Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Generic
Alka Pandey

Alka Pandey

Security Manager
Bangalore

Summary

Transformation Excellence Security Manager at Accenture Strategy and Consulting with 10 years of experience in IT & Information Security across various industry sectors including BFSI, Pharmaceutical, Automobile & Manufacturing, Oil & Energy, FMCG, and ITIS. Previous roles at Accenture TS&A, PwC India, KPMG India, RSAB IT India, and Cognizant Technology. Specialized in Information Security through PGP-ITBM at Symbiosis Centre for Information Technology (SCIT), Pune, complemented by a B.E in EC from Rajasthan Technological University (RTU).

Overview

10
10
years of professional experience
4033
4033
years of post-secondary education
5
5
Certifications
2
2
Languages

Work History

Transformation Excellence Manager

Accenture Solutions Pvt Ltd
Bengaluru
10.2021 - Current
  • Company Overview: Technology Strategy Security Advisory and Consulting
  • 2 Long term projects for BFSI and H&PS clients in GRC: Led the SOX Programme, providing robust program governance for the client's with IAM Control expertise and Security Gap assessment. Managed a team of 11+ members, senior stakeholders, and the Steer Committee. Oversaw multiple dimensions of the program, creating SOX control framework,Conducted testing of Design and Operating effectiveness, Enabled Client for external audit,Application security assessment, Process enhancement for detective controls, and acted as a security SME.
  • GCP SOX Project Lead: Led a team of 10 for three key workstreams of the GCP and Azure SOX Project. Handled program governance, technical planning, RAIDs management, senior stakeholder relationships, and final delivery of milestones. Conducted diagnostics of the GCP platform for SOX readiness and implemented remediation activities.
  • Multi-Cloud SOX Assessment Project Lead: Designed and drafted a multi-cloud assessment framework, performed gap analysis on various control areas, and reported final control and recommendations for continuous improvement to senior stakeholders.
  • RBAC Implementation for GCP CLOUD in Multinational Telecommunication Client: Managed all BT stakeholders and Accenture counterparts, ensuring successful inputs and sign offs without escalations. Worked on process and governance documentation, scope, approach, and business use case scenarios.
  • Global Strategy and Consulting

Cyber Security Consultant

PWC India
Bengaluru
11.2019 - 10.2021
  • IT Risk Assessment and GRC Project: Demonstrated dedication, creativity, and resourcefulness as an international consultant for Aon. Designed and drafted an IaaS department risk assessment framework, performed gap analysis on various control areas such as asset management, change management, access management, infrastructure monitoring, IT operations, BCP DR, vulnerability management, and incident management. Up skilled in Power Automate and SharePoint to automate the functionality of the Common Control Framework. Collaborated with Aon team members to provide structured presentations for the Cyber Uplift Project to senior stakeholders and management. Successfully completed and submitted all deliverables before deadlines, receiving approval and appreciation from client SMEs.
  • Vendor Risk Assessment Project: Engaged in vendor risk assessment for a leading organization, focusing on TPRM to perform risk assessments and identify risks related to improper control implementation. Assessed controls around change management, access management, infrastructure monitoring, problem, and incident management. Worked with clients in BFSI, retail, and ITeS domains.
  • GDPR Project: Participated in a data privacy engagement for a leading organization. Responsibilities included storing, capturing, and processing customer personal data, conducting data discovery through stakeholder discussions and process walk throughs, and executing data protection impact assessments.
  • Ensured regulatory compliance by conducting thorough audits of information systems and security controls.

Senior Consultant

KPMG India
Mumbai
06.2018 - 10.2019
  • IT Attestation Project: Participated in an IT Attestation engagement (ISAE 3402 and SSAE16 Type-2) for a leading Business Process Outsourcing organization. Reviewed and tested IT General Controls covering areas such as Physical Security, Logical Access, Backup Procedures, and Change Management for the Internal Audit department of a leading Technology Sector organization. Evaluated the operating effectiveness for business functions such as HR, IT, Finance, and Resource Management. Drafted exception-based reporting based on standard controls.
  • IT External Audit: Contributed to an IT External Audit engagement at one of India’s leading banks. Responsibilities included performing design and operating effectiveness tests for IT General Controls related to Access to Program and Data, Program Changes, and Computer Operations across major applications of the bank. Identified value additions and improvement opportunities, conducted interviews with process owners, prepared work papers, and provided recommendations to address identified control deficiencies.
  • SOX Control Testing: Engaged in a SOX advisory project for a leading manufacturing sector client. Reviewed and updated the existing IT Risk Control Matrix, performed process walk throughs, identified gaps, and reviewed the design effectiveness of IT General Controls including change management, incident management, user authorizations, and SoD checks. Documented testing methodology, results, and observations, and recommended additional procedures for risk mitigation.
  • IT Risk Assessment and Third-Party Access Review: Conducted a comprehensive review of controls over processes related to Technology Infrastructure Support, Application Development, and Maintenance services provided from various delivery centers. Reviewed Logical Access Controls, identified critical risk areas, control weaknesses in in-scope applications, and recommended corrective actions from a security perspective. Reviewed and tested input, processing, and output controls for in-scope applications and reviewed system access rights of maintained personnel.
  • Data Classification and DLP Implementation: Assisted a leading life insurance organization in implementing an effective data security strategy. Conducted data discovery through stakeholder discussions and process walk throughs. Prepared data flow diagrams, data flow analysis, information asset register, and data classification policy. Implemented and configured DLP/IRM controls.
  • Presented findings and recommendations to executive-level stakeholders, effectively communicating key insights and action plans.

Incident Manager

RSAB IT INDIA Pvt Ltd.
Bengaluru
01.2017 - 05.2017
  • Worked with Internal audit team for IT Activities and vulnerabilities identification and mitigating controls by using SIEM Tool (SPLUNK Language)
  • Demonstrated experience facilitating workshops, generating reports, preparing presentations and project management
  • Assisted project manager in the implementation of client security and regulatory requirements such as mentioned (including ISO, PCI and Privacy Regulations) during the solution delivery phase
  • Performed PCI DSS compliance validation by performing assessment and vulnerability scanning on Qualys Tool
  • Provided expert guidance during critical incidents, assisting technical teams in resolving complex issues quickly and effectively.

Senior System Engineer

Cognizant Technology Solutions.
Bengaluru
12.2014 - 01.2017
  • Team Lead of L2 Team for leading ecommerce brand (Nike)
  • Designed and implemented the Security policies and procedures for the client
  • Incident Management, Change management, application security and internal audit
  • Creation and maintenance of Splunk (SIEM Tool) alerts and dashboards.
  • Handling launches/deployments using confluence, Jira Tool and SQL Commands.

Education

MBA - Information Security

Symbiosis Centre of Information And Technology
Pune, Maharashtra
05.2018

B-Tech - Electronics And Communication Engineering

JIET Jodhpur
Jodhpur, Rajasthan
05.2014

Skills

SOX Compliance

Cloud Security

SAP and Non SAP App Assessment

ITGC Testing

IAM/PAM

GRC/Security Standard and Guidelines experience

Strategic planning

TPRM

Policy implementation

Risk management

Data analysis

Change management

Stakeholder management

Regulatory compliance

Certification

ISO-27001-2013 LA

Accomplishments

1. Received multiple quaterly awards and top rating for my performance in security field and complex industry projects.

2. Achieved result by completing scope of work with great accuracy and efficiency.

3. Introduced and implemented new innovative ideas in projects to improve the process efficiency and reduce workload.

Timeline

Transformation Excellence Manager

Accenture Solutions Pvt Ltd
10.2021 - Current

Cyber Security Consultant

PWC India
11.2019 - 10.2021

Senior Consultant

KPMG India
06.2018 - 10.2019

Incident Manager

RSAB IT INDIA Pvt Ltd.
01.2017 - 05.2017

Senior System Engineer

Cognizant Technology Solutions.
12.2014 - 01.2017

MBA - Information Security

Symbiosis Centre of Information And Technology

B-Tech - Electronics And Communication Engineering

JIET Jodhpur

Similar Profiles

CREATE PROFILE
Alka PandeySecurity Manager