Sep 2023 – Present · 2 yrs 6 mos · India

Aug 2023 – Present · 2 yrs 7 mos · United States · Remote

Sep 2020 – Aug 2021 · 11 mos · Gurugram, Haryana, India

• Plan, execute and report all IT and cyber security related audit activities for OakNorth Bank plc
• Provide independent assurance to senior management that the bank’s IT infrastructure is fit for purpose to allow the bank to safely deliver best-in-class services to all its customers
• Ensure best practice and frameworks are followed to adhere to various audit guidelines and standards
• Manage IT related audit activities for the OakNorth Bank plc
• Document audit fieldwork, findings and prepare audit reports
• Review audit evidences and track closure of management actions
• Report on audit activity to senior management
• Supports IA team and colleagues on subject matter whilst keeping in mind team goals, not only individual targets
• Deliver internal and external certification audits
• Execute ITGC, network, cyber and cloud security audits
• Conduct internal audits to provide information whether the firm’s Information Security Management ----System conforms to the Internationally recognized Standards
• Deliver audits to evaluate the evolving cybersecurity automation ecosystem (“best-in-breed”)
• Perform cloud security assessments for AWS / Azure cloud platforms and other cloud-based solutions
• Carry out technical security reviews of firewall configurations, DLP, IAM, IPS / IDS and other critical applications
• Audit the continuously improving IT infrastructure model with newly emerging and flexible work solutions, post Covid-19
• Continuously assess and report, how well the Bank assesses internal and external threats including email attacks and vulnerabilities, as well as the fitness for purpose and effectiveness of its strategic and tactical responses
• Challenge incident, disaster response and business continuity plans and review the test reports, outcomes to verify backup / restore set-ups and RPO / RTO levels

Apr 2018 – Sep 2020 · 2 yrs 5 mos · Gurgaon, India

• Formulation and successful deployment of Cyber Incident management procedures for Global Emergency Response Team (McKinsey & Company)
• Worked with different internal IT security teams as well as external security vendors as collaborator to reduce the IT Risk levels within organization
• Creation and successful deployment of strategy and procedures for ZERO Day attacks/ vulnerability with organization
• Established ITIL framework (Incident Management, Problem Management etc.) in newly crafted Advance Security Operation Centre
• Analyzed all major risk in AWS cloud infrastructure and collaborated with other security teams to create an effective and fast monitoring and incident response procedure
• Created Incident Response Plan and trained security analyst for major cyber incident
• As a key team player, handled all high/critical cyber security incident/breaches successfully

Apr 2017 – Apr 2018 · 1 yr · Gurgaon, India · On-site

• IT Compliance :: Mapping and implementation of controls for GDPR, PCI DSS , Naspers Data Agreements, Cyber Insurance
• IT Infra Security :: Security Assessment & Control Implementation in AWS EC2, Dockers, Openshift, DBs( RDS, Cassandra, SQL), Security Assessment for end to end AWS Cloud Infra
• Application Security:: Security Assessment and Code review for internal and external Applications, APIs and AI codes
• Firewall :: Security assessment and rules audit for Akamai, AWS WAF, Site Shield, Endpoint Security etc
• Security Monitoring :: Analyzing security alerts and DDoS alerts by seeing logs and managing it through logs management & alert tool like New Relic, Cloudchekr, PagerDuty, Seqrite EndPoints alerts
• Automation :: Security Automation implementation using CI/CD

Aug 2015 – Apr 2017 · 1 yr 8 mos · New Delhi Area, India

• Compliance Implementation & Audit:
• End-to-end internal audit & management of compliance for following standards:
• SOC2, WebTrust CA, ETSI CA, Privacy, PCI DSS, Client Audit
• IT Security Advisory & Management :
• AWS Cloud: Security Implementation Guidance for AWS, Internal Technical Audit and Security Management of SKUID (Identity and Access Management Service based on cloud)
• PKI:
• Security Implementation Guidance, Internal Audit and Advisory for PKI infrastructure for Global Certifying Authority

Apr 2014 – Aug 2015 · 1 yr 4 mos · Gurgaon, India

• Technical Audits
• Performed Web Application Penetration Testing for cloud & non-cloud based application
• Acted as an end to end Auditor for Secure Software Development Life Cycle Process
• Completed Risk Assessments for the critical and cloud based application
• Performed Network Penetration Testing (Black Box, Gray Box)
• ISMS 27001:2013 Implementation
• Drafted ISMS 27001:2013 Policies and Transition Plans for the clients

Jun 2013 – Apr 2014 · 10 mos · Mumbai Area, India · On-site

• Process Audits:
• Conducted ITGC Audits for MNC clients
• Performed COBIT Control Testing
• Process benchmarking according to ITIL Process Assessment Framework
• IT Advisory:
• Provided IT Security Advisory & Approvals to CCB (Change Control Board) of MNC
• Technical Audits
• Performed Vulnerability Assessment & Penetration Testing (Black Box, Gray Box)
• Conducted Web-application Vulnerability Assessment
• Reviewed Hardening of servers, workstation & network devices as per best practice checklist
• Reviewed Network Architecture for MNC clients
• Developed Information Security Road Map