to enhance overall security posture for banking-sector engagements.

Security Architecture

Education

Degrees, certifications, and relevant coursework

University of Mumbai

Bachelor of Engineering, Electronics & Telecommunication Engineering

Completed a B.E. in Electronics & Telecommunication Engineering from the University of Mumbai. Built a foundation in engineering principles relevant to telecommunications and electronic systems.