Mar 2024 – Jan 2025 · 10 mos · Gurugram, Haryana, India

Jul 2022 – Mar 2024 · 1 yr 8 mos · Gurugram, Haryana, India

• I worked to support various areas within Gartner's GRC team including governance, risk and information security.
• Principle Accountabilities:
• > Administration and compliance of the information security program.
• > Built and deployed effective policies, processes and controls across the enterprise in collaboration with business, IT and other Security professionals.
• > Reviewed and updated policies and procedures according to regulatory requirements.
• > Evaluate and recommend improvements to business practices, processes and controls to identify areas of improvement to enhance efficiency and reduce risks.
• > Worked for planning company audit activities including assistance to external and internal auditors by preparing and collecting evidence from multiple departments for audits and assessments.
• > Ensured that procedures are in compliance with corporate policies.
• > Collaborated with Security Awareness team to work on the policy specific trainings and framework specific awareness to enforce compliance with information security policies, procedures, and regulations.
• > Responded to client questionnaires, surveys and audit requests.
• > Reported the Compliance posture for the organization using Power BI dashboards to highlight the areas of improvement and success..
• > Adherence to project timelines.
• > Other duties as assigned.

Aug 2021 – Jun 2022 · 10 mos · Gurugram, Haryana, India

• Joined IHS Markit, and moved to S&P Global as a part of S&P Global-IHS Markit merger.
• At S&P Global Market Intelligence in Cloud Ops Services and InfoSec team I was responsible for audits (SOC), Info Sec across all S&P's Market Intelligence Software Solutions products.
• I took care of the following :
• > Designed & executed tests of key IT controls (patching, backups, encryption, IP whitelisting, etc)
• > Coordinated evidence collection across multiple teams. Review evidence.
• > Monitored recurring checks (daily, weekly, monthly, quarterly, yearly).
• > Coordinated and facilitated client audits, due diligence, risk assessment requests from product perspective.
• > Maintained awareness of internal controls & audit trends to assure audit process remains effective.
• > Developed reports & dashboards to monitor controls.
• > Worked through new requirement discussions with client & identified short-term workarounds.
• > Coordinated with internal stakeholders such as sales, internal product team, response mgmt., legal & information security to respond to customer requests and create accurate, persuasive and cogent response documents.
• > Ensured the associated teams are timely and accurate in managing the completion of the action items raised during control assessments and audits.
• > Identified & re-mediated potential risks, Improved audit procedures/processes & Reported to organisation's management audit results and observations.
• > Worked closely with technical leads towards building consistent and accurate responses and understanding the product solution and platform from a business and technical perspective.
• > Ensured that responses are accurate, timely and comply with company standards.
• > Tracked to completion action items raised during risk assessments and audits.
• > Conducted a BCP Table-top exercise from scratch with key stakeholders for critical service components.

Sep 2019 – Aug 2021 · 1 yr 11 mos

• I worked towards meeting strategic IT objectives for GBS CIC, India, in alignment with Global Processes & WW CIO initiatives. building strong compliance posture for GBS accounts and driving customer satisfaction through operational excellence.
• I was aligned with BT/IT team in IBM to provide services for GBS CIC India in the following portfolios:
• Regulatory/Statutory reviews: ISO 27001 Standard based Reviews (Client Mandated), Due Diligence - EUMCA review, TISAX audit.
• RFI/RFP support - from CIC India Information Security perspective
• Consultation / Awareness on DS&P controls.
• Audit support / Vendor Security Assessment - Pre-audit review.

May 2018 – Sep 2019 · 1 yr 4 mos

• I worked for the BT/IT Information Risk Management team where I have been involved in ISO 27001 Security Audits for multiple clients.
• Auditing Contract Review Worksheets (CRW's), Security Plans, MSA, DOU's, PCR's.
• Auditing Process Documents: On/off boarding process documents, User ID administration process document, Workplace Security Process Document.
• As a DS&P control activity, preparation of Activity tracker containing Control Implementation Activities and Control Execution Activities.
• Auditing the Risk Log, Management approval on High / Critical Risk action plans.
• Auditing the PI/SPI/BSI inventory and implementation of latest security standards in the organization.
• Auditing On-Boarding and Annual Training PPT's and making resources undergo that training in accordance with DS&P and client or regulatory requirements; Obtaining BCG reports and WST reports for On-Boarding resources.
• Auditing monthly re-concillation of WMML and ACL's.