MS Office
Years of work experience in Information & Cyber Security
AKSHAY KHANOLKAR
Information Security & Cyber Security Professional
Mumbai,MH
Summary
- Information Security professional - 7 years of work experience in Consultancy, Manufacturing, Insurance and Banking, Financial Services, and Insurance (BFSI) industries in various fast-paced roles.
- Good experience on enabling organizations in designing, implementing, and sustaining Cyber Security and Information Security Programs on aspect of ISO27001:2013 (ISMS), certification.
- Understanding of Security frameworks such as NIST, ISO 27001, CIS guidelines, HIPAA/HITRUST, GDPR, and SOC 1,2 & 3.
- Highly experienced in industry-known tools such as ServiceNow GRC and VRM, Human Firewall Phishing Simulation tool, ManageEngine, BMC Remedy ITSM and Onetrust compliance management tool.
- Risk assessment and treatment, Privacy assessment, Internal audits as well as assisting in External audit.
- Certified ISMS - ISO 27001:2013 Lead Auditor
Overview
7
7
Work History
Senior Information Security Analyst
Willis Towers Watson
Mumbai, Maharashtra
07.2021 - Current
- Leading and coordinating the completion of Third-party assessment requests against WTW best practice and global standards and controls.
- Utilizing the different tools and resources to complete the Third-Party due diligence process.
- Participate in Third Party contract reviews providing inputs tor negotiating Information security clauses.
- Agrees scheduled checkpoints with the Third Party and WTW Service Owner on evidencing remediation's and maintaining central repository, these are tracked through to closure.
- Scheduling periodical re-assessment in line with standards and controls.
- Providing comprehensive reporting across operational and security KPIs where Third party related and identifying gaps, risks and therefore mitigating actions and raise appropriate escalations for decision with Head ICS Supplier Assurance.
- Provide key information to leadership as input for prioritizing the future strategy for the organization.
- Proposing operational improvements and services.
- Providing risk-based assurance advice on all information security issues.
Information Security Consultant
ACQUISORY RISK CONSULTING PVT LTD
MUMBAI, MAHARASHTRA
06.2018 - 07.2021
- Conducted security audits to identify vulnerabilities.
- Implementation and maintenance of the Information Security Management System based on the ISO/IEC 27001 & 27002 standards, including assistance for obtaining certification against ISO/IEC 27001.
- Performed on-site & remote vendor assessment which includes process walkthrough and controls testing.
- End-to-end assessment of vendor's Information security policies and procedures covering domains such as information security, business continuity, disaster recovery & access controls.
- Gap Analysis and Periodic testing of Design and operating effectiveness of key controls mapped to high & very high risk.
- Provides oversight and document the results of exercises to identify necessary enhancements to the Business Continuity plans and procedures.
- Preparation and implementation of Information Security Framework, Policies, Procedures & Guidelines.
- Co-ordinate with departments and manage projects for the implementation of Information Security Management System.
- Manage suitable information security awareness and trainings for the end users.
- Manage information security risk assessments and controls selection activities.
- Manage internal audits and the closure of audit findings.
- Provide schedule estimates to the stakeholders.
- Assistance to the auditees and auditor during the external audits to conduct in-depth information security audits and presenting reports to senior management.
- Maintain strong client focus by building strong relationships with clients, scheduling, and conducting key client meetings.
- Coordinate and participate in management review meetings with Apex Committee, CISO, CRO and respective stakeholders on an ongoing basis.
Information Security Analyst
MAHINDRA SPECIAL SERVICES GROUP
MUMBAI, MAHARASHTRA
04.2016 - 05.2018
- Framing Information Security Policies, Procedures & Guidelines.
- Information asset classification and threat/ vulnerability profiling for identified assets.
- Third Party Risk Assessment of Leading IT, Manufacturing and Banking Sectors.
- End to end Implementation of ISO/IEC 27001:2013 across the organization.
- Developing risk assessment framework based on clients risk profile.
- Conducting internal audits of various business functions viz. Manufacturing Plants, Data Centers, R&D Centers, Business Units, Sales offices.
- Gap Assessment, Risk Assessment and Risk Treatment
- Designing and executing Information Security awareness training and educational activities.
- Assist in maintaining information security awareness training and education program that includes processes, tools, and technologies that help to reduce the risk to the information assets.
- Maintain strong client focus by building strong relationships with clients, scheduling and conducting key client meetings.
- Provide assistance to the auditees and auditor during the external audits.
- Back office work including data collection and consolidation of implementation and audit activities.
- Adhere to the timelines as assigned.
- Ensure timely reporting and maintain project discipline
Education
SSC - HIGH SCHOOL
I.C.L HIGH SCHOOL
NAVI MUMBAI 03.2007 - 03.2008
H.S.C - SCIENCE IT
TILAK JUNIOR COLLEGE
MAHARASHTRA BOARDS 02.2009 - 02.2010
Bachelor of Science - Information Technology
I.C.L E,S.M.J COLLEGE
Mumbai University 02.2010 - 10.2015
Skills
ISMS Audit & Compliance
Software
Citrix
VeraCrypt
Human firewall email remediator
OneTrust
Service Now
BMC Remedy ITSM
Timeline
Senior Information Security Analyst
Willis Towers Watson
07.2021 - Current
Information Security Consultant
ACQUISORY RISK CONSULTING PVT LTD
06.2018 - 07.2021
Information Security Analyst
MAHINDRA SPECIAL SERVICES GROUP
04.2016 - 05.2018
Bachelor of Science - Information Technology
I.C.L E,S.M.J COLLEGE
02.2010 - 10.2015
H.S.C - SCIENCE IT
TILAK JUNIOR COLLEGE
02.2009 - 02.2010
SSC - HIGH SCHOOL
I.C.L HIGH SCHOOL
03.2007 - 03.2008