Dhiren Patadia
Manchester,CT
Summary
Results-driven leader with expertise in building and managing security programs that prioritize data protection, compliance, and risk management. Utilizes a collaborative approach to integrate security-by-design principles throughout the product development lifecycle, emphasizing "Shift Left" practices. Possesses extensive knowledge of security frameworks, application, and infrastructure security to facilitate meaningful discussions and consensus building on innovative security solutions. Dedicated to delivering positive outcomes for organizations and customers. Committed to helping clients maintain a strong security posture aligned with their risk tolerance while ensuring compliance with evolving regulations.
Overview
12
12
years of professional experience
3
3
years of post-secondary education
10
10
Certification
Certification
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Systems Auditor (CISA), Health Care Information Security and Privacy Professional (HCISPP), Certified Information Privacy Professional – US, Canada, Europe (CIPP/US/C/E), Fellow of Information Privacy (FIP), AWS Certified Cloud Practitioner (CCP), Certified Information Security Manager (CISM), Certified Information Privacy Manager (CIPM)
Skills
Penetration Testing
Familiaritywithsecuritytools
PCI-DSS, HIPAA, GDPR, SOC2, NIST 800-171, NIST 800-53, NIST CSF, NIST RMF, ISO 27002, CIS Benchmarks, MITRE ATT&CK and ATLAS, NVD, OWASP Top10, Nessus, Wireshark, Nmap, BurpSuite, Kismet, Aqua Security, Kubesec, Amazon ECR, EKS, Fargate, CodeCommit, CodeBuild, Code Deploy, CloudWatch, Lambda functions, Sonarqube, Fortify, Burp Suite, AppScan, Veracode, AWS Inspector, AWS GuardDuty, AWS Tools Suite, Tenable CSPM, Prisma Cloud CSPM, KSPM, Archer, Onetrust, Confluence, JIRA, SharePoint, Microsoft Suite, Tableau, Qlik, Cognos
Work History
Senior Program Manager
Amazon
Sunnyvale, California
05.2021 - 4 2024
- Led a team of security advisors in conducting comprehensive security assessments for complex, cutting-edge projects involving emerging technologies
- This included smart vehicles, wearable health devices, child-friendly gadgets, and generative AI-driven services
- Implemented questionnaires and workflows to allow self-attestation for low-risk projects allowing teams to document the self-determined security posture in the GRC tool
- The workflows allowed approval, follow-up, escalations for requested exemptions, and regular review of approved exceptions
- Collaborated closely with cross-functional teams including engineering, software development, UX design, marketing, public policy, security, and legal, ensuring a holistic understanding of product architecture, data flow, customer expectations, business value proposition, and compliance with applicable security policies and regulations
- Partnered with policy, privacy, and legal departments to proactively identify security risks, developing and implementing mitigation strategies
- Utilized strong stakeholder management to align teams on acceptable risk levels, ensuring that security requirements balanced business objectives and customer trust
- Designed and rolled out a scalable data attestation framework, embedding data governance into everyday business operations and integrating it with the broader enterprise risk management program
- This framework provided tools and processes for consistent data classification for various data types and risk-based protection
- Created security best practices and risk mitigation guidelines for technical teams, encouraging the integration of security considerations early in the software lifecycle, specifically during requirements and design phases, fostering a security-by-design mindset
- Strengthened the security risk review process by embedding checkpoints across the software development lifecycle, ensuring that security risks were identified and addressed at every CI/CD pipeline stage
- Defined and tracked program metrics, including OKRs, KRIs, and KPIs, to evaluate the security program’s effectiveness, measure security risk, and assess compliance
- Developed data visualizations to provide key insights to stakeholders at all organizational levels
Senior Data Protection Manager
Otis Corporation
Farmington, CT
06.2020 - 05.2021
- Collaborated with cross-functional teams across EMEA, APAC, and the Americas, including software developers, compliance leaders, legal experts, and privacy stakeholders, to drive alignment on global security initiatives and ensure consistent compliance across diverse regulatory landscapes
- Developed and implemented strategies to strengthen security programs, integrating security controls that reinforced data protection
- Established metrics to evaluate and report on the organization's security risk posture, providing transparency and enabling informed decision-making for stakeholders at all levels
Senior Consultant - Security and Risk Management
CT Department of Social Services
Hartford, CT
07.2015 - 02.2020
- Led a cross-functional team of domain experts in application, server, and network security, overseeing the security infrastructure for a $45 million modernization initiative focused on benefits eligibility management systems
- Built and nurtured strong relationships with key stakeholders, including business leaders, and legal, security, and privacy teams, ensuring alignment on privacy and security requirements throughout the project lifecycle
- Provided strategic guidance to the Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO) to maintain continuous compliance with regulatory requirements from agencies such as the Social Security Administration (SSA), Internal Revenue Service (IRS), and Centers for Medicare & Medicaid Services (CMS)
- Led comprehensive security risk assessments for on-premise applications and infrastructure, identifying risks with both privacy and security implications
- Developed a tiered remediation roadmap based on regulatory deadlines and the organization's capability maturity model
- Collaborated with business leaders and third-party system integrators to ensure security compliance in the design and implementation of cloud-native architectures, ensuring that security requirements were built into the new system from the ground up
- Leveraged OWASP Top 10 documentation, and legacy code vulnerabilities to build secure coding practices
- Partnered with the cloud security architect to integrate security review tools and workflows into the CI/CD pipeline, ensuring security checks were embedded into cloud-native application development and deployment processes
- Worked with business leaders to establish security champions within each business unit, creating a structure for ongoing security reviews, risk remediation, and defined accountability
- Defined and tracked metrics to evaluate the efficacy of the security program for both on-premise and cloud-native environments, providing data visualizations to identify control gaps, monitor remediation efforts, and highlight any project blockers
Security & Compliance Manager
IBM Corporation
Southbury, Connecticut
01.2009 - 06.2014
- Led a team managing security for on-premise workloads, supporting healthcare, and financial services clients in maintaining compliance with privacy and security standards across highly regulated industries
- Enhanced security and compliance reporting frameworks for client-specific customization, enabling organizations to meet regulatory requirements, including HIPAA, FFIEC, Sarbanes-Oxley, and other relevant regulations
- Developed comprehensive documentation on secure data handling practices, guiding the internal teams and client security stakeholders, strengthening data protection strategies, and achieving compliance outcomes
- Defined and tracked key risk indicators (KRIs) and key performance indicators (KPIs) to measure the efficacy of the security program
- Designed real-time dashboards that provided visibility into security risk and compliance status for the technology and business stakeholders
Education
Bachelor of Science - Computer Technology
Gujarat Technological University
India 08.1987 - 07.1990
Timeline
Senior Program Manager
Amazon
05.2021 - 4 2024
Senior Data Protection Manager
Otis Corporation
06.2020 - 05.2021
Senior Consultant - Security and Risk Management
CT Department of Social Services
07.2015 - 02.2020
Security & Compliance Manager
IBM Corporation
01.2009 - 06.2014
Bachelor of Science - Computer Technology
Gujarat Technological University
08.1987 - 07.1990
Similar Profiles
Nicholas JimenezNicholas Jimenez
Environmental Health and Safety at AmazonEnvironmental Health and Safety at Amazon
Filippo CervettoFilippo Cervetto
Retail Vendor Manager at AmazonRetail Vendor Manager at Amazon
Laura MataLaura Mata
Fulfillment Associate at AmazonFulfillment Associate at Amazon
JULIANA GARCIA TORRESJULIANA GARCIA TORRES
Amazon Fulfillment Warehouse Associates at AmazonAmazon Fulfillment Warehouse Associates at Amazon
Evan ScottEvan Scott
Intern at Loomis Chaffee SchoolIntern at Loomis Chaffee School