Nitai Mandhyan

Managing Director & Deputy Practice Leader
Nitai Mandhyan is a Managing Director and Deputy Practice Leader within Aon’s Cyber Solutions Security Advisory practice to which he brings over fifteen years of experience as a leader in cyber security strategy, security operations, privacy and security assessments. Mr. Mandhyan helps companies mature their cyber security programs by conducting holistic assessments of enterprise cybersecurity, as well as targeted assessments of application security, vulnerability management, cyber governance, cloud security, security architecture, industrial controls security, SDLC, HIPAA, PCI and other aspects of a company’s cybersecurity. Mr. Mandhyan has deep expertise in applicable cyber security standards, including the NIST Cybersecurity Framework, ISO 27001, NIST 800-53, SANS Top 20, the New York DFS Cybersecurity Regulation, CCPA, OWASP OpenSAMM, COBIT and others. He has led large assessments for leading companies in the technology, health care, oil and gas, e-commerce, insurance, media and entertainment, and retail sectors. Mr. Mandhyan has pioneered methodologies for making assessment output and remediation recommendations more prioritized and consumable for clients. He has also successfully partnered with many companies in implementing remediation recommendations, assisting with vendor selection, product benchmarking, creating policy and configuration documentation for newly acquired platforms and overseeing implementation support. Mr. Mandhyan is an expert in leading large, cross-functional teams that conduct these assessment and post-assessment projects. Prior to joining Aon, Mr. Mandhyan was employed with multinational investment bank and financial services company in New York, where he was an Application Security analyst within the company’s Global Information Security team. In this role, Mr. Mandhyan dealt with the information security and privacy challenges of a global financial organization and provided technical expertise in the areas of application security, security architecture & operations. During his tenure at the investment bank, Mr. Mandhyan also worked as a Network Engineer and as an Incident, Problem, & Change Manager for major incidents and service outages. Mr. Mandhyan earned a Masters in Information Technology from Rensselaer Polytechnic Institute and a Bachelor’s degree in Computer Science from University of Pune, India. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and he holds the GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Certified Forensic Examiner (GCFE), GIAC Network Forensic Analyst (GNFA), GIAC Windows Security Administrator (GCWN) Certifications and SABSA Chartered Security Architect – Foundation Certificate (SCF).