Subhajit Deb is the Director and CISO at Dr Reddy's Laboratories. He has over 17 years of rich experience in leading and managing global information security, business continuity, risk management and data privacy programs.
He has extensive people process management experience and has been successful in creating business-oriented security programs which are challenging, agile, cost-conscious and suited for global regulated environments. His specialties include information security, data privacy/GDPR, risk management, regulatory compliance, computer systems validation, business continuity and disaster recovery, risk modeling and Six Sigma (DMAIC/LEAN).
Key security initiatives
As the first ever CISO operating with a relatively smaller team in a highly distributed hybrid IT environment, Subhajit had to design and implement a multi-pronged security strategy to ensure a cost-conscious, repeatable and proactive security risk management system across disparate and distributed geographies with different business and compliance requirements.
A Security CoE was created - an InfoSec ‘working group’ with business unit representations and InfoSec ‘Assurance Committee’ as an apex level body for reporting and strategic alignment.
All technology and data related projects are reviewed by InfoSec at the design phase and again before go live. A dynamic and living risk 9-blocker was created along with risk rankings and treatment method. A dual process of inside-out (grey box) and outside-in (black box) testing method was designed as a litmus test of the security posture. Additionally, an enhanced risk-based monitoring process was put in place to monitor employees with high risk exposure.