ANIKET RASTOGI (CISSP, CISA)

Achievements:
• Led more than 30 security-related risk reviews and audits globally for compliance with regulatory requirements.
• Managed a team of 5 geographically dispersed individual contributors.

Key Responsibilities:
• Dynamic Team Leadership – Spearheaded and managed a team of security professionals and contractors across multiple regions, effectively mitigating cyber security risks across the organization.

• Compliance Excellence – Orchestrated and managed security compliance activities essential for Uber, including ISO 27001, SOC attestations, and PCI-DSS certification.

• Regulatory Compliance Mastery – Pioneered the development and management of a comprehensive program to ensure compliance with SOx (Sarbanes Oxley), Payments Security Directive (PSD2), General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).

• Rigorous Risk Management – Proactively reported and addressed security issues identified during reviews in various areas across the organization.

• Strategic Risk Program Oversight – Successfully managed diverse risk programs and initiatives at Uber, providing unparalleled technical expertise in Cloud Security, Network Security, DDOS Prevention and Detection, Business Continuity and Disaster Recovery, as well as Third-Party Risk Reviews (BPOs and vendors).

Achievements :
• Reviewed controls across 5 major COBIT processes and more than 70 payment applications
• Setup the Policy Management Office to review Technology and Information Security policies

Key Responsibilities:
• Project Management—Managed risk assessment and control testing projects for the team, including scoping, stakeholder management, reporting, and remediation monitoring.

• Risk Identification and Management - Identified existing and emerging technology risks within the environment, performed risk assessments, and identified relevant controls for mitigation.
• Policy Management Office - Performed periodic reviews of policies and standards and suggested improvements based on the technological landscape

• Compliance Management - Based on different compliance requirements provided by regulators, correlated the requirements to the COBIT 5 framework and developed an in-house customized controls framework.

Achievements:
• Reduced the risk of Shadow IT from EUR 60mn to EUR 2.5mn in a period of 1 year

Key Responsibilities:
• Shadow IT Governance: Spearheaded the development of a robust framework to uncover, assess, and mitigate risks associated with Shadow IT within the organization. Through this initiative, we were able to streamline processes and significantly reduce our exposure to unmanaged IT applications.
• Technology Risk Reviews and Assessments - Conducted thorough technology reviews for various applications, processes, and infrastructure in line with MAS, BaFin, and Sox requirements. The resulting strategic changes positioned us to proactively manage and mitigate potential risks.

Achievements:
• Performed multiple attestation and certification programs for KPMG customers (SSAE 16 / ISAE 3402 and ISO 27001 audits)
• Developed SOx control testing programs for 5 customer organizations

Key Responsibilities:
• Statutory & Internal Audits - Managed and performed multiple SOx engagements, ITGC, and Application Controls assessments as part of Statutory & Internal Audits for clients.

• Business System Controls Review - Reviewed ERP system-based controls in the Retail and Media/Entertainment industry to ensure the systems are aligned with the business requirements.
• Attestation Engagements and Certifications - Performed multiple attestation engagements for certifications (ISAE 3402/SSAE 18 Type 1 and Type 2). Also reviewed ISO 27001 controls to prepare theorganization to obtain certification.

Achievements :
• Provided multiple customers with GRC consulting to enhance security practices across their organizations through standards, policies, procedures and risk metrics

Key Responsibilities :
• Governance Risk and Compliance Management - Responsible for the development of Information Security policies, procedures, and security management reports based on ISO 27001 and COBIT for clients in the BFSI sector.