Modern CISO Network: Board Book
A directory of board-ready security leaders
location
APAC
areas of expertise
- Cybersecurity strategy
- Identity and access management
- Security operations
- ISO27001
- Security training and awareness
- Business continuity management
- Disaster recovery
Santanu Lodh
CISO
OFX
Santanu brings over 28 years of diverse experience in information and cyber security management, IT governance, access management, risk management, and business continuity.
He currently serves as the Chief Information Security Officer at OFX Group. In this role, he has initiated a comprehensive 3-year cyber security strategy and implementation plan. In the first year, he achieved milestones and established controls across various cyber security domains with a small team. He identified and implemented multiple SaaS platforms, reinforced cloud security, and nurtured a DevSecOps culture. He has also increased security awareness through training and conducted tabletop security exercises.
While at Macquarie Group Limited as a Director in Identity & Cyber Security, he led identity and privilege access management governance. He created and implemented a security policy for privilege access management and managed responses to internal and external cybersecurity and identity audits.
At DFSI, NSW Government, he served as a Director in Compliance and Service Management Office, leading compliance, audit, risk management, business continuity, disaster recovery, quality assurance, and information security governance for GovConnectNSW shared services.
At Nomura, as an Executive Director in Identity & Access Management and Business Continuity, he managed the global identity & access management process and owned access control policies. He was responsible for business continuity management, risk assessment, business impact analysis, continuity planning, crisis management, and vendor relationships.
As Head of Group Functions IT in India at Royal Bank of Scotland, he led application development and production support, overseeing a substantial team of staff and vendor resources.
Throughout his career, he has demonstrated a consistent ability to develop and execute security strategies, improve operations, and stimulate business growth. He has played a significant role in establishing and enhancing security controls, governance frameworks, and compliance with international standards like ISO 27001 and NIST. My leadership extends to mentoring large teams, fostering effective communication, and building strong relationships with stakeholders.