Turn Compliance Into Operating Discipline
Translate FedRAMP, NIST, ISO, PCI, and customer trust requirements into controls, owners, evidence, and recurring security rhythms.
Personal portfolio / cybersecurity leadership
Priyanshu Gupta
Information Security Director at Ontic
Noida, India
12+ years in cybersecurity
FedRAMP Moderate contributor
AppSec operator turned security program leader.
I help SaaS teams earn trust through FedRAMP, product security, cloud controls, audit readiness, vulnerability management, and practical risk reduction.
About
Security should be visible to auditors, useful to engineers, and trusted by customers.
Protect The Product, Not Just The Perimeter
Embed AppSec, threat modeling, vulnerability management, SDLC guardrails, and cloud review directly into product delivery.
Lead With Executive Clarity
Reduce ambiguity for leadership through risk registers, measurable KPIs, audit posture, customer assurance, and board-ready reporting.
Current Chapter
Information Security Director at Ontic
Ontic provides AI-powered Connected Intelligence software for corporate and government security teams, unifying security operations, threat intelligence, investigations, case management, and response into a trusted system of record. My role is to help ensure that kind of platform can meet enterprise, public sector, and customer trust expectations without slowing the business down.
FedRAMP Moderate Authorization
ATO Support
Cloud Control Ownership
Customer Trust
ontic.impact
Helped Ontic Achieve FedRAMP Moderate
Supported the security program maturity, control evidence, remediation discipline, and cross-functional alignment needed for Ontic's FedRAMP Moderate authorization milestone.
Strengthened Regulated SaaS Trust
Focused on security governance, cloud posture, audit readiness, policy maturity, access control, vendor risk, incident readiness, and customer-facing assurance.
Connected Security To Product Velocity
Brought an AppSec operator's mindset to a modern SaaS platform: threat modeling, secure design, vulnerability intake, prioritization, remediation validation, and engineering partnership.
surface.01
Connected Intelligence Platform
Govern RBAC, auditability, secure data flows, tenant trust, logging, and policy alignment for a centralized security system of record.
surface.02
Threat Intelligence & OSINT
Protect ingestion pipelines, sensitive investigations, identity context, source handling, analyst workflows, and customer-specific risk data.
surface.03
Incidents, Investigations & Case Management
Drive evidence integrity, retention thinking, secure workflows, access governance, incident readiness, and operational resilience.
surface.04
Integrations & Cloud Operations
Own API security, third-party risk, secrets hygiene, cloud configuration, monitoring, vulnerability response, and remediation accountability.
Career Signal
Experience Timeline
Information Security Director, Ontic
Regulated SaaS · Connected Intelligence · Public sector readiness
- Helped Ontic achieve FedRAMP Moderate Authorization for its AI-powered Connected Intelligence platform.
- Owns and matures security governance across product security, cloud controls, audits, evidence, and customer assurance.
- Partners with engineering and product teams on secure design, vulnerability prioritization, remediation validation, and threat modeling.
- Drives director-level security responsibilities: policies, risk register, access governance, vendor risk, incident readiness, security metrics, and executive communication.
Manager, Deloitte
Gurgaon · Major Australian banking client
- Led enterprise AppSec programs across nearly 70 banking applications impacting $941B in assets.
- Managed and mentored 10+ security professionals across secure design, DevSecOps, and red teaming.
- Ran architecture reviews, threat modeling, VAPT, phishing simulations, AD audits, and cloud configuration reviews.
Deputy Manager, Deloitte
Gurgaon · Banking security programs
- Led web and API security testing across banking platforms in Agile delivery cycles.
- Guided 6 AppSec engineers through threat modeling, secure design review, and code review.
- Managed security KPIs and risk registers with business-context vulnerability prioritization.
Assistant Manager / Consultant, Deloitte
Gurgaon · BFSI and SaaS clients
- Delivered VAPT assessments for critical digital assets with executive-ready risk reporting.
- Supported compliance and regulatory audits through actionable security findings.
- Strengthened cloud and web application security for global clients.
Senior Cyber Security Engineer, Think Future Technologies
Gurgaon · Product and client security
- Led web and mobile VAPT for client applications.
- Supported bug bounty program triage and developer security awareness sessions.
Technical Consultant, Fujitsu Consulting India
Pune · Infrastructure and application security
- Conducted infrastructure and application security assessments using Nessus and manual validation.
- Provided remediation guidance and patch validation for enterprise clients.
Fraud Analyst, Paytm
Noida · Fraud operations
- Investigated high-risk transactions and digital fraud patterns.
- Supported fraud mitigation strategies across e-commerce channels.
Capability Matrix
Director-level security stack
Proof Points
Recognition, certifications, and operator credibility
FedRAMP Moderate Contributor
Bugcrowd Top 300 All-Time
Multiple MVP Recognitions
MasterCard Hall of Fame
Western Union Hall of Fame
PG-DITISS, CDAC
eWPTXv2
eCPPTv2
Certified AI/ML Pentester
CEHv10
CNSS
Education
Systems foundation
PG-Diploma in IT Infrastructure and System Security
CDAC Bangalore
B.Tech in Computer Science
Hindustan Institute of Technology and Management, Agra
Secure Channel
Available for security leadership conversations.
Based in Noida, India. Open to relocation and ready to discuss SaaS security leadership, FedRAMP, AppSec, cloud security, trust programs, GRC, and enterprise risk.