As CISO at Tech Mahindra, Lobo is responsible for information and cyber security, business continuity and data protection. He co-founded the cybersecurity practice at Tech Mahindra, and was part of the Internet Security Council at the World Economic Forum. Lobo rolled out Secure SDLC, an enterprise security program to ensure that the products and services delivered by the company were built securely.
Key Security Initiatives
Tech Mahindra’s GDPR compliance program solution included implementation of data privacy and protection framework. A DPO office was setup, and was responsible for data protection oversight. A DPO steering committee was formed among the CIO, CISO, CPO (Head of HR), and privacy lawyers. Mandatory training along with exams for data protection were designed and rolled out. A Record of Processing Activities (RoPA) captured personal data handled, and Data Privacy Impact Assessments (DPIA) were conducted for every project and process under functions including HR, recruitment, finance, and ISG. Risk assessment at project, account and function levels were carried out in order to address and mitigate risks for data protection requirements. Gap assessments were shared and data encryption and masking were verified at multiple levels. Privacy-by-design, data minimization, third-party due diligence practices were also rolled out across the organization and were documented.