CISSP (Ongoing) CRISC (ISACA) CRTP (Red Team) ISO 27001 LI CEH

Abhishek Pandey GRC & BFSI Cybersecurity Specialist

Deputy Manager at Deloitte India specializing in banking compliance, risk governance, and software supply chain security frameworks. Leveraging automation, RBI master directions gap audits, and red teaming credentials to protect multi-national banking infrastructures.

Assess Risk Maturity Hire Consultant
$60K+
Project Val. Led
1,000+
Vulnerabilities Found
50K+
CID Victims Aided
98%
Audit Automation
Abhishek Pandey - Cybersecurity Consultant

Professional Experience

January 2026 - Present

Deputy Manager

Deloitte India (Mumbai, IN)
  • Regulatory Gap Assessment: Lead comprehensive cybersecurity compliance audits aligning banking core IT infrastructure with **RBI MD ITGRCA 2023** (IT Governance, Risk, Controls, and Assurance) and **RBI MD IT Outsourcing** guidelines.
  • CBOM & SBOM Frameworks: Design and deploy structured governance frameworks for Cybersecurity Bill of Materials (CBOM) and Software Bill of Materials (SBOM) to secure the software supply chain across critical BFSI platforms.
  • Risk & Maturity Valuations: Direct specialized security risk assessments, threat modeling, and control maturity audits for major cooperative and public sector banks, delivering actionable remediation roadmaps to executive leadership.
Dec 2021 - April 2026

Consultant - C2

Ernst & Young LLP (Mumbai, IN)
  • Team Leadership & Project Delivery: Led teams delivering cybersecurity projects valued at $60,000 across multiple organizations, executing 25 distinct security activities per project with high client satisfaction.
  • BFSI & Enterprise GRC: Managed comprehensive cybersecurity portfolios covering DLP, Risk Assessment, Web Application Firewalls (WAF), and general compliance checks.
  • Program Maturity: Completed eight Cybersecurity Program Maturity (CPM) audits across 5 domains, validating alignment with strict industry and privacy regulations.
  • Risk Assessment & Modeling: Executed Third-Party Risk Assessments (TPRA) for critical external partners, establishing key risk metrics (KPIs, KCIs, KRIs) to strengthen resilience.
  • Offensive Testing & Auditing: Conducted SOC attack simulations and performed thorough configuration reviews (Windows, Linux, Cisco network switches, routers, and firewalls).
  • Automation: Designed custom openpyxl Python automation scripts to replace manual device config audits, enhancing efficiency by 98% and winning the EY Client Extraordinaire Award (2024).
  • Incident Response: Managed response efforts for ransomware attacks and phishing incidents, mitigating exposure and coordinating restoration of compromised endpoints.
Jan 2021 - Dec 2021

Cyber Security Engineer

CyberSmithSECURE Pvt. Ltd. (Mumbai, IN)
  • BFSI Bank VAPT: Led a major Vulnerability Assessment and Penetration Testing (VAPT) engagement for a large international bank, discovering 1,000+ vulnerabilities (with 10+ critical gaps) while maintaining an exceptional false-positive rate of 0.02%.
  • Mumbai CID Digital Forensics: Supported Mumbai CID during a high-profile, cross-border digital forensics job fraud investigation affecting 40+ countries and 50,000 victims, resulting in the recovery of $250,000 and direct appreciation from the DCP.
  • Threat Hunting & Social Engineering: Conducted proactive network threat hunting and simulated phishing exercises to evaluate staff awareness and reinforce email security.
  • Technical Training: Created and delivered internal training modules on the Cyber Kill Chain, Open Source Intelligence (OSINT), Google Dorking, and Threat Intelligence.
Jun 2020 - Dec 2020

Associate Developer

Synergy Infotech (Pune, IN)
  • Secure Web Development: Designed, developed, and maintained responsive websites utilizing HTML, CSS, and JavaScript.
  • Security Best Practices: Implemented basic security filters on input fields, sanitizing queries to protect against SQL injections and Cross-Site Scripting (XSS).

Governance & Technical Credentials

Bridging the gap between strict regulatory frameworks and deep technical security controls. Click cards to reveal detail parameters.

CISSP
(ISC)²
Ongoing / Prep
Certified Information Systems Security Professional
  • Security and Risk Management
  • Asset Security & Security Architecture
  • Communication & Network Security
  • Identity & Access Management (IAM)
  • Security Assessment and Testing
CRISC
ISACA
Score: 558
Certified in Risk & Information Systems Control
  • Enterprise Risk Identification & Assessment
  • Risk Response & Mitigation strategies
  • Information Security Control monitoring
  • Risk-aware corporate decision framework
CRTP
Pentester Academy
Active Directory
Certified Red Team Professional
  • Active Directory Infrastructure Attack
  • Kerberos attacks & abuse methods
  • Domain admin privilege escalation
  • Bypassing modern endpoint security
ISO 27001 LI
PECB / Exemplar Global
Lead Implementer
ISO/IEC 27001 Lead Implementer
  • Designing & implementing ISMS policies
  • Conducting compliance gap analyses
  • Annex A security controls deployment
  • Leading audit readiness checks
CEH v10
EC-Council
Score: 94.4%
Certified Ethical Hacker
  • System hacking & scanning networks
  • Vulnerability analysis methodology
  • Malware threat modeling
  • Web application penetration testing
MTA 98-367
Microsoft
Fundamentals
Security Fundamentals
  • Understanding security layers
  • Operating system security configs
  • Network security topologies
  • Active directory policy mapping

BFSI Cybersecurity GRC Simulator

Assess your organization's risk profile using our improved controls analyzer, based on RBI Master Directions & GRC frameworks.

Cisco Config Auditor

Network device compliance analyzer v2.0 is undergoing active development and policy integration.

85% COMPLETE - COMING SOON

BFSI Risk Scorecard Dashboard

ACTIVE COMPLIANCE NODE
This diagnostic evaluates compliance safeguards against RBI MD ITGRCA 2023, SBOM/CBOM frameworks, and ISO 27001 guidelines.

Q1: Identity and Access Management

Step 1 of 5

Articles & Publications

Sharing domain insights on cyber law, financial security compliance, and script automation.

Published Work

BFSI Security Digest March 2025

Securing Core Banking Systems: A GRC Implementation Strategy

A comprehensive guide on deploying Annex A controls and CRISC frameworks to secure legacy core banking databases against remote threat vectors.

Read Publication
EY Cyber Insights July 2024

The 98% Automation Leap: Cisco Configuration Audits at Scale

Technical analysis of leveraging Python openpyxl scripts to automate network compliance audits, reducing manual overhead for EY clients.

Read Publication
Indian Cyber Law Review November 2021

Tracking Transnational Crime: Tracing Forensics in 40 Countries

A case study analysis on cross-border job fraud forensics, detailing electronic evidence collection and coordination with international police agencies.

Read Publication

Technical Insights

Medium / Cyber Security January 2026

Active Directory Forest Security: A CRTP's Guide to Domain Containment

Practical defense guide outlining delegation abuse mitigations, tier administration setups, and Kerberoasting threat monitoring inside Active Directory.

Read Insight
LinkedIn Articles September 2025

Third-Party Risk Assessments (TPRA) in BFSI: A Compliance Blueprint

Establishing structured vendor onboarding security checklists, aligning risk scoring with business impact, and designing KPIs/KRIs.

Read Insight
GRC Technical Board May 2025

Threat Hunting IOCs: Building a Standardized Lifecycle Management Policy

Explaining how to manage IOC expiration dates, false positive feedback loops, and SIEM rule updates in high-volume Security Operation Centers.

Read Insight

Forensics & Mitigation Case Studies

Real-world scenarios detailing crisis management, intelligence-driven analysis, and complex problem resolution.

Forensics DCP Apprec.

Cross-Border Job Fraud Investigation

Supported Mumbai CID during a global investigation tracking cybercriminals operating across 40 countries. Used advanced OSINT, digital footprints analysis, and network packet forensics to trace syndicates defrauding over 50,000 victims.

$250,000
Funds Recovered
50,000+
Victims Protected
VAPT International Bank

BFSI Vulnerability Assessment

Led a massive penetration test engagement for a global financial institution. Discovered over 1,000 vulnerabilities (10+ critical logic exploits in fund transfer modules) with a near-zero false positive rate of 0.02%, preventing major operational and financial risk.

1,000+
Flaws Identifed
0.02%
False Positives
Incident Response EY Emergency

Ransomware Containment & Forensics

Spearheaded containment, isolation, and digital forensics during two concurrent active ransomware attacks at an enterprise client. Successfully minimized threat propagation, reverse-engineered malware attack vectors, and safeguarded critical backups.

2 Attacks
Fully Neutralized
Zero
Data Loss / Ransom Paid

Cyber Security Capability Matrix

GRC & Governance

ITGRCA RBI MD 2023 RBI MD IT Outsourcing SBOM & CBOM Frameworks Risk Assessments ISO 27001:2022 ISMS TPRA CPM Audits KPI / KCI / KRI Mapping

Offensive Security

Red Teaming Active Directory Attack VAPT Attack Simulation Threat Hunting Social Engineering OSINT / Recon Metasploit / CobaltStrike

Defensive Ops & Forensics

Incident Response Ransomware Containment IOC Lifecycle Mgmt Digital Forensics SOC Controls Verification WAF Configuration Data Loss Prevention (DLP) Network Hardening

Scripting & Tools

Python (openpyxl / pandas) Nessus API / CLI Bash / PowerShell scripting C++ & SQL (PostgreSQL) HTML & JavaScript Burp Suite Professional Nmap & Wireshark Git Version Control

Secure Communication

Retain GRC expertise or query security automation. Send an encrypted message or connect via official channels.

Direct Channels

Secure Hot-line

+91-976-862-0271

Operational Base

Mumbai, Maharashtra, IN

Transmission Panel