Prabh Nair

SUMMARY

• 18+ years of experience in the Information Technology industry with specialization in Information Security, AI Governance, and Data Privacy.
• Ability to design and govern AI programs aligned with ISO/IEC 42001, ISO/IEC 23894, NIST AI RMF, and EU AI Act readiness.
• All round knowledge of all domains of Information Security. Expertise ranges from Vulnerability Assessment & Penetration Testing to Application Security, and encompasses Security Solutions as well as IT Governance, Risk & Compliance.
• Experienced in heading global information security operations at US based global IT services provider with presence across 11 locations across United States, Canada, India and Sri Lanka.
• Well skilled in developing policies, procedures and framework for establishing security operations and operations security.
• Served 350+ organizations across 25+ countries through various short-term assignments.
• Performed various roles such as Chief Information Security Officer, Information Security Manager, Security Consultant, Security Architect, Project Manager, Infrastructure & Messaging Consultant, Author and Instructor.
• Exposure to managing information security for banking, telecom, retail, healthcare and IT sector clients.
• Certified as AIGP, CISSP, CISM, CGRC, CIPM and 15+ more industry recognized certifications.

SKILLS

AI SECURITY

• Experienced in building an AI policy stack: acceptable use, data sourcing, model cards,
  human-in-the-loop, and AI risk register.
• Experienced in driving AI security awareness and secure prompt training across enterprise.
• Ability to align AI assurance with business objectives using KPIs such as incident rate, PII leakage
  rate, bias deltas, and cost per successful task.
• Good knowledge of privacy and safety filters for LLMs, including PII detection, toxicity monitoring,
  bias metrics, and rate limiting.

DATA PRIVACY

• Ability to operationalize Privacy by Design across the SDLC, including data minimization, purpose
  limitation, and default settings.
• Experienced in DPDP Act, GDPR, HIPAA, and PCI DSS alignment, including consent management, children’s data safeguards, and cross-border transfer assessments.
• Strong knowledge of Privacy-Enhancing Technologies (PETs) such as tokenization, format-preserving encryption, differential privacy, k-anonymity, l-diversity, secure enclaves, and federated learning.
• Defined privacy KPIs and SLOs, such as DSAR closure time, deletion lead time, coverage of data maps, and PII leakage rate.
• Experienced in building Data Privacy Programs.

ENTERPRISE SECURITY

• Ability to simplify security in complex environments.
• Ability to develop enterprise security architecture to meet enterprise business objectives.
• Experienced in implementation & assessment of standards & frameworks such as ISO/IEC 27001:2013/2005,SSAE-16, COBIT 5, PCI-DSS, HIPAA and NIST standards.
• Experienced in the development of policies, processes and supporting documentation.
• Experienced in risk management, change management, vulnerability management, incident management, and business continuity management.
• Experienced in design and implementation of enterprise security solutions including Data Centre and Delivery Centre security.
• Good knowledge of virtual & cloud environments.
• Good understanding of technology architecture and enterprise-level mitigation strategies.
• Experienced in spreading security awareness across enterprise.

SECURITY ASSESSMENTS

• Good knowledge of penetration testing & security assessments.
• Experienced in conducting internal and external vulnerability assessments.
• Experienced in conducting web application security assessments.
• Experienced in analysing potential threats & attack attempts.

SECURITY AUDIT

• Experienced in developing metric based audit programs.
• Experienced in developing audit checklists based on client and compliance requirements.
• Experienced in conducting internal audits, vendor audits and security reviews.

APPLICATION SECURITY

• Good understanding of application security controls & application security architecture.
• Good understanding of cryptographic controls.
• Considerable knowledge of web applications & databases.
• Good understanding of software development lifecycle.

Certification

POPULAR CLIENTS

related courses

Certified Data Privacy Solutions Engineer (CDPSE) Online Training & Certification Course

Certified in Risk and Information Systems Control (CRISC 2025) Online Training & Certification

CGRC Training Course

CISA Certification Training

CISM Certification Training

CISSP Certification Training

CompTIA Security+ , ISO 27001 Lead Auditor & CISA Training

CompTIA Security+, EC Council CEHv13 AI & SOC Analyst Training

IAPP AIGP Certification Training

Information Security Manager Online Training Course

ISSAP Online Training & Certification Course

Pentester Combo Training & Certification Course