Neha Garg

Security Engineer

Gurugram, Haryana, India12 yrs 3 mos experience

Highly Stable

Key Highlights

Expert in Supplier Risk Management and Cybersecurity.
Proven track record in automating risk assessment processes.
Strong experience in managing third-party risk for financial institutions.

Stackforce AI infers this person is a Cybersecurity and Risk Management expert in the SaaS industry.

Contact

Skills

Core Skills

Risk ManagementCybersecurity

Other Skills

Application Security AssessmentsAuditingControl AssessmentControl TestingCore Java DevelopmentData PrivacyGRCGRC Tool AutomationGeneral Data Protection Regulation (GDPR)Governance Risk & ManagementGroup Access ManagementISO 27001Internal AuditsIssue ManagementKPI Implementation

Experience

Gartner

Senior Security Engineer

May 2022 – Present · 3 yrs 10 mos · Gurugram, Haryana, India

Researched and developed requirement for a Supplier Risk Management Tool based on the
Gartner’s Vendor Landscape comprising of 1000+ suppliers across the organization.
Leading the configuration and testing of the Supplier Risk Management process workflow in
OneTrust.
Conducted thorough evaluations of 300+ suppliers by utilizing SIG and CAIQ questionnaires,
providing valuable insights and recommendations to business stakeholders.
Fostered strategic partnerships with key stakeholders in ProcureToPay (Procurement),
SourceToContract (Contracting), Legal, and Compliance departments to facilitate collaboration
and alignment in supplier management initiatives.
Designed a framework for contract review based on the type of data access by the supplier.
Reviewed 100+ supplier contracts from InfoSec perspective.
Serving as a SME on the Governance Risk & Management GRM team for enhancing various
processes such as client questionnaires, vendor vulnerability follow-up resulting in improved user
experience and operational efficiency.
Review and maintenance of various KPI and KRI as a part of 2nd LOD Governance.
Defending various internal and external audits (ISO27001)

Supplier Risk ManagementOneTrustKPI and KRI ManagementISO 27001Governance Risk & ManagementRisk Management+1

Accenture

Information Technology Security Specialist

May 2021 – May 2022 · 1 yr · Gurugram, Haryana, India

Third Party Risk Management: Handling Third Party Risk Assessments for a US based bank. Tracking and Monitoring of security gaps identified during the assessment process and suggesting appropriate compensating control for a robust organizational security posture.
Control Testing: Responsible for performing multi-phase control testing for entire infrastructure along with applications of a US Based Bank. During testing, performed the review and test of implemented controls and their effectiveness from both perspective of Line of defenses (1st & 2nd LOD).
Technology Security Assessment (TSA): Responsible for performing Technology Security Assessment for Australia based client. This includes reviewing the high-level design, network, and architecture diagrams, etc. and provide the findings as part of the TSA process.

Third Party Risk ManagementControl TestingTechnology Security AssessmentCybersecurityRisk Management

Ncr corporation

3 roles

Information Security Engineer

Promoted

May 2018 – May 2021 · 3 yrs

Third-Party Supplier Risk Management: Conducting vendor risk assessments and tracking and monitoring risk associated with a variety of vendors providing services to NCR using customized questionnaires as well as SIG. Automated the assessment process to improve the yearly target from 200 to 450 with the help of a GRC tool, Prevalent. Categorization and tiering of ~8k suppliers for effective Vendor Risk Management Program.
ServiceNow development for GRC: Created various in-house solutions in SNOW and acting as BA for development efforts in various modules like Issue Management, Application Testing, Audit Controls, Threat Modeling, FairChild, SecOps Module (Incident Response & Vulnerability Response).
Developed and designed strategy for Risk Framework: Reporting of organization's security posture by Tracking and Monitoring Risks as per the Risk Appetite.
Risk Management: Analyzing risks using FAIR Methodology and reporting of organization's security posture by tracking and monitoring Risks as per the Risk Appetite.
Internal Risk Assessments and Threat Modeling: Conducting Risk assessments for different entities like data centers and processes. Conducting Threat Modeling for application using STRIDE and DREAD methodologies.
Privacy Impact Assessment: Conducting Privacy Assessment for applications falling under GDPR scope using an automated tool, OneTrust.
Hands on Experience in Tableau reporting integrated with ServiceNow GRC giving enhanced visibility of organization's security posture to Senior Management in better decision making process.

Vendor Risk AssessmentsGRC Tool AutomationRisk Framework DevelopmentPrivacy Impact AssessmentRisk ManagementCybersecurity

IT Analyst

Promoted

Aug 2016 – Apr 2018 · 1 yr 8 mos

Worked on development of Group Access Management for ServiceNow.
Worked on UI policies, Script Includes, Client Script, Business Rules, Notifications, and Workflows.
Established the Monitoring of Windows Server and defining Rules in System Center Operations Management.

ServiceNow DevelopmentGroup Access Management