Swapan Arora

Swapan Arora is a cybersecurity leader whose 20+ year career has been shaped by a consistent operating principle: security is not merely a technical function, but a public obligation—especially when the systems being protected underpin water, transportation safety, education pathways, healthcare eligibility, and child welfare. Progressing from Associate Consultant roles to Senior Manager positions at Mindtree and Deloitte, Swapan has led cybersecurity strategy and delivery across geographically and regulatorily complex environments, supporting clients across India, the UK, Denmark, Sweden, Switzerland, and the United States.

Swapan’s technical identity is rooted in translating cybersecurity requirements into executable enterprise programs. His specialization spans cybersecurity strategy and governance, IT risk and program management, and GRC frameworks aligned to NIST, ISO 27001, CIS, and SOC 2. He brings depth in cloud and infrastructure security, identity and access management (IAM), vulnerability management, disaster recovery, data loss prevention, and incident response—implemented across ecosystems including AWS, Salesforce, Snowflake, Tamr, ESRI, Databricks, DocuEdge, Okta, and IBM Identity Management. In public-sector and regulated environments, he has led compliance-aligned security architecture under frameworks such as NIST 800-53 Rev. 5, MARS-E 2.0, IRS Pub. 1075, and HIPAA, building security designs that satisfy rigorous controls without blocking mission delivery.

At Deloitte, Swapan operates as a program leader for multimillion-dollar cybersecurity transformations, advising CISOs/CIOs/CTOs on risk posture, investment decisions, and compliance strategy while leading teams typically ranging from 5 to 20 professionals. His portfolio reflects the defining characteristics of high-stakes public infrastructure security: multi-stakeholder alignment, governance models that clarify roles and metrics, and security controls embedded into delivery pipelines rather than applied at the end.

His work includes security governance development for California’s State Water Project—an infrastructure ecosystem serving 27 million residents—where he led workshops and designed governance operating models across cybersecurity strategy, identity, infrastructure, and cloud. He directed security architecture for the State Water Resources Control Board’s modernization of water rights data, integrating multi-technology cloud environments (Salesforce/ESRI/Databricks/AWS/DocuEdge) and embedding risk-based vulnerability scanning into CI/CD workflows—supporting modernization delivery within stated budget constraints. For California transportation safety initiatives, he established secure development practices via SAST/DAST, ensured compliance with California Department of Technology security guidance, and implemented IAM/SSO patterns balancing accessibility with security.

Swapan has also led security architecture for statewide education and child welfare systems that integrate data across many partner organizations—delivering System Security Plans, incident response and continuity frameworks, and privacy-aligned controls to protect highly sensitive data. In eligibility systems for healthcare, nutrition assistance, and employment programs, he implemented compliance governance and identity security under overlapping regulatory mandates—showing fluency in the real-world complexity of public service delivery. Earlier in his career, he built foundational expertise through enterprise assessments, IAM implementations, SOC2 work, global privacy programs, and integrated control frameworks across ISO/HIPAA/NERC/FERC/PCI—learning to operationalize security across industries and maturity levels.

Backed by certifications including CISSP, CISM, CIPP, PMP, ISO 27001 Lead Auditor, and AWS credentials, Swapan’s profile reflects both technical authority and sustained leadership impact—particularly in protecting vulnerable populations and essential public services.