Open to opportunities

Nagendiran Balakrishnan

@nagendiranbalakrishn

Information Security Engineer leading security compliance, governance, and DevSecOps risk controls to help SaaS organizations scale safely.

India

Message

What I'm looking for

I’m looking for a challenging role in the information security space at a results-oriented company, applying my skills and experience to drive mutual growth through strong security/compliance ownership and measurable risk reduction.

I’m an Information Security Engineer who builds security and compliance programmes from the ground up—owning end-to-end information security and compliance strategy, governance, and roadmaps aligned with business objectives. I translate regulatory requirements (SOC 2, HIPAA DPA, GDPR) into actionable programmes with clear milestones, and I drive security risk assessments tailored to SaaS realities like cloud exposure, third-party integrations, and data residency.

I also operationalize security inside engineering through DevSecOps controls, including secret scanning for Bitbucket, GitHub secrets management, and in-house Docker image scanning—so compliance becomes part of development workflows. I lead customer-facing audit and RFP security assessments end-to-end, run security awareness initiatives, and have established programmes like a Bug Bounty (responsible disclosure and triage workflows) and Safebase (Drata) for customer preview, while leading a 3-person team and optimizing infosec budget.

Experience

Work history, roles, and key accomplishments

Current

Lead Security Engineer

Current

SurveySparrow Pvt Limited

Aug 2025 - Present (9 months)

Owned end-to-end information security and compliance strategy, building a compliance roadmap and governance framework aligned to SOC 2, HIPAA DPA, and GDPR. Led DevSecOps security controls (secret scanning, secrets management, Docker image scanning), established bug bounty and customer preview security programs, and coordinated customer security audits while leading a 3-person security team.

Security Governance SOC GDPR HIPAA Risk Assessment CSPM (Prowler)Bug Bounty Programs DevSecOps

Security Engineer II

FourKites India Pvt Limited

Jul 2018 - Aug 2024 (6 years 1 month)

Implemented SOC 2 Type II and ISO 27001/27018/27108 controls, including third-party vendor risk assessments and customer security clause reviews (RFP/RFQ, MSA/DPA). Led security testing (SAST/DAST), vulnerability assessments, IDS/IPS with Trend Micro Deep Security, Docker security hardening, and CSPM monitoring of cloud threats.

SOC II ISO 27001 Vulnerability Assessment SAST DAST IDS IPS (Deep Security)Docker Security

Information Security Analyst

Zoho India Pvt Limited

Dec 2017 - Jul 2018 (7 months)

Conducted data privacy assessments and supported GDPR operations, including privacy reviews during product design. Implemented ISMS aligned to ISO/IEC 27001:2013 and SOC 2 Type II (AICPA trust principles) and led internal/external audit programs with ongoing ISMS policy mapping.

ISO 27001 SOC II Security Awareness Training

Senior IT Security Analyst

SCB GBS Pvt Limited

Jan 2015 - Dec 2017 (2 years 11 months)

Owned information security compliance across OS and database systems and voice products against CIS standards, identifying risks, fixing gaps, and reducing security threats through continuous monitoring. Performed quarterly vulnerability scans and delivered risk advisory, while conducting periodic app/server security reviews to address noncompliance and improve security controls.

CIS Database Security Risk Advisory Compliance Audits Application Security