03 — Trajectory

A track record in regulated worlds.

From privacy lawyer and legal counsel to CISO, and now founder of NormShift — every role added a layer, from the law of data to the defence of it.

2025 — Present

Founder & Principal Consultant

NormShift — cybersecurity & compliance consulting for fintechs

  • Founded NormShift to help fintechs and regulated entities bridge regulation and innovation — turning compliance into a driver of trust and growth.
  • Advise on data privacy & governance aligned to the DPDP Act and RBI directions, and on regulatory resilience for data processors.
  • Deliver IT audit & advisory, VAPT, cloud & third-party security oversight and cybersecurity product evaluation and deployment.
Nov 2024 — Sep 2025

Chief Information Security Officer

Si Creva Capital Services Pvt. Ltd. — regulated NBFC / fintech, Mumbai

  • Owned enterprise infosec & IT-governance strategy; chaired the IT Strategy and Information Security Committees, reporting to executive management and the board.
  • Built the compliance framework against RBI Master Directions, ISO 27001, SOC 2 and IT-outsourcing regulations.
  • Led organisation-wide DPDP Act readiness — data-protection governance, security controls and vendor-management frameworks.
  • Established and ran the SOC with SIEM and threat-intelligence tooling; directed end-to-end incident response.
  • Delivered zero RPO and a 60-minute RTO across a disaster-recovery site; cut security-tooling cost ~32% via open-source platforms.
  • Delivered a security-awareness programme to 900+ staff including senior management.
Aug 2023 — Oct 2024

Senior Information Security Engineer

OnEMI Technology Solutions Pvt. Ltd., Mumbai

  • Maintained continuous ISO 27001, SOC 2 Type 2 and RBI compliance, supporting successful external audits and certifications.
  • Designed security architecture for sensitive financial data and implemented the NIST framework org-wide.
  • Ran VAPT, real-time monitoring/analytics, vendor risk management and BCDR.
2022 — 2023

IT Compliance & Legal Manager

Ergode Inc., Mumbai

  • Built an ISMS and policy framework aligned to ISO 27001:2013 and CIS Benchmarks.
  • Ran compliance audits against GDPR, HIPAA, PCI DSS and SOC 2.
  • Conducted AWS security architecture reviews — IAM, VPC, S3, Lambda and RDS — with documented remediation.
2019 — 2022

Legal Counsel & Security Trainer

Arcot Group · Veteran Global Lawyers · L&T Technology Services, Mumbai

  • Advised on cyber-law, data privacy, intellectual property and corporate / contract matters.
  • Designed and delivered hands-on cybersecurity & ethical-hacking training programmes.
Credentials

Certified across privacy, audit & the cloud.

IAPP

CIPP/E

Certified Information Privacy Professional / Europe

ISACA

CISA

Certified Information Systems Auditor

AWS

Security — Specialty

AWS Certified Security

EC-Council

CCISO

Certified Chief Information Security Officer

University of Mumbai

Lawyer

Privacy & cyber-law, data-protection & digital governance

Supplementary

NYU · IBM · Harvard

Pen-testing · Cybersecurity Compliance · Contract Law · Google PM

Want the full picture?

Let's discuss how this experience maps to your needs.

Get in touch