Open to opportunities

Nikunj Mehta

@nikunjmehta

Message

Information security leader driving compliance, risk reduction, and pragmatic security programs.

India

Message

What I'm looking for

I seek a senior security role where I can lead compliance and risk programs, drive SOC2/ISO27001 preparedness, mentor teams, and align security with business goals in a collaborative culture.

I am an accomplished information security leader with 12+ years of experience in risk management, VAPT, PCI DSS, GDPR, ISO 27001, SOC 2 and audit compliance. I blend technical hands-on skills with strategic program leadership to strengthen organizational security posture.

I have led SOC 2 readiness, ISO 27001 programs, PCI DSS assessments, VAPT initiatives and SIEM/EDR deployments across global operations. I deliver measurable outcomes through control gap remediation, compliance dashboards, KPIs and board-level reporting.

My technical toolkit includes network and application security testing tools and deep experience in incident response, third-party risk assessments and security architecture. I have managed and mentored security teams while balancing security requirements with cost and business priorities.

I am committed to building security-aware cultures through training, policy governance and cross-functional collaboration, acting as a trusted advisor to leadership and external auditors to achieve and maintain compliance.

Experience

Work history, roles, and key accomplishments

Current

IT Security & Compliance Manager

Current

Sodexo India Services Private Limited

Aug 2025 - Present (5 months)

Led design and continual improvement of IS&T compliance programs and owned SOC 2 readiness, audits, and remediation, establishing compliance dashboards and driving corrective actions for control gaps.

SOC ISO 27001 PCI DSS Compliance Reporting Risk Assessment Audit Management Dashboards Vendor Management

Information Security Freelancer

COMPLY Technologies

Jun 2022 - Aug 2025 (3 years 2 months)

Led organisation-wide cybersecurity programs as vCISO, owning ISO 27001, GDPR, PCI DSS, ITGC and SOC audit programs, VAPT, incident response planning and security product evaluations for multiple clients.

vCISO ISO 27001 GDPR PCI DSS Incident Response Security Roadmaps

Information Security Officer

Thomas Cook Pvt. Ltd.

Oct 2017 - Jun 2022 (4 years 8 months)

Developed and enforced security policies and coordinated PCI DSS, ISO 27001, ITGC and VA/PT audits while managing security product implementations, vendor evaluations and a team of security staff.

PCI DSS ISO 27001 ITGC Security Policy Team Management Security Awareness

Information Security Analyst

Magnamious Systems Pvt. Ltd.

Jun 2015 - Oct 2017 (2 years 4 months)

Managed security controls, risk assessments and vulnerability management, conducted assessments of applications and network devices and delivered prioritized remediation plans and training.

Vulnerability Management Risk Assessment Application Security Network Security Risk Remediation Plans Policy Updates

Information Security Analyst

Rudra Pvt. Ltd.

May 2013 - May 2015 (2 years)

Formalized security policies and procedures, conducted web application and network device assessments, prepared risk treatment plans and delivered end-user and contractor security awareness sessions.

Application Security Risk Policy Development Security Awareness Vulnerability Assessment