Summary
Overview
Work History
Education
Skills
Certification
Awards
Recent Trainings
Timeline
Generic

Anupam Rawla

Cybersecurity & Risk
Mississauga,ON

Summary

Dynamic leader with extensive experience at Marsh, specializing in cyber incident exercises and risk quantification. Proven track record in enhancing organizational resilience through tailored security frameworks and executive training. Adept at leveraging cloud security solutions and fostering collaboration across teams to drive measurable improvements in incident response readiness.

Overview

25
25
years of professional experience
5
5

Certifications

Work History

Senior Vice President, Cyber Risk Consulting

Marsh
Toronto, Canada
08.2021 - Current
  • Company Overview: Cyber Risk Advisory (subsidiary of Marsh McLennan) - www.marsh.com
  • As a leader of Incident Management stream led the development and execution of multi-tiered cyber tabletop exercises tailored for Security Operations Center (operational teams), C-suite executives (CEO, CISO, CIO, CFO), and board-level participants.
  • Scenarios ranged from ransomware outbreaks to cloud breaches, designed to stress-test Incident Response Plans (IRPs), expose process gaps, and build decision-making resilience under pressure.
  • Designed and implemented ransomware decision-making frameworks, guiding executive deliberations on 'pay vs. don’t pay' scenarios, legal considerations, insurance interfaces, and business continuity response — ensuring preparedness before high-stakes incidents occur.
  • Facilitated post-exercise IR plan evaluation workshops, reviewing current escalation paths, communication, external party coordination (e.g. legal, PR, cyber insurers), and procedural alignment—leading to measurable improvements in IRR readiness.
  • Conducted security assessment for Canadian enterprises in retail, insurance, finance, and transportation—covering Azure/AWS, crafting tailored threat scenarios, and applying quantitative risk frameworks to inform decision metrics.
  • Drove GRC platform assessments and architecture design, focusing on ServiceNow modules (Policy & Compliance, TPRM, SecOps), vulnerability and incident management systems—creating functional compliance models and automated dashboards for continuous monitoring.
  • Established key security, risk, compliance, and operational metrics—including KRIs and executive reporting dashboards—for insight-led governance and board visibility.
  • Cyber Risk Advisory (subsidiary of Marsh McLennan) - www.marsh.com

Integrated Risk Management Lead (Manager)

Accenture
Toronto, Canada
06.2015 - 07.2021
  • Company Overview: Security Strategy, Transformation & Risk - www.accenture.com
  • Governance, Risk & Compliance (GRC) Oversight: Directed the Information Security and GRC functions, conducting IT risk assessments aligned with industry standards such as PCI-DSS, NIST IR, NERC/CIP, PIPEDA, ISO 27002, NIST Cybersecurity Framework, and GO-ITS.
  • Security Assessments & Transformation Initiatives: Led security assessments and transformation workshops across major enterprises in Canada and the U.S., spanning sectors like retail, banking, transportation, and automotive.
  • E-GRC Platform Implementation: Managed the implementation of e-GRC projects utilizing platforms like ServiceNow GRC, Archer, and Agiliance RiskVision. Developed GRC and Security Operations (SecOps) metrics, Key Risk Indicators (KRIs), and Key Compliance Indicators (KCIs).
  • Cloud & Application Security Assessments: Conducted comprehensive risk assessments for cloud architectures on leading platforms, integrating industry-standard security and risk frameworks. Led application and data security assessments, including Web Services evaluations and Security Development Lifecycle (SDL) process integration.
  • Security Strategy, Transformation & Risk - www.accenture.com

Lead IT Security & Risk Consultant

Enterprise Retail
06.2013 - 06.2015
  • Directed GRC professional services, delivering IT risk assessments aligned with PCI‑DSS, PIPEDA, NIST, ISO 27002, and GO‑ITS frameworks.
  • Built and operationalized security programs, including incident response, threat and vulnerability management, risk management, and business impact analysis.
  • Led application and web services security assessments, coordinating SDL development and embedding it into the SDLC across service-oriented architectures.
  • Headed PCI-DSS and PIPEDA audit and compliance projects, ensuring adherence and remediation across retail environments. Led the interaction with auditors.
  • Designed and implemented security and risk automation blueprints, including KRIs and KPIs to enhance risk visibility and drive continuous improvement.
  • Managed daily security operations encompassing incident management and threat/vulnerability handling to strengthen organizational resilience.

Principal IT Security & Risk Consultant

Iceberg Networks Corporation
Mississauga, Canada
02.2012 - 05.2013
  • Company Overview: www.icebergnetworks.com
  • Led Governance, Risk and Compliance (GRC) IT security consulting services.
  • Developed information security, risk management and risk automation blueprints leveraging leading edge eGRC (enterprise governance, risk and compliance) software platforms such as RSA’s Archer and Agiliance’s RiskVision.
  • Led security solutions covering Unified Threat Management and Network/Security Monitoring.
  • Developed security service offerings on high performance computing appliances for data centre applications.
  • Www.icebergnetworks.com

Program Director

TELUS Business Solutions
Toronto, Canada
03.2008 - 01.2012
  • Company Overview: Solutions Development Team - www.telus.com
  • Led the development of security solutions covering Unified Threat Management (UTM) and Security Information & Event Management based security products across the nation.
  • Managed the qualification, technology/vendor selection, technical response for both complex and standard security proposals RFIs/RFPs (Request for Information/Request for Proposals) involving RSA, Cisco, Juniper, Motorola wireless, McAfee, IP Video Surveillance (IPVS), Fortinet, and others covering mainly government, health and retail verticals.
  • Consulted as a subject matter expert for development of various new products at TELUS – Unified Threat Management, Security Information & Event Management and IP Video Surveillance.
  • Conducted presentations at senior levels on Managed Security Services (MSS), Integrated Security Services (ISS) and security assessments for various market segments with a special focus on majors and emerging segments.
  • Conducted security trainings/workshops nationwide on security product portfolio including Unified Threat Management (UTM), anti-Spam, content filtering, IP Video Surveillance (IPVS) and Wireless Intrusion Prevention Systems (WIPS).
  • Evangelist for TELUS security centres of excellence across various business units/ product leadership teams at TELUS.
  • Solutions Development Team - www.telus.com

Director – Information Security & Managed Security

Emergis Inc.
Thornhill, Canada
07.2002 - 03.2008
  • Company Overview: (formerly BCE Emergis, now TELUS Health Solutions) - www.telushealth.com
  • As Information Security lead for BCE Emergis & Emergis, led the operational security management including interfacing with regulators and security auditors.
  • Led day-to-day operational security, risk management, audit & compliance, security incident response, threat/vulnerability management and security quality assurance.
  • Individually led risk assessments for several business units yearly and interfaced at C-level/ other department heads.
  • Security/Risk Solution SME: Developed security solutions & architecture recommendations covering Unified Threat Management, Security Information and Event Management, Threat/Vulnerability Management and Log Management.
  • Key contributor in the development of Information Security Control framework.
  • Led engagements on Managed Security Services (MSS), including leading the development of an ingenious MSS (Managed Security Services) portal to generate revenue.
  • Led the development and design of Security Operations Center (SOC) framework using state of the art Unified Threat Management (UTM) security appliances, Security Information Management software and GRC practices.
  • ITIL Service Management: led the development of security service operations for SIRT (Security Incident Response, including Physical Security) process and integration with other ITIL service components such as Availability, Capacity and Business Continuity management.
  • (formerly BCE Emergis, now TELUS Health Solutions) - www.telushealth.com

Manager (IT Network/Security Consultant)

Deloitte Consulting
Toronto, Canada
06.2000 - 07.2002
  • Company Overview: www.deloitte.com
  • Security solution development lead and network/security Project Manager (PM) for the largest State Portal in US.
  • Was the security solution development lead and evangelist for the shared security infrastructure model catering to several state departments.
  • Pre-sales lead and Project Manager for Enterprise Systems Management rollout at a large Oil & Gas company. The objectives were to identify the network monitoring challenges and manage/deliver Professional Services (PS) to address the gaps.
  • Www.deloitte.com

Education

Artificial Intelligence: Implications for Business Strategy Program -

MIT Sloan School of Management
01.2020

Executive Development Program - Cloud Computing

University of Toronto
01.2010

Bachelor of Electrical & Electronics Engineering -

Karnataka Regional Engineering College, Surathkal
Mangalore
01.1987

Skills

  • Cyber incident exercises
  • Security products and vendors
  • Risk quantification
  • Cloud security solutions
  • Software analytics and risk
  • Data modeling tools
  • Security awareness training

Certification

  • CISSP
  • CCSP
  • GIAC- GCIH
  • RSA Certified Security Professional (Archer Certified)
  • SABSA SCF

Awards

  • Invited to be a SANS advisor and mentor.
  • Received a Star Executive Award from Emergis for team leadership.
  • Received championship awards for International Evaluation and International Speech Contests representing Toastmasters International Area and Division levels.
  • Consistently placed among the top in individual performance ranking at Emergis, TELUS, Accenture and Marsh.
  • Teach CISSP and CCSP courses to professionals, as a part-time security faculty.

Recent Trainings

  • CCSP, ISC2, Toronto, Canada
  • ServiceNow GRC and SecOps, Toronto, Canada
  • SABSA (Sherwood Applied Business Security Architecture), Chicago, USA
  • Cloud Computing, University of Toronto
  • Application Security, AppSec, Denver, Colorado
  • Agiliance RiskVision, Agiliance, Washington
  • GRC Summit (GRC Platform as a Service- Zaplet & Appstudio), Las Vegas, USA
  • Security Convergence, (ISC)² Congress, Orlando
  • Active Leadership, Global Knowledge

Timeline

Senior Vice President, Cyber Risk Consulting

Marsh
08.2021 - Current

Integrated Risk Management Lead (Manager)

Accenture
06.2015 - 07.2021

Lead IT Security & Risk Consultant

Enterprise Retail
06.2013 - 06.2015

Principal IT Security & Risk Consultant

Iceberg Networks Corporation
02.2012 - 05.2013

Program Director

TELUS Business Solutions
03.2008 - 01.2012

Director – Information Security & Managed Security

Emergis Inc.
07.2002 - 03.2008

Manager (IT Network/Security Consultant)

Deloitte Consulting
06.2000 - 07.2002

Artificial Intelligence: Implications for Business Strategy Program -

MIT Sloan School of Management

Executive Development Program - Cloud Computing

University of Toronto

Bachelor of Electrical & Electronics Engineering -

Karnataka Regional Engineering College, Surathkal

Similar Profiles

CREATE PROFILE
Anupam RawlaCybersecurity & Risk