YOGESH V. MALVANKAR
CybersecurityAI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
President & Head - IT GRC @ YES BANK | Governance, Risk Management, Compliance | AI-Augmented CISO | DPO
At the helm of YES BANK's IT GRC division, my mission is to fortify our digital assets against evolving threats, consistently abiding by stringent regulatory standards. The core competencies developed during my leadership as Group CISO at Angel One, including strategic cybersecurity, risk management, and governance, have been instrumental in enhancing our IT resilience and compliance posture. My recent work involves steering our teams to meticulously manage IT risks, drive policy adherence, and cultivate a robust compliance culture. This dedication has enabled the organization to navigate the complexities of financial regulations and cybersecurity challenges effectively, reinforcing our commitment to operational excellence and stakeholder trust.
PREPARIS, INC
Advanced Crisis Team Certification, Crisis/Emergency/Disaster Management
January 1, 2017 – Present
PREPARIS, INC
Crisis Team Certification Program, Crisis/Emergency/Disaster Management
January 1, 2017 – Present
Yonsei University
Internet of Things & Augmented Reality Emerging Technologies, Business
N/A – Present
Madurai Kamaraj University
Master of Business Administration (M.B.A.), Information Technology
N/A – Present
Madurai Kamaraj University
Post Graduate Diploma In Computer Applications (PGDCA)
N/A – Present
Madurai Kamaraj University
Bachelor’s Degree, B.Sc. Mathematics
N/A – Present
Gokhale High School
High School
N/A – Present
YES BANK
President - Head - IT GRC & Digital Governance
July 1, 2024 – Present
Mumbai · On-site
Angel One
Group CISO
May 1, 2021 – June 1, 2024
Mumbai, Maharashtra, India · Hybrid
Freelance
Cyber Security & GRC Consultant
October 1, 2019 – May 1, 2021
UAE · Remote
Kalpataru Limited (Kalpataru Group)
Chief Technology Officer & CISO
June 1, 2018 – October 1, 2019
Mumbai Metropolitan Region
Sterling Talent Solutions
Vice President - IT & CISO
January 1, 2016 – May 1, 2018
Mumbai Area, India
Aegis Global
Vice President - IT & Security
June 1, 2012 – January 1, 2016
Mumbai Area, India
CMS Info Systems Pvt. Ltd.
Head - Network Operations Center & Chief Information Security Officer (CISO)
December 1, 2009 – June 1, 2012
CMS Info Systems Pvt. Ltd.
Head of Network Operations
December 1, 2009 – June 1, 2012
Atos
Head - Knowledge Management
September 1, 2008 – December 1, 2009
Mumbai Area, India
Zapak Digital Entertainment Limited
Head - IT Projects & Operations
April 1, 2007 – September 1, 2008
Mumbai Area, India
WNS Global Services
Manager – IT Infrastructure
December 1, 2003 – August 1, 2006
WNS Global Services
Information Technology Support Manager
December 1, 2003 – August 1, 2006
Clover Infotech
IT - Project Manager
March 1, 2001 – December 1, 2003
Clover Infotech
Information Technology Project Manager
March 1, 2001 – December 1, 2003
Accel Frontline Ltd
Project Leader
January 1, 1995 – March 1, 2001
Mumbai Area, India
Implementation of ISO 20000 (ITSM - Information Technology Service Management)
April 1, 2011 – Present
ISO 20000 is a global standard that describes the requirements for an information technology service management (ITSM) system. The standard was developed to mirror the best practices described within the IT Infrastructure Library (ITIL) framework Project Deliverables: Developing Service Management Framework Service Desk Implementation Defining Policies, Procedures and Workflows Defining RACI Matrix Defining Internet Audit Mechanism KPI Defination and Documentation
Implementation of ISO 27001 (ISMS - Information Security Management System)
April 1, 2011 – Present
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process: 1. Define a security policy. 2. Define the scope of the ISMS. 3. Conduct a risk assessment. 4. Manage identified risks. 5. Select control objectives and controls to be implemented. 6. Prepare a statement of applicability. The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation. The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002:2005. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls. ISO 27002 contains 12 main sections: 1. Risk assessment 2. Security policy 3. Organization of information security 4. Asset management 5. Human resources security 6. Physical and environmental security 7. Communications and operations management 8. Access control 9. Information systems acquisition, development and maintenance 10. Information security incident management 11. Business continuity management 12. Compliance
Implementation of ISO 9001 (QMS - Quality Management System)
April 1, 2011 – Present
ISO 9001 is one of the standards within the range of ISO 9000 standards. ACS Registrars Ltd are a UKAS Accredited Certification Body, so before you consider getting started, talk to us to find out how we can help you understand the requirements for achieving ISO 9001 Accredited Certification. Project Deliverables; Get commitment and support from senior management Engage the whole business with good internal communication Compare existing quality systems with ISO 9001 requirements Obtain Organization's and supplier's feedback on current quality management Establish an implementation team to get the best results Map out and share roles, responsibilities and timescales Adapt the ISO 9001 principles of quality management Process Documentation KPI Definition Motivate staff involvement with training and incentives Share ISO 9001 knowledge and encourage staff to train as internal auditors Regularly review ISO 9001 system to make sure you are continually improving it
ISO/IEC 42001 Artificial Intelligence Management System Training by CyberFrat
CyberFrat
June 23, 2026 – Present
Certified - Data Protection Officer (C-DPO) Practitioner
Privacy CareerExperts
June 23, 2026 – Present
Certified Data Protection Officer/India (CDPO/IN)
Privacy CareerExperts
June 23, 2026 – Present
Body Language for Leaders
June 23, 2026 – Present
Certified Data Centre Specialist (CDCS)
EXIN
June 23, 2026 – Present
Certified Data Centre Professional (CDCP)
EXIN
June 23, 2026 – Present
CRISIS Management
Mitratech Preparis
June 23, 2026 – Present
RedHat Certified Technician
Red Hat
June 23, 2026 – Present
ITIL v3 Expert
EXIN
June 23, 2026 – Present
ITIL v3 Foundation
EXIN
June 23, 2026 – Present
Lead Auditor - ISO 9001
IRCA Global
June 23, 2026 – Present
Lead Auditor - ISO 20000
IRCA Global
June 23, 2026 – Present
Lead Auditor - ISO 27001
IRCA Global
June 23, 2026 – Present
Cultural Fit Analysis
The candidate's career trajectory shows a consistent focus on IT and cybersecurity leadership, with a strong emphasis on governance, risk, and compliance. Their experience spans various industries (banking, financial services, consulting, IT services), demonstrating adaptability. The projects listed, particularly the ISO implementations, indicate a commitment to structured, standards-based approaches, which would fit well within organizations valuing robust governance. However, the projects are primarily focused on process implementation and documentation rather than hands-on technical development or innovative security solutions, which might indicate a more traditional, compliance-driven cultural fit rather than a highly agile, cutting-edge security engineering environment. The lack of diverse project types beyond ISO implementations could be a limiting factor for roles requiring broader technical innovation.
Soft Skills & Operational Fit
The candidate's extensive experience in leadership roles (CISO, CTO, VP) across various organizations indicates strong leadership, strategic planning, and team management skills. Their involvement in crisis management and business continuity planning suggests resilience and operational readiness. The project descriptions highlight a structured approach to implementing management systems (ISO 9001, 20000, 27001), indicating strong process orientation and attention to detail. The focus on regulatory compliance and risk management aligns well with the operational demands of a senior cybersecurity role.