Open to opportunities

Dhiraj Likhitkar

@dhirajlikhitkar

Cyber security leader specializing in GRC, cyber risk assessment, and security architecture across EU-regulated environments.

India

Message

What I'm looking for

I’m looking to lead cyber security governance and risk work in EU-regulated environments—owning cyber risk assessment, security architecture and TPRM, driving measurable control improvements, and enabling secure digital transformation with strong teams.

I’m a cyber security leader with 10+ years delivering governance, risk and compliance programmes across complex organizations like H&M Group, Deutsche Bank, Cognizant and Atos. I combine strategic oversight with technical credibility to drive secure transformation, with hands-on grounding in EU regulatory environments and practical expertise across ISO 27001, NIS2, DORA, NIST CSF and GDPR.

In my current role at H&M Group, I lead enterprise-wide cyber risk assessments, designed and implemented ISO 27001/NIST-aligned controls, and advise business and technology leadership on security architecture, data protection and GDPR compliance. I’ve also delivered measurable outcomes—cutting security review cycle time by 20% through standardized templates, and reducing third-party risk exposure by 30% using OneTrust for TPRM. Previously, I supported ISO 27001 certification readiness, embedded secure-by-design across cloud adoption, reduced critical vulnerabilities by 95% in 30 days for US healthcare clients, and built DLP and vulnerability management programmes from the ground up.

Experience

Work history, roles, and key accomplishments

Current

Senior Cyber Security Advisor

Current

H&M Group

Oct 2025 - Present (8 months)

Conducted enterprise-wide cyber risk assessments and built risk treatment strategies to strengthen the organization’s security posture. Designed controls aligned with ISO 27001 and NIST CSF, reduced security review cycle time by 20%, and lowered third-party risk exposure by 30% through OneTrust-facilitated TPRM.

ISO 27001 NIST CSF GDPR Compliance Security Architecture OneTrust

Senior Security Advisor

Aqilea

Oct 2024 - Oct 2025 (1 year)

Provided cybersecurity advisory to EU operating leadership on governance, risk, and regulatory compliance. Established security policies and control frameworks, supported ISO 27001 certification readiness, and embedded security-by-design across business and cloud initiatives.

Cybersecurity Governance Risk And Compliance ISO 27001 Security By Design Stakeholder Engagement

Senior Security Analyst

Dynamisch IT Pvt Ltd

Apr 2023 - Oct 2024 (1 year 6 months)

Delivered security consultancy for US healthcare clients, driving compliance with HIPAA, SOC 2 Type 2, ISO 27001, and GDPR. Strengthened AWS security posture, integrated security into CI/CD with DevOps, and reduced critical vulnerabilities by 95% within 30 days.

HIPAA ISO 27001 GDPR AWS Security CI CD Security Vulnerability Management GRC Process Optimization

Cyber Security Consultant

Deutsche Bank

Sep 2022 - Apr 2023 (7 months)

Ensured application adherence to IT security policies and standards including NIST, GDPR, and ISO 27001. Led an ISO 27001 rollout and a cross-department vulnerability management initiative to streamline remediation timelines and improve accountability.

NIST GDPR ISO 27001 Vulnerability Management Security Policies Audit Management

Cyber Security Consultant

Atos

Apr 2021 - Aug 2022 (1 year 4 months)

Designed and enforced DLP solutions that reduced data leakage incidents by 25% within six months. Implemented access control policies to decrease unauthorised access attempts by 20% and built vulnerability management and a GRC framework from the ground up.

DLP Access Control Vulnerability Management Security Governance Audit Readiness

Security Specialist

Cognizant Technology Solutions

Jun 2019 - Apr 2021 (1 year 10 months)

Evaluated third-party security postures to identify compliance gaps and deliver actionable risk mitigation strategies. Developed cybersecurity risk acceptance and treatment frameworks and led critical infrastructure and application risk assessment projects for enterprise clients.

Security Assessments Cybersecurity Assessments Risk Mitigation Risk Frameworks Critical Infrastructure Risk Risk Applications

Software Security Engineer

Value Labs

Jan 2018 - Jun 2019 (1 year 5 months)

Performed application security assessments and vulnerability reviews, identifying and remediating software risks across multiple products. Integrated security into the SDLC, improved secure coding standards and review processes, and reduced recurring vulnerability patterns.

Application Security Testing Vulnerability Remediation Secure Coding Security Reviews Security Awareness Code Level Vulnerability Reduction

Junior Software Security Engineer

SecurView (Gruve)

May 2015 - Jan 2018 (2 years 8 months)

Conducted security assessments and compliance checks for client-facing applications across multiple industry verticals. Supported GRC activities including risk assessments, security documentation, and audit preparation to strengthen compliance outcomes.

Security Assessments Compliance Vulnerability Management Risk Assessment Security Documents Audit Preparation Regulatory Compliance