Gartner Expert

Khushbu Pratap

Director Analyst

Khushbu Pratap leads Gartner's IT risk, audit and cybersecurity risk management research. She also mentors C-suite executives in designing fit-to-purpose three lines of defense models. Ms. Pratap's focus and interest are in organizations' cybersecurity challenges, risk-based security compliance initiatives, security audits in the cloud and third-party security assessments. She advises senior management and board members on cybersecurity risk management.

Previous experience

Prior to joining Gartner, Ms. Pratap led the governance, risk and compliance division at a boutique consulting firm called Network Intelligence (India) (also called NII Consulting), managing and servicing key customers. Her experience at NII covered risk assessments, IT assurance, IT service management (ISO 20000), Information Technology Infrastructure Library (ITIL), security and IT audits, business continuity management (BS 25999 and other guidelines), information security management systems (ISO 27000 series), Payment Card Industry Data Security Standard (PCI DSS), COBIT, COSO, and IT governance. Key accounts she worked with included Bahrain Telecommunications, Amdocs Managed Services, World Customs Organization, Capgemini India, Atos Origin, m-Check Payment Solutions, ICICI Prudential and HSBC Mutual Funds.

Professional background

NII Consulting

Practice Lead, Governance, Risk and Compliance Division

Areas of coverage

Security and Risk Management Leaders

Technology, Information and Resilience Risk

Executive Leadership: Strategic Cost Optimization

Education

M.S., Information Technology, Mumbai University

B.S., Information Technology, Mumbai University

Certified Information Systems Auditor (CISA)

Certified Business Continuity Management Systems Lead Auditor (BS 25999 LA)

Certified Information Security Management System Lead Implementer (ISO 27001 LI)

Read More Read Less

Top Issues That I Help Clients Address

1Setting up IT risk management functions - people, process, and technology

2Quantifying Cyber Risk

3Navigating roles, accountability, outcomes in risk management

4Scoping risk assessments and continuous monitoring

5Adapting and automating risk operations to digital environments