Winners

Lucius Lobo

The advent of GDPR provided Tech Mahindra an opportunity to design, build and enforce increased trust across the entire organization and turn that into wider operational and business gains. The GDPR compliance program solution included implementation of data privacy and protection framework. Data privacy policy and framework were fine-tuned to adhere to global regulatory environment.  Mandatory training along with exams for Data Protection were designed and rolled out.

CSO Jun 21st 2018 A-A+
lucius-lobo.jpg

As CISO at Tech Mahindra, Lobo is responsible for information and cyber security, business continuity and data protection. He co-founded the cybersecurity practice at Tech Mahindra, and was part of the Internet Security Council at the World Economic Forum. Lobo rolled out Secure SDLC, an enterprise security program to ensure that the products and services delivered by the company were built securely. 

Key Security Initiatives 

Tech Mahindra’s GDPR compliance program solution included implementation of data privacy and protection framework. A DPO office was setup, and was responsible for data protection oversight. A DPO steering committee was formed among the CIO, CISO, CPO (Head of HR), and privacy lawyers. Mandatory training along with exams for data protection were designed and rolled out. A Record of Processing Activities (RoPA) captured personal data handled, and Data Privacy Impact Assessments (DPIA) were conducted for every project and process under functions including HR, recruitment, finance, and ISG. Risk assessment at project, account and function levels were carried out in order to address and mitigate risks for data protection requirements. Gap assessments were shared and data encryption and masking were verified at multiple levels. Privacy-by-design, data minimization, third-party due diligence practices were also rolled out across the organization and were documented.

Awards Won

CSO100 Award 2018