May 2022 – Sep 2024 · 2 yrs 4 mos · United Arab Emirates · On-site

Jul 2021 – Feb 2022 · 7 mos · Bahrain

• IT audits, Information security and GRC advisory, ISO 27001 Advisory, ISMS implementation, IT General controls Audit, IT Application controls Audits & advisory

Aug 2019 – Jun 2021 · 1 yr 10 mos · Bahrain

• Define Internal controls (IT GRC) , Identify process improvements, Define Governance Risk and Compliance process, Ensure information security compliance, Facilitate risk assessments, Ensure and maintain Complaince to standards and frameworks like like ISO 9001, ISO 27001, ISO 20000, CMMI, ITIL and COBIT, Conduct IT audits and Information security audits, Corrective action planning and tracking for audit issues, Policy development for IT and Information security, Data Privacy Impact Analysis, Information security awareness sessions, Risk and Control self assessment, ERM level risk management.

Aug 2018 – Jul 2019 · 11 mos · Abudhabi

• Define Internal controls (IT GRC) , Identify process improvements, Define Governance Risk and Compliance process, Ensure information security compliance, Facilitate risk assessments, Ensure and maintain Complaince to standards and frameworks like like ISO 9001, ISO 27001, ISO 20000, CMMI, ITIL and COBIT, Conduct IT audits and Information security audits, Corrective action planning and tracking for audit issues, Policy development for IT and Information security.

Jul 2017 – Aug 2018 · 1 yr 1 mo · Bengaluru Area, India

• Consulting for ISO 27001, ISO 9001 and CMMI end to end implementation and certification
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Conduct Information security based Risk assessment based on SABSA and ISO 27001
• Performing Application security, Network security and Vendor security risk assessment
• Consult for process improvements based on ISO 27001, ISO 9001 and CMMI
• Facilitate Management reviews
• Define QMS and ISMS process for clients
• Selection of employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.

May 2015 – Apr 2017 · 1 yr 11 mos · Bengaluru Area, India

• Risk identification and facilitate team on Risk management
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Selection of employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.
• Created company policies and procedures governing corporate security, email and Internet usage, access control, and incident response
• Conducting Information security risk assessments and managing resolutions for information security incidents
• As is study of existing process and suggests process improvements
• Facilitate, Consult and assist Software projects on Productivity improvements, metrics definition, Metrics planning and Metrics Analysis
• Conduct Process related trainings to Project Managers, Project Leads and Team Members
• Review of ITSM process and consult for process improvements based on ITIL
• Defect analysis and publishing dashboards to Senior Management

May 2014 – May 2015 · 1 yr · Dubai

• Process related Facilitations and conducting audits based on CMMI DEV L5, ISO 9001, ISO 27001, ITIL and DP world QMS standards
• Ensuring adherence to GRC processes
• Facilitate and assist Software projects on metrics goal setting, reviewing metrics plan and Analyzing metrics
• Risk identification during audits and facilitate team on Risk management
• Conduct Process related trainings to Project Managers, Project Leads and Team Members
• Selection of employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.
• Created company policies and procedures governing corporate security, email and Internet usage, access control, and incident response
• Conducting cyber security assessments and managing resolutions for cyber security issues

Jan 2013 – May 2014 · 1 yr 4 mos · Chennai Area, India

• Process related Facilitations and conducting audits based on ISO 27001, CMMI SVC, CMMI DEV, ISO 9001, ITIL, AGILE and L&T QMS standards
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Created company policies and procedures governing corporate security, email and Internet usage, access control, and incident response
• Selection of employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.
• Conducting cyber security assessments and managing resolutions for cyber security issues
• Implementing CMMI level 5 for major account major accounts in Energy & Process BU which has successfully appraised during May 2013
• Conduct Process and Information security related trainings to Project Managers, Project Leads and Team Members

Dec 2011 – Dec 2012 · 1 yr · Chennai Area, India

• Define process based on ISO27001, CMMI and ISO 9001 standards
• Identify process improvements
• Facilitate and train teams on Quality models like CMMI and ISO
• Facilitate teams for process implementation
• Train teams for implementing CMMI and ISO based process
• Conduct process audits
• Drive Software engineering process group
• Cordinate with external assessor and auditors for external assesments and audits
• Monitor the process implementation
• Conduct and coordinate Process and Quality related meetings involving senior management

May 2011 – Dec 2011 · 7 mos

• Managing Audits & Information security risk Assessments for Chennai Centre
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Risk identification through audits and Process analysis
• Conducting Information security assessments and Business Continuity audits
• Identification of process improvements
• Improving audit effectiveness of the delivery center
• Conducting process trainings
• Conducting pre-assessment audits prior to external assessments
• Conducting Audits based on CMMI level 5, ISO 20000. ITIL and ISO 27000 standards

Jun 2008 – Apr 2011 · 2 yrs 10 mos · On-site

• Process related Facilitations and conducting audits based on CMMI, ISO 27001, ISO 9001, ITIL and Cognizant QSM standards
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Conducting cyber security assessments and managing resolutions for cyber security issues
• Implementing CMMI level 5 for major account (Team size of 450) in Insurance domain which has successfully appraised during Nov 2010
• Created company policies and procedures governing corporate security, email and Internet usage, access control, and incident response
• Building process performance models for development and maintenance projects
• Facilitate projects on project specific process tailoring, risk management, Project management tools and estimation models
• Facilitating and coordinating Project Management reviews involving senior management for all projects
• Preparing and sharing BU level status report to senior management on process performance and risks
• Involving in Organizational and Account level initiatives like Metrics trend analysis, Best practice mailers, Blogs on estimation and COQ etc.
• Conducting Various Process related trainings to Project Manager, Project lead and Team members

Nov 2006 – Jun 2008 · 1 yr 7 mos

• Implementation of Quality Management System as per ISO 9001:2000/CMMI models and ISO 27001
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• A periodic review of the QMS and Information Security Management system to ensure that it is consistent with changing needs of the organization
• Conducting Information security risk assessments
• Plan, organize, schedule and conduct Internal Quality Audits and Information security audits
• Drive and Implement CMMI 1.2 processes
• CMMI Dev based gap analysis and developing procedure as per CMMI model
• Defining, Monitoring and Analyzing process metrics

Nov 2005 – Nov 2006 · 1 yr

• Consulting in Implementation of ISO 9001:2000 and ISO 27001 in all types Industries, Manufacturing In, Processing and Service Industry.
• Ensuring adherence to GRC processes
• Review of compliance to SOC 2 requirements for customers and Vendors
• Handling awareness Training Program on ISO 9001:2000 and ISO 27001
• Conducting Internal Audit & Training For Internal Auditors
• Identifying & Implementing Continual Improvement Projects
• Preparing Quality System Manual & Quality System Procedures
• Preparing Work Instructions, Control Plan and Standard Operating Procedures
• Defining Process Metrics for Identified Process within Quality Management System