NOMINATION HIGHLIGHTS

Umesh Kalanke is a globally experienced cybersecurity and ISO Audit leader at ANDRITZ, a leading international technology group of 30,000 employee. In his Global role overseeing ISO audits and compliance, Umesh has consistently delivered measurable improvements in ISMS security maturity across complex, multinational environments.

Why This Nomination Stands Out

This nomination stands out for transforming cybersecurity governance from a compliance-driven activity into a scalable, high-performing, and business-aligned capability. Umesh Kalanke demonstrates a rare combination of deep technical expertise, audit leadership, operational execution, and innovation, delivering outcomes that exceed regulatory expectations while strengthening enterprise resilience.

Achievements & Impact

In 2025, following a strategic mid-year reset, Umesh delivered exceptional results across ISO 27001:2022 certification, ISMS governance, security awareness, risk management, and service ownership. A defining achievement was the design and execution of a globally structured ISO 27001 audit and certification roadmap, supported by quarterly checkpoints and automated tracking through centralized dashboards. This enabled proactive oversight, standardized execution, and consistent evidence management across regions.

All ISO 27001:2022 audits were completed across multiple international regions within the ANDRITZ with 100% accuracy with no major and minor nonconformities, zero business disruption, and within aggressive timelines, including complex recertification and surveillance cycles. External audit preparation time was reduced by 15%, reflecting improved readiness and process maturity—an outcome recognized by senior leadership and independent auditors.

Beyond certification, Umesh significantly strengthened enterprise cybersecurity governance and risk posture. ISMS maturity was elevated through disciplined risk register management, quarterly leadership reviews, Internal Audit, annual gap analyses, and rapid escalation of critical risks. Comprehensive ISO/IEC 27001:2022 maturity assessments and self-evaluations against NIST, CMMC, and NIS2-derived requirements supported business-aligned cyber risk priorities, enhancing organizational resilience and achieving an improved Cyber Risk Rating, validated by KSV 1870 and CyberTrust Austria.

Innovation & Leadership

Innovation was a key differentiator. Umesh streamlined the security awareness and phishing resilience program by establishing a global baseline and defining a scalable improvement roadmap. Executive cyber communication was strengthened through structured reporting cadence and clearly defined escalation SLAs.

Through focus and initiative, centralized, audit-ready reporting and scenario-based exercises were implemented, transforming response from reactive to proactive. Umesh also focused on culture and capability building, forming a specialized audit task force, introducing structured workshops, and establishing regular stakeholder synchronization—reducing escalations by 50% and accelerating audit query resolution.

Personal Achievements – 2025

In 2025, Umesh Kalanke reinforced his professional credibility through advanced certifications, including IRCA 2022 Principal Auditor, NIST Cybersecurity Framework (v2), Recertified Microsoft Cybersecurity Architect Expert, and ISC 2 Risk Management.