May 2022 – Feb 2023 · 9 mos · Bengaluru, Karnataka, India

• #Strategic security governance for reducing the internal and external risk landscape of the organization.
• #Drive the Cybersecurity functions on various risk remediation and control optimization plan for the enterprises.
• # Conducted DLP implementation across the enterprises.
• # Leverage various tools & technologies for ensuring a strong organization external security posture management.. Security Scorecard
• # Conducted internal audit across multiple functions.
• # Assist in preparing various security & awareness monthly deck, Security & Awareness Quiz & mandatory security awareness training for the enterprise.
• # Leverage various techniques & technologies to track and monitor the training compliance progress.

Nov 2021 – May 2022 · 6 mos · Remote

• #Conducted enterprises Internal Audit as part of IA Charter.
• #Executed IOT Audit with multiple functions to identify the risk surface due to IOT devices.
• #Performed Critical application audit as part of critical application inventory w.r.t to potential financial & business impact.
• #Facilitated Payroll audit on various payrole application being used across geographies.
• # Prepare Privacy map data footprint in alignment with the corresponding data privacy laws and it's possible privacy impact.
• # Prepared cloud security vision map along with risks and mitigation control.

Jun 2021 – Nov 2021 · 5 mos · India

• Data Security & Data Protection
• Enterprise governance

Sep 2019 – Jun 2021 · 1 yr 9 mos · Noida Area, India

• Performing audit on Third Party software in Wintel,Linux, Network inventory within the PCI Scope standpoint.
• Monitoring EICAR Test on Prod environment. for efficient Antivirus detection capabilities on the production environment.
• Responsible for conducting various audits such as internal Enterprise Compliance audit, Infrastructure audit etc based on Cobit5 framework.
• Performing auditing on the High,medium,Low vulnerability (CVE Scores) of all technical function like Wintel, Network, Linux etc along with mitigation measures and artifacts sharing for closure.
• Auditing the missing Active Host on the PCI Scope Inventory of Wintel,Linux etc
• Preparing the BCP documents along with senior management of the project along with Crisis Management Team.

Jul 2017 – Sep 2019 · 2 yrs 2 mos · Noida Area, India

• Encouraging the staff the essence of Personal Identifiable Information (PII) from GDPR Prospective.
• Knowledge on International data Transfer clause, Privacy shied framework, Adequacy Decision etc.
• Responsible for mapping out Compliance with ISO 270001 standard.
• Assist in the building of training using content from the vendor.
• Gather data related to training completion and follows up on it to ensure full participation.
• Train IT staff and Business users on IT Policies and Processes.
• Follow process to fulfill GDPR and other data privacy request.
• Training and Cascading emails throughout organization on ISMS guidelines.
• Preparing and Drafting Monthly L& D Calendar and share across the business.
• Compliance Process Definition and Designing.
• Process Map creation Personal Data Processing as per GDPR norms.
• Understanding of mandatory documents required for GDPR implementation.
• Understanding on Personal Data protection policy, Personal Data retention policy.
• Understanding of Privacy Notice, Employee Privacy notice Policy.
• Knowledge on fundamentals of PCI SSC, PCI DSS, QSA and SAQ.
• Training and Cascading emails throughout organization on Phishing Attack.
• Assist in the completion of PCI Self-Assessment Questionnaires(SAQ)
• Resolving and Tracking incidents/ service change request assigned to the team.
• Providing support to the project by handling all levels of tickets.
• Provides PCI- DSS Compliance guidance to Business.
• Assist in the completion of DPIA, data privacy inventories and flows

Dec 2015 – Jun 2017 · 1 yr 6 mos · Noida Area, India

• Understanding of DPIA and Data Breach Register.
• Performing Risk Assessment, Risk Analysis and Risk Event.
• Perform Hardware Certification before roll out of new hardware in the Production Environment.
• Encouraging Transparent Internal Data Protection policies, approved and endorsed by the Highest Level of management.
• Following the Best Practices of PCI DSS.
• Informing and Training all people in the Organization on how to implement policies.
• Understanding Importance for redressing poor compliance and data breaches.
• Knowledge on PCI DSS along with it its 12 core security rules.

Nov 2013 – May 2014 · 6 mos · Kolkata

• Knowledge on GDPR Accountability Life Cycle (Prepair,Activity and Maintain)
• Monitoring Compliance of Data from a GDPR Guidelines and regulation.
• Process mapping and Data Privacy Law to be followed and monitored in entire life cycle of data from Source to Destination.
• Processing of Data related to privacy request.
• Understanding of core 6 GDPR accountability Principle as defined in Article 5(2) and Article 33.
• Enhancing the existing Privacy Process (Data Subject Access) in Smart Service Desk (SSD) to include right similar to data access like right of forgotten, Data Portability etc.