Feb 2025 – Apr 2025 · 2 mos · Bengaluru · Hybrid

• Performed cybersecurity gap analysis as per NIST CSF v1.1
• Ensured security compliance and facilitated security audits for ISO 27001, ISO 27701, ISO 27017, ISO 22301, CSA STAR, CAIQ, SIG Core, SOC 2 Type II, HITRUST i1 and r2 as per internal Unified Controls Framework (UCF)
• Responded to customers' and potential customers' RFI questionnaire as a part of the Customer Trust process
• Collaborated with Product Security, Application Security, SOC / SIEM and Engineering teams on any information security requirements and challenges

Sep 2022 – Jan 2025 · 2 yrs 4 mos · Bengaluru · Hybrid

• Drafted and reviewed information security policies, standard operating procedures and process documents
• Overseen Data Governance for data discovery, data classification and data mapping
• Performed Information Security Technical Risk Assessments and maintained Risk Register
• Conducted Third Party Risk Assessments (TPRAs)
• Performed Business Impact Analysis (BIAs) and conducted IT - Disaster Recovery (IT/DR) Mock Drills
• Assisted the Data Privacy team for scoping and ensured compliance for Indian employees’ data in adherence with GDPR and DPDPA
• Performed information security due diligence and readiness prior to Company going Public

Dec 2021 – Sep 2022 · 9 mos · Bengaluru, Karnataka, India · Remote

• Understanding technologies used for managing complex business processes and identifying the full range of risks related to processes that may include financial, regulatory compliance,
• operations, and organization policy
• Executing IT audits across all areas of our Finance Operations businesses
• Conducting IT audit related to technologies used in finance, accounts payables, operations,
• account receivables, corporate facilities, and payroll, among others
• Conducting IT audit walkthroughs with highly technical software development engineers and
• business leaders
• Conducting internal IT audits to proactively identify internal control deficiencies, root causes, and recommend improvements
• Executing ITGC testing for Test of Operating Effectiveness and Test of Design
• Performing ITAC testing, and business process reviews
• Establishing Risk and Controls Matrix
• Performing SOX 404 review for IT General Controls
• Preparing audit working papers
• Conducting SOC 1 and SOC 2 - Type I and Type II reviews
• Documenting audit findings with recommendations to remediate them
• Preparing process documentation for internal audit team
• Leading internal IT audit team and providing the required assistance to the team member
• Independently performing and executing audit plans, performing data analytics, preparing
• written findings, and facilitating business responses and following up on action items
• Preparing audit reports that concisely communicate complicated issues and articulate technical issues in business terms
• Supporting in achieving data privacy related compliance requirements for FinOps organization
• Working as a sole contributor and as a teammate

Jun 2021 – Dec 2021 · 6 mos · Bengaluru, Karnataka, India · Remote

• Performed Third-Party Information Security assessments for identified client’s third-party
• vendors
• Negotiated with vendors on contractual requirements through Master Service Agreement (MSA), Service Level Agreements (SLAs), Information Security and Data Privacy Exhibits and Addendums
• Prepared Third Party Risk Management (TPRM) questionnaire based on NIST CSF v1.1
• Reviewed artefacts and documents of third-party vendors based on SOC 2 Type II, SIG
• Core, CAIQ, etc. and populated the responses in the TPRM questionnaire
• Evaluated vendors’ BitSight and Security Scorecard reports and collaborated with vendors to analyze their impact on enterprise’s environment
• Validated Software Bill of Materials (SBOM) for open-source packages comprising of libraries
• and utilities
• Documented findings of the TPRM assessments conducted
• Recommended the correction and preventive action plans for remediating the identified findings
• Monitoring the findings and tracking them for the mitigation
• Acquired adequate knowledge on Supply-chain Levels Software Artifacts (SLSA)

Mar 2021 – Jun 2021 · 3 mos · Bengaluru, Karnataka, India · Remote

• Conducted information risk assessments and prepared risk mitigation strategy
• Facilitated internal and external IT Audits
• Assisted in the implementation of Information Security and Data Privacy controls at account/
• project-leve

Jul 2020 – Feb 2021 · 7 mos · Pune, Maharashtra, India · Remote

• Conducted information risk assessments and prepared risk mitigation strategy
• Facilitated internal and external IT Audits
• Assisted in the implementation of Information Security and Data Privacy controls at account / project level
• Reviewed the client contractual documents such as MSA, SOW, etc.
• Formulated information security policies, standard operating procedures (SOPs) and guidelines
• Prepared, reviewed and updated information security control templates and audit working papers
• Performed Information Security Controls Mapping for ISO 27001, NIST SP 800-53 and SOC 2
• Maintenance of control implementation evidence records for audit purpose
• Participated in implementing and performing unit testing for KPI Management Solution in RSA Archer
• Prepared unit test cases for various access roles as per the access model applicable to KPI Definition and KPI Results application in RSA Archer
• Drafted low-level design and solution user guide documentation for various modules of RSA Archer

Jul 2019 – Jul 2020 · 1 yr · Bengaluru, Karnataka, India · On-site

• Performed IT Components testing for completeness and accuracy of the customized reports
• Participated in process-level and application-level walkthroughs for Access Management and Change Management controls
• Drafted Risk and Controls Matrices (RCM) for Access Management and Change Management processes
• Performed IT Process Gap assessments to come up with the observations. Did mapping of such observations with the IT Risks and communicating its impact to the management
• Defined rules for performing data analytics on change requests raised and tracked through ServiceNow ticketing tool
• Designed and baselined control objectives and control activities for SOC 1 (SSAE 18 / ISAE 3402) and SOC 2 (Trust Services Criteria) reports as well as making clients ready for third party attestation
• Mapped SOC 2 controls and Points of Focus (POF) with COSO principles
• Drafted information security policies, standard operating procedures (SOPs) and guidelines in lieu with SOC 2 requirements
• Carried out cybersecurity maturity assessment for leading IT Services company according to NIST CSF v1.1
• Conducted readiness assessment for ISMS requirements as per ISO 27001:2013 standard
• Liaised with concerned stakeholders for conducting effective and efficient audit walkthroughs to perform controls testing with better understanding
• Provided engagement and administrative support in Risk and Quality, Legal and Business
• Proposal activities

Jan 2019 – Jul 2019 · 6 mos · Pune, Maharashtra, India · On-site

• Facilitated external ISMS - ISO27001:2013, SOC 1 and SOC 2 - Type II, PCI-DSS, HITRUST audits by furnishing the right set of evidences as required
• Assisted in remediation of the observations and non-conformances noted during the audits
• Carried out IT Governance analysis and mapped the information security controls to ISO 27001:2013 control objectives as per the Statement of Applicability (SOA)
• Carried out Risk Assessments for various delivery accounts and updated the risk register in RSA Archer tool
• Carried out the Gap Assessments as a part of Compliance Tracking System (CTS)
• Updated Joiners / Movers / Leavers (JML) tracker and carried out periodic User Access Review
• Prepared Separation of Duties (SoD) matrix as per the roles and responsibilities of the associates
• Responded to the RFP and RFI for Security Requirements / Questionnaire / Addendum
• Conducted Physical Spot checks and Walkthroughs of the delivery accounts
• Conducted Information Security Awareness Sessions and updating SAQ for the employees
• Reviewed the work carried out by the subordinate team members for effective oversight

Jul 2018 – Jan 2019 · 6 mos · Pune, Maharashtra, India · On-site

• Performed IT Genral Controls (ITGC) and Business Process IT Application Controls (ITAC) testing of IT environments across the platforms for BFSI / NBFC and Manufacturing industry clients
• Performed Test of Design and Implementation (D&I) and Test of Operating Effectiveness (TOE) for SOC 1 and SOC 2 reports based on SSAE 18 / ISAE 3402 standards and Trust Services Criteria respectively
• Carried out application walkthroughs, prepared audit scopes, reported findings to clients and provided recommendations for remediating the exceptions noted during the testing
• Performed ERP (SAP / Oracle) security reviews for client engagements
• Good knowledge on Sarbanes Oxley (SOX) Act - Section 404 for internal controls testing for financial reporting
• Documented audit testing procedures and generated reports for senior management of clients showing observations having financial impacts
• Performed Third Party Risk Management (TPRM) / Vendor Risk Assessments (VRA) for various vendors of conglomerate clients
• Provided engagement support and administrative support to on-shore teams

Apr 2018 – Jun 2018 · 2 mos · Mumbai, Maharashtra, India

• Served as an Information Security Consultant in 2nd Line of Defense (LOD)
• Assisted in setting up the Internal Security Architecture and Control Framework
• Reviewed Information Security Policies, Standard Operating Procedures (SOPs) and Guidelines
• Carried out Risk and Control Self-Assessment (RCSA) and implemented information security controls using NIST Cyber Security Framework (CSF) v1.1
• Performed Information Security reviews of IT Infrastructure using COBIT 5 governance framework and ISO 27001:2013 standard
• Data Protection Officer (DPO) and Data Privacy support with respect to GDPR Act and Data Privacy
• Performed Third Party Risk Assessments
• Handled Operational Resilience activities of group entities with effective Business Continuity Management System (BCMS) in place as per ISO 22301:2012 standard

Jan 2018 – Mar 2018 · 2 mos · Mumbai, Maharashtra, India

• Academic Part of PGP-ITBM course from SCIT, Pune
• Carried out Risk and Control Self-Assessment (RCSA)
• Carried out Business Impact Analysis (BIA)
• Prepared Call Tree Report
• Implemented Center for Internet Security (CIS) 20 Critical Security Controls (CSCs) framework for group entities and mapped it with NIST Function and Unique Category Identifiers

Oct 2016 – Jun 2017 · 8 mos · On-site

• Identified and discussed Critical Change Requests with Client
• Documented Software Requirements Specifications, High-Level Design documents
• Performed Sanity Testing, System Integration Testing and Regression Testing

Feb 2015 – Sep 2016 · 1 yr 7 mos · On-site

• Developed Windows Application using .NET Technology in SCRUM Methodology
• Merging activity by creating MSI and Deployment activity on IIS
• Production Support

Oct 2014 – Jan 2015 · 3 mos · On-site

• Successfully completed Foundation Training Program (FTP) with 72.00%
• Attended Generic Training in Operating Systems, Object Oriented Programming Languages, RDBMS, HTML, CSS, Software Engineering
• Attended Stream tream Training in Microsoft .NET Technology, C#