Santosh Chachar, Developer in Pune, Maharashtra, India
Santosh is available for hire
Hire Santosh

Santosh Chachar

Verified Expert  in Engineering

Information Security Developer

Pune, Maharashtra, India

Toptal member since October 19, 2022

Bio

Santosh is a seasoned information security professional with two decades of experience handling technical, business, legal, and regulatory aspects across cloud, network, systems, and application security. He has led organizations to comply with standards and regulations like ISO 27001, SOC 2, GDPR, CCPA, and HIPAA while working with various stakeholders and business units. Santosh is a CISSP, CEH, CCIO, and RHCE-certified professional with a diploma in internet crime investigation.

Portfolio

SaaS Product Organization | Video Streaming Analytics
AWS, DevSecOps, Third-party Risk, Third-party Management, ISO 27001, Security...
SaaS Product Organization | Meeting Automation
Information Security, GDPR, SOC 2( Service Organization Control), ISO 27001...
SaaS Product Organization | In-app Customer Support Platform
GDPR, Data Privacy, AWS, ISO 27001, Security, System Security, DevSecOps...

Experience

Availability

Part-time

Preferred Environment

Linux, Amazon Web Services (AWS), Cloud Security, ISO 27001, Jira, Application Security, SOC 2, GDPR, Data Privacy, DevSecOps

The most amazing...

...projects I've delivered involved implementing information security management systems compliant with ISO 27001:2013 and with GDPR regulatory requirements.

Work Experience

Senior Program Manager | Information Security

2020 - PRESENT
SaaS Product Organization | Video Streaming Analytics
  • Implemented the information security management system and achieved ISO 27001 certification by working with all the organization's departments.
  • Established the third-party risk management plan, which included policies, multi-team workflows, processes, and automation with OneTrust.
  • Developed and delivered the secure SDLC program, which included the following modules: developer training, secure design and coding guidelines, secrets scanning, security testing with SAST and DAST, penetrating testing, and security monitoring.
Technologies: AWS, DevSecOps, Third-party Management, Third-party Risk, ISO 27001, Security, System Security, GDPR, GRC, Software Development, Cloud Security, Data Privacy, Security Architecture, Risk Management, Application Security, Penetration Testing, Cross-functional Collaboration, CISSP, Compliance, Information Security, Security Operations Centers (SOC), IT Security, Risk Assessment, CISO, Jira

Principal Manager | Information Security

2019 - 2020
SaaS Product Organization | Meeting Automation
  • Led the organization to meet the GDPR regulatory requirements and SOC 2 attestation objectives by collaborating with DevOps, IT, development, QA, and HR teams.
  • Drove external penetration tests, third-party vendor assessments, pre-sales support for security and privacy, and data processing agreement reviews.
  • Partnered with the legal, sales, and marketing departments for customer contracts, security negotiations, and data privacy matters.
Technologies: Information Security, GDPR, SOC 2( Service Organization Control), ISO 27001, Security, AWS, System Security, DevSecOps, Third-party Management, Third-party Risk, GRC, Software Development, Cloud Security, Data Privacy, Security Architecture, Risk Management, Application Security, Penetration Testing, Cross-functional Collaboration, CISSP, Compliance, IT Security, Risk Assessment, CISO, Jira

Information Security Manager

2017 - 2018
SaaS Product Organization | In-app Customer Support Platform
  • Served as a subject matter expert, providing advice to external and internal customers regarding security measures, risks, and business impact.
  • Implemented GDPR and privacy compliance requirements and privacy shield certification from scratch.
  • Developed the information security program, including policies, standards, and guidelines relevant to ISO 27001, ISO 27017, and ISO 27018.
Technologies: GDPR, Data Privacy, AWS, ISO 27001, Security, System Security, DevSecOps, Third-party Risk, Third-party Management, GRC, Software Development, Cloud Security, Security Architecture, Risk Management, Application Security, Penetration Testing, Cross-functional Collaboration, CISSP, Compliance, Information Security, IT Security, Risk Assessment, CISO

IT and Security Manager

2013 - 2017
gslab
  • Drove the implementation of ISO 27001 certification and HIPAA regulatory requirements for the SaaS business units collaborating with various corporate services.
  • Performed vulnerability assessment and penetration testing (VAPT) on applications, networks, systems, and cloud environments.
  • Rolled-out Wi-Fi security and secured remote access over SSL and IPSec VPN with multi-factor authentication (MFA).
  • Prepared business continuity and disaster recovery plans, coordinating with all the organization's business units.
Technologies: SIEM, GRC, People Management, System Security, Linux, Azure, VPN, Business Continuity, ISO 27001, Security, AWS, Operating Systems, Networking, DevSecOps, Cloud Security, Bash Script, Security Architecture, Risk Management, Penetration Testing, Linux Administration, Cross-functional Collaboration, CISSP, Compliance, Information Security, Third-party Risk, Security Operations Centers (SOC), IT Security, Risk Assessment, CISO

Technical Leader

2011 - 2013
Atos
  • Led technical escalations of Linux support teams handling large server environments of the customer spread across Europe.
  • Managed server hardening and baseline, Red Hat Cluster administration, and patching.
  • Handled incident management, problem management, and change management plans.
Technologies: Linux, Operating Systems, Linux Administration

System Engineer

2010 - 2011
Emptoris (now IBM)
  • Managed Linux servers and 3-tier applications, hosting critical production environments.
  • Analyzed and optimized shell scripts for the automation of routine tasks.
  • Investigated Linux server performance, integration, and configuration issues.
Technologies: Linux, Operating Systems, Linux Administration

Senior Member of the Technical Staff

2006 - 2010
gslab
  • Deployed and maintained Linux-based firewalls, routers, VPN servers, DNS servers, and web servers.
  • Rolled-out UTM firewalls, central antivirus, and HP Procurve VLAN switches.
  • Deployed and upgraded open-source solutions for DNS, VPN, backup, email security like Spam Assassin, antivirus like ClamAV, and virtualization technologies.
Technologies: System Security, VPN, Antivirus Software, Email Security, Linux, Operating Systems, Networking, People Management, Security, Bash Script, Linux Administration, IT Security

ISO 27001:2013 Certification

Led the organization-wide efforts to implement an information security management system (ISMS) compliant with ISO:27001 certification. I defined and implemented security policies, processes, technologies, and documentation to meet the ISO:27001 requirements achieving the certification.

GDPR Data Privacy Compliance

Spearheaded the implementation of data privacy technical controls, policies, workflows, and processes across the organization to meet the EU GDPR regulatory requirements. Worked as an intermediary between external legal agencies and internal departments.

SIEM Deployment

Conducted the security information and event management (SIEM) deployment by handling the following activities:

• Installed and configured the AlienVault open-source SIEM
• Integrated network and endpoint security devices and servers with the SIEM.
• Trained the IT operations teams on day-to-day administration, integrating additional servers and equipment and adding, modifying, and optimizing rules and alerts.
• Created a custom document and linked it with the SIEM vendor documentation.

Advanced Cloud-based Endpoint Protection

Took part in the company-wide launch of advanced cloud-based endpoint security solutions to protect endpoints from attacks like ransomware with central deployment and management of endpoint security agents.
2000 - 2004

Bachelor's Degree in Computer Engineering

University of Pune - Pune, India

OCTOBER 2023 - OCTOBER 2026

ISAC Certified Cyber Crime Intervention Officer (CCIO)

Information Sharing and Analysis Center (ISAC)

DECEMBER 2017 - PRESENT

CISSP – Certified Information Systems Security Professional

(ISC)2

NOVEMBER 2017 - PRESENT

Internet Crime Investigation

Asian School of Cyber Laws

SEPTEMBER 2010 - SEPTEMBER 2013

Certified Ethical Hacker (CEH)

EC-Council

JULY 2008 - JULY 2011

Red Hat Certified Engineer (RHCE)

Red Hat

Tools

VPN, Jira

Industry Expertise

Cybersecurity, System Security

Languages

Bash Script

Platforms

Linux, AWS

Paradigms

DevSecOps, Penetration Testing

Storage

Azure

Other

System Security, GRC, Risk Management, Linux Administration, Cross-functional Collaboration, ISO 27001, Security, CISSP, IT Security, Compliance, Information Security, Operating Systems, GDPR, Third-party Management, Data Privacy, SIEM, People Management, Software Development, Security Architecture, Identity & Access Management (IAM), Cloud Security, Third-party Risk, Risk Assessment, CISO, Networking, SOC 2( Service Organization Control), Security Operations Centers (SOC), Business Continuity, System Security, Application Security, SELinux, System Security, Antivirus Software, Email Security, Cyberpsychology

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring