Summary
Overview
Work History
Education
Skills
Personal Information
Languages
Affiliations
Certification
Timeline
Generic
Sandeep Tukaram Shinde

Sandeep Tukaram Shinde

Information & Cyber Security Professional
Thane

Summary

Sandeep Shinde is currently working with Crowe Mak Technology – UAE. He is a highly experienced Information Security Professional with over 18 years of expertise in Information Assurance (IA) and Information Security Regulations (ISR) compliance, specializing in the UAE’s regulatory landscape. He has a deep understanding of aligning information security strategies with frameworks like the UAE National Information Assurance Framework (NIAF), Dubai ISR, Federal Decree Law No. 45 of 2021 on Personal Data Protection (PDPL), and PCI-DSS. His specialization also includes ISO 27001:2013, ISO 27017:2015, Trusted Partner Network (TPN), SOC 2, and IT General Controls (ITGC) audits. Sandeep’s career reflects his ability to plan, implement, and oversee security improvements that drive business growth and efficiency. He is recognized for fostering a collaborative work culture and empowering his team members. His ability to build and maintain relationships with diverse stakeholders in fast-paced environments has been key to his success. As a dedicated and organized professional, Sandeep is known for managing multiple priorities, working well under pressure, and adapting to new challenges. Sandeep has also held CISO roles for leading payment gateways, ensuring compliance with ISO 27001:2005, ISO 9001:2008, and PCI-DSS. His professional accreditations include CISA, CISM, ISO 27001:2013, CEH, CPISI, MCP, ITIL, HDNT, and DCM. Sandeep is now seeking new challenges in a growth-oriented company where he can continue to leverage his expertise in information security and technology governance.

Overview

23
23
years of professional experience
5
5
Certifications

Work History

Manager

Crowe Mak Technology
Dubai
05.2024 - 11.2024
  • Lead compliance initiatives for UAE clients under the National Information Assurance Framework (NIAF)
  • Provide consulting services for compliance with Dubai ISR
  • Assist organizations in aligning their security posture with UAE PDPL and Federal Decree Law No
  • 45 of 2021
  • Plan and conduct IT audits to assess the adequacy, effectiveness, and efficiency of IT systems and controls
  • Developed and refined IT policies and procedures for clients in alignment with UAE's National Information Assurance Framework (NIAF)
  • Develop and implement audit programs to evaluate IT infrastructure, applications, data management, security, and related processes
  • Perform risk assessments to identify high-risk areas and prioritize audit activities accordingly
  • Evaluate IT controls, policies, and procedures to ensure they comply with regulatory requirements and industry best practices
  • Assess the organization's IT governance framework and recommend improvements
  • Monitor compliance with established security standards and guidelines (e.g., ISO 27001, NIST)
  • Prepare detailed audit reports with findings, conclusions, and recommendations for improvement
  • Communicate audit results to management and stakeholders in a clear and concise manner
  • Document audit work and maintain comprehensive audit files for reference

Senior Manager

Prime Focus Technology
Mumbai
10.2021 - 03.2024
  • The main responsibility is to manage the Re-certification of Trusted Partner Network (TPN), ISO 27001:2013 and SOC2
  • Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Develop and enhance an information security management framework
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
  • Provide leadership to the enterprise's information security organization
  • Partner with business stakeholders across the company to raise awareness of risk management concerns

Associate Director

Haribhakti & Co. LLP.
04.2013 - 10.2021
  • Lead, plan, and perform operational audits and projects, including risk assessments, documenting processes and key controls, creating audit procedures to test the design and operating effectiveness of the key controls and reporting identified issues
  • Evaluates the audit team’s work
  • Actively participates in the training of new auditors
  • Leads the more complex audits and is directly involved in audit work that needs special attention because of the complexity or the risk
  • Coordinates and controls fieldwork according to the audit plan – assigns tasks, identifies aspects that require changes in the work, controls time and expenses and resolves questions
  • Ensures all relevant risks have been covered during the audits
  • Drafts audit reports
  • Testing & validation: Assess technology risk level enterprise-wide and determine adequacy of implemented controls
  • Validate implemented controls by designing and executing audit tests during system, application and IT process reviews
  • Communicate and document process and risk understanding and evaluation, including the identification of potential issues and improvements
  • Execute all audits in accordance with professional standards
  • Assists audit management in preparation & execution of the audit plan
  • Prepares Audit work program and understands the specific risks to be evaluated
  • Performs evaluation of internal controls, testing of processes
  • Performs reviews of major financial and operational processes
  • Perform detailed testing for information system integrity and transaction accuracy
  • Maintains clear work papers and audit trail of the work done in the appropriate tool
  • Write formal & clear reports to communicate audit results to management
  • Timely issuance of the audit reports
  • Follow-up recommendations issued timely and escalate when needed
  • Acquire knowledge on activities and risks during assignments and via training

Assistant Manager

Techprocess Solution Limited
04.2011 - 02.2013
  • Preparing and revising the ISO 9001:2008 and ISO 27001:2005 documents (Policy, Procedures, and Templates etc.)
  • Maintained all ISO/ISMS required documentation
  • Ensuring the compliance of all the processes as per the ISO 9001:2008 and ISO 27001:2005 standard
  • Conduct Risk assessment and risk treatment plan for entire organization
  • Preparing BCP plan and procedure
  • Preparing Audit schedules, Conducting Internal Audits, preparing audit reports, Writing Nonconformity reports
  • Preparing Management Review Meeting Schedule and conducting Management Review Meetings
  • Communicating to the Top Management on ISO 9001:2008 & ISO 27001:2005 issues / Non-conformity & Audit reports
  • SPOC for the various audit conducted by banks

Consultant

Financial Technology
07.2010 - 04.2011
  • System & Security Audit
  • Conduct vulnerability assessment for servers and application
  • Windows, Database Security compliance checks

Assistant Manager

BDO Consulting Pvt. Ltd.
04.2008 - 06.2010
  • Company Overview: CISO Function - Service bureau offering billers, banks and customers a comprehensive bill presentment, payment and management service
  • Facilitated for complying with Payment Card Industry Data Security Standards (PCI – DSS) and obtaining ISO 27001 compliance certification
  • Infrastructure Security Audit, Application Audit, Network Audit, Vulnerability Assessment and compliance testing of systematic control with respect to ISO 27001 security controls
  • TIPISA – Third party security assessments for more than 20 BPO, IT outsourcing and Healthcare consulting organizations on the basis of ISO 27001 framework
  • SOX testing for application and systems
  • Compliance audit as per guidelines of BSE/ NSE – IML / CTCL audit
  • Executed various assignments pertaining to understanding IT risk, understanding of control environment and testing operating effectiveness of implemented controls in accordance agreed upon procedures and industry best practices such as ISO 17799
  • These assignments have been for various industries like Services, Banks, Utility, and Manufacturing
  • Segregation of Duties (SOD) Analysis Review of roles and responsibilities as per organization's authorization matrix to ensure appropriate access to application
  • CISO Function - Service bureau offering billers, banks and customers a comprehensive bill presentment, payment and management service

System Administrator

Capgemini Consultancy (I) Pvt. Ltd.
02.2007 - 02.2008
  • In Capgemini being part of the operation team and my sole responsibility to manage to uptime of Wintel & Messaging infrastructure of our customer who is located globally
  • In Messaging & Wintel, I was handling Windows 2000, 2003 DC, Exchange 2003, and Right FAX server
  • Backup management & resolving issues related to Exchange Backup

System Administrator

Crystal Solution (I) Pvt. Ltd.
06.2006 - 02.2007
  • In Crystal Solution Sandeep been deputed to Tata Teleservices Maharashtra Limited (TTML) as a System administrator, being a part of the Server Admin team and my sole responsibility to manage uptime of Wintel & Messaging infrastructure of TTML and resolution of queries raised by the users and management

Asst. Manager

Kesari Tours Pvt. Ltd.
07.2001 - 04.2006
  • Heading the Facility system Management of 5 engineers including two team leaders for voice and data
  • Responsible for system and service availability
  • Responsible for Resolution time, Quality of serviced offered by service desk
  • Responsible for security of IT Infrastructure

Education

Bachelor of Science - IT

Sikkim Manipal University
India

Skills

Audit & Risk Management (ITGC, SOC 2, SWIFT, SOX)undefined

Personal Information

Date of birth: 05/02/79

Languages

English
Fluent
Hindi
Fluent
Marathi
Fluent

Affiliations

ISACA for CISA & CISM

Certification

ISACA - Certified Information System Auditor

Timeline

Manager

Crowe Mak Technology
05.2024 - 11.2024

ISACA - Certified Information Security Auditor

04-2022

Senior Manager

Prime Focus Technology
10.2021 - 03.2024

ISACA - Certified Information System Auditor

05-2018

Associate Director

Haribhakti & Co. LLP.
04.2013 - 10.2021

Assistant Manager

Techprocess Solution Limited
04.2011 - 02.2013

Consultant

Financial Technology
07.2010 - 04.2011

SISA - Certified Payment Industry Security Implementer - CPISI

04-2008

Assistant Manager

BDO Consulting Pvt. Ltd.
04.2008 - 06.2010

MCP - Microsoft Certified Professional

02-2008

ITIL - IT Infrastructure Library

01-2008

System Administrator

Capgemini Consultancy (I) Pvt. Ltd.
02.2007 - 02.2008

System Administrator

Crystal Solution (I) Pvt. Ltd.
06.2006 - 02.2007

Asst. Manager

Kesari Tours Pvt. Ltd.
07.2001 - 04.2006

Bachelor of Science - IT

Sikkim Manipal University

Similar Profiles

  • ASHU KUMAR

    ASHU KUMARASHU KUMAR

    Office assistant at Crowe Mak Consulting DMCCOffice assistant at Crowe Mak Consulting DMCC

    View Profile
  • Marcela Fillette

    Marcela FilletteMarcela Fillette

    Factory line worker at MAK Personnel requirements (agency)Factory line worker at MAK Personnel requirements (agency)

    View Profile
  • Vicki Turner

    Vicki TurnerVicki Turner

    HR Advisor at MAK Water & WTSHR Advisor at MAK Water & WTS

    View Profile
Sandeep Tukaram ShindeInformation & Cyber Security Professional