ISMS that passes audit — six years running
Designed and operated my previous organization's ISO 27001 ISMS through six consecutive surveillance and recertification audits with zero non-conformities.
Portfolio · Sagar Kamra
Security leadership that holds up under audit.
I'm Sagar Kamra — Information Security Manager and vCISO based in Sydney. For nearly two decades I've helped government-aligned, regulated and mid-market organisations turn dense control frameworks into defensible programs their boards trust and their auditors sign off.
Sydney, Australia sagarkamra@sagarkamra.org 0426 011 675
19+
Years across IT, security & GRC
6
Consecutive ISO 27001 audits · zero non-conformities
ML3
Essential Eight maturity · 5 years sustained
$1M+
Vendor & commercial value delivered
The value I bring
Strategy, governance and delivery — under one accountable specialist.
- 01
Audit-tested outcomes
Six consecutive ISO 27001 audits delivered with zero non-conformities. The program is built to pass — and to keep passing.
- 02
Government-grade fluency
RFFR, ISM, PSPF, IRAP and Essential Eight — translated into practical controls your team can run day to day.
- 03
Commercial impact
Over $1M in vendor and managed-service value delivered through contract renegotiation and scope realignment — without degrading service.
- 04
Executive translator
I bridge boards, engineers and auditors. Decisions get made, risk gets owned, and evidence is always ready.
Selected portfolio
Work I've personally led.
Essential Eight Maturity Level 3
Took a hybrid Microsoft / SaaS environment from baseline to ML3 and sustained it for five consecutive years.
Zero Trust Network Architecture uplift
Delivered a Zero Trust uplift across identity, endpoint, network and applications — aligned to ACSC ISM and modernised authentication.
IRAP success for a client organisation
Advised through IRAP assessment as part of Altivio Consulting — full compliance and a measurably stronger security posture.
RFFR ecosystem governance
Established subcontractor governance and RFFR reporting across 18 partner organisations under a government programme.
Government GRC Tool contribution
Contributed to the Department of Employment and Workplace Relations GRC Tool — translating policy into auditable workflows.
Highlighted skills
Where I'm fluent — and accountable.
Information Security ManagementVirtual CISO / vCISOISO/IEC 27001 Lead Implementer & AuditorACSC Essential Eight (ML3)RFFR / government complianceISM & PSPFIRAP ReadinessZero Trust ArchitectureEnterprise Risk ManagementThird-Party RiskCyber Incident ResponseMicrosoft 365 & Entra IDAzure Cloud SecuritySharePoint GovernanceITIL Service ManagementVendor & Commercial Negotiation
Experience
Nineteen years. Australia, India, the Middle East.
Mar 2025 — Mar 2026
Information Security Manager — vCISO
Previous organization
- Lead dual-role security programs aligned to Australian Government compliance, blending high-level strategy with technical execution.
- Sustained ISO 27001 certification and RFFR accreditation; oversee ISM and PSPF obligations for government clients.
- Guided service partners through a successful IRAP assessment and ATO for a complex multi-cloud ecosystem.
- Architected multi-year roadmaps including transitions to Zero Trust.
May 2020 — Mar 2025
Technology Manager / CISO
Previous organization, Sydney
- Led security-focused modernisation across digital workplace, Azure migration and M365/O365 administration.
- Achieved ASD Essential Eight Maturity Level 3 for five consecutive years.
- Instituted the ISMS framework and cyber strategy enabling ISO 27001:2022 compliance.
- Delivered 30% cost reduction through integrated QMS/ISMS and vendor renegotiation (>$1M benefit).
Sep 2019 — May 2020
Applications & Technology Consultant
Previous organization, Sydney
- Migrated data centres to Azure with security-first configuration baselines.
- Supervised SharePoint 2013 → SharePoint Online migration.
- Facilitated first ISO 27001 certification.
Aug 2015 — Sep 2019
SharePoint Specialist
Wipro Limited, Sydney
- Led a team of 7 through on-premises to Office 365 migration.
- Designed migration architecture from SharePoint 2010/2016 to SharePoint Online.
- Decommissioned a 34-server SharePoint 2010 farm.
2006 — 2015
Project Leader · Module Lead · Software Engineer
Wipro Limited · 3i Infotech
- Delivered Online Policing system for the Republic of India with ASP.NET, WCF and SQL Server.
- Built secure SSO/WCF integrations across Oracle and SQL Server.
- Implemented PKI for finance-grade data security; +20% system efficiency.
Testimonials
What clients say.
"Sagar's depth of knowledge in Australian Government security frameworks and best practices was invaluable. He guided us through the IRAP assessment and helped us implement meaningful security improvements — breaking down complex compliance standards into practical, understandable steps."
Client
ITS Project Manager, a client organisation
"Thanks to his meticulous attention to detail, proactive communication and strategic insights, we achieved IRAP certification with greater confidence in our long-term security capabilities. His expertise in Zero Trust, ISO 27001 and RFFR cemented his value as a trusted partner."
Client
ITS Project Manager, a client organisation
Education
Formal grounding.
MBA, Operations
Symbiosis · 2008–2010
BE, Computer Science
Maharshi Dayanand University · 2002–2006
Certifications
Credentialed, current, audited.
ISO 27001 Lead Auditor
ISO 27001 Lead Implementer
ISO 27001 Internal Auditor
ISO 27001 Risk Manager
ISO 27001 Security Executive
Certified in Cybersecurity (CC)
Info Security Lead Professional
ITIL V3
Microsoft Certified Technology Specialist
Microsoft Certified IT Professional
Work with me
Have a security, compliance or transformation problem worth solving?
I take on a small number of engagements at a time. Let's see if we're a fit.