Skip to main content
HimalayasHimalayas logo
Varun CPVC
Open to opportunities

Varun CP

@varuncp

Information Security & GRC Lead driving cloud security, ISO/SOC compliance, and automated risk response.

India
Message

What I'm looking for

I’m looking for a role where I can own cloud-native security and GRC end-to-end—building ISO/SOC readiness, strengthening TPRM, and using automation to cut audit and vulnerability cycles while partnering confidently with regulators and stakeholders.

I’m an Information Security & GRC professional with 7+ years driving security, risk, and compliance across fintech, banking, and IT services. I currently lead end-to-end infosec for a cloud-native fintech, owning cloud security, ISO 27001:2022, SOC 2 Type 2, RBI SAR Data Localization, and CICRA—while serving as the single infosec owner for execution and audit readiness.

I’ve delivered measurable outcomes through AI/ML-driven automation, including reducing MTTR from 30 days to 7 days (~75% reduction) and cutting client questionnaire/RFQ turnaround from 1 week to 3 days, closing 100+ RFQs and 10+ external client audits. My approach balances hands-on technical depth (AWS security posture, IAM, KMS, WAF, ASPM, SIEM/EDR, incident response) with disciplined GRC program leadership (policy lifecycle, risk registers, KRIs, control assurance) and proactive regulatory engagement with banks, auditors, and regulators.

Experience

Work history, roles, and key accomplishments

BU
Current

Senior Security Engineer

BureauID

Aug 2024 - Present (1 year 9 months)

Owned the end-to-end information security function for a cloud-native fintech (80–150 employees), covering cloud security, GRC, IAM, third-party risk, vulnerability management, and incident response on AWS. Drove ISO 27001:2022, SOC 2 Type 2, CICRA, and RBI SAR Data Localization, reducing MTTR from 30 days to 7 days (~75%) and cutting client questionnaire/RFQ turnaround from 1 week to 3 days.

ISO 27001RBI SAR Data LocalizationVulnerability ManagementThird Party Risk ManagementIncident ResponseWAF
InMobi logoIN

Senior Information Security Analyst

InMobi

Jun 2023 - Jul 2024 (1 year 1 month)

Led InMobi’s ISO 27001:2022 certification for a primary business unit by owning scope definition, gap assessment, control implementation, and external audit facilitation. Managed third-party risk for 20+ critical vendors, including due diligence, evidence review, contractual security clauses, and ongoing monitoring.

ISO 27001GRCThird Party Risk ManagementControl ImplementationRisk Exception Governance
SLK Software logoSS

Enterprise Risk & Compliance Engineer

SLK Software

Mar 2021 - Jun 2023 (2 years 3 months)

Built a new information security function for a greenfield incubation entity by drafting policies, onboarding resources, and mirroring parent controls. Served as interim Information Security Head/acting CISO for 6 months, led a team of 4, and deployed Forescout NAC across 400+ endpoints to establish posture-based visibility and admission control.

Network Access ControlTeam Leadership
AC

Associate Consultant

Aujas Cybersecurity

Mar 2020 - Apr 2021 (1 year 1 month)

Embedded as a security engineer at a small finance bank, implementing IAM, PIM, and PAM solutions across critical banking systems. Increased privileged access coverage from 60% to 100%, automated SSH/admin key rotation across 90+ Windows and Linux servers, and managed incident response end-to-end with audit evidence packs.

Identity & Access ManagementSSH Key Rotation AutomationIncident ResponseWindows AdministrationLinux Server Support
VS

System Administrator

Valuepoint Systems

Dec 2018 - Jun 2019 (6 months)

Provided endpoint, OS, and application troubleshooting while supporting Windows administration and day-to-day IT operations. Ensured timely resolution of operational issues to support business continuity.

Windows AdministrationApplication SupportIT Operations

Education

Degrees, certifications, and relevant coursework

REVA University logoRU

REVA University

Master of Technology, Cybersecurity

Completed a Master of Technology in Cybersecurity at REVA University. Thesis: “Automation of Server Security Assessment” (published, IEEE I4C 2022).

GC

Government Engineering College, Chamarajanagar

Bachelor of Engineering

Earned a Bachelor of Engineering from Government Engineering College, Chamarajanagar.

Tech stack

Software and tools used professionally

AWS IAM logo

AWS IAM

GitHub logo

GitHub

Gmail logo

Gmail

Slack logo

Slack

Jira logo

Jira

Python logo

Python

Linux logo

Linux

Windows logo

Windows

Confluence logo

Confluence

Docker logo

Docker

Root Cause logo

Root Cause

Amazon Web Services (AWS) logo

Amazon Web Services (AWS)

Evidence logo

Evidence

Wazuh logo

Wazuh

Fresh logo

Fresh

SentinelOne logo

SentinelOne

Availability

Open to opportunities

Location

India

Authorized to work in

India

Salary expectations

90k-160k USD

Social media

Varun CP's LinkedIn

Job categories

Security EngineerCloud Security EngineerSecurity Operations EngineerSecurity AnalystSecurity Architect

Skills

ISO 27001RBI CSFRBI SAR Data LocalizationMASPolicy LifecycleRisk RegisterKRIsAWS IAMAWS KMSWAFAI ML Driven Vulnerability TriageVulnerability ManagementGovernment Audit WorkflowsPIMPAMRBACIncident ResponseSIEM Analysis (QRadar)Third Party Risk ManagementDue DiligenceContinuous Control MonitoringNetwork Access VisibilitySD WANRoot Cause AnalysisEvidenceFreshGmailLinuxRoot CauseSentinelOneWazuhWindows

Interested in hiring Varun?

You can contact Varun and 90k+ other talented remote workers on Himalayas.

Message Varun

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan