Summary
Overview
Work History
Education
Skills
Certification
Work Availability
Languages
Work Preference
Interests
Software
Quote
Websites
Timeline
Generic
AVISHEK SAHA

AVISHEK SAHA

Bengaluru,Karnataka

Summary

Results-driven Compliance & Security Consultant with a proven track record of over 7 years in managing and enhancing organizational security and compliance frameworks. Certified Internal Auditor (ISO 27001:2022 & 9001:2015) conducting internal audits to ensure adherence to industry standards. Expertise in comprehensive risk assessments, leading SOC 2 Type 2 audits, and implementing robust vulnerability management programs. Adept at developing and executing strategic initiatives for regulatory compliance and safeguarding sensitive information. Collaborates with cross-functional teams to drive security improvements and mitigate risks. Strong analytical skills, attention to detail, and proactive problem-solving approach. Excels in third-party vendor risk assessments, contractual compliance, due diligence, threat and vulnerability assessment, fraud investigation, internal audits, reporting, data governance, and proficiency in MS Office/Azure/Defender.

Overview

7
7
years of professional experience

Work History

Compliance and Security Consultant

Sapiens Technologies
09.2022 - Current
  • Conducted internal audits to identify compliance risks and implemented corrective measures to address them
  • Conducted regular vulnerability assessments, identified and prioritized security risks, and implemented remediation strategies to enhance the organization's security posture
  • Developed a data governance strategy to ensure data integrity and security across the organization
  • Assisted with external audits, providing necessary documents and information to auditors
  • Created and maintained a information security management system that met ISO 27001 requirements
  • Developed and maintained a comprehensive training program for employees to ensure compliance with applicable laws and regulations
  • Developed and implemented risk management strategies to mitigate potential compliance risks
  • Developed a risk assessment to identify and mitigate potential product issues
  • Prepared detailed audit reports that highlighted areas of improvement and provided recommendations for corrective action
  • Conducted third-party vendor risk assessments to evaluate the potential risks associated with external vendors before onboarding them
  • Conducted thorough evaluations of internal controls, ensured compliance with security and privacy standards, and successfully led the organization through the audit process to achieve certification - SOC 2 Type 1 & 2

Senior Compliance Analyst

Tech Mahindra
07.2021 - 09.2022
  • Identification of Risk arising out of vulnerabilities in information security,
    tools and processes.
  • Certified internal auditor for organization auditing multiple business
    accounts internally
  • Creation of checklists and FMEA, audit scheduling and reporting, driving non conformity to closure
  • Hands on implementation of ISO 27001 policies for different projects
  • Good understanding of ISO 27001 controls and implementing them to avoid any kind of risks
  • Validating and reporting all checkpoints related to ISMS and mitigating risk in terms of Data protection, Standards protection, Physical security, Site security, Organizational security, Employee data security. etc
  • Ensuring complete adherence to MSA and SOW of each function with audits for departments like HR, Training, Contract Compliance, Corporate Services are done to prepare for client/third party audits to ensure compliance
  • Education and training campaigns imparted to leads on Infosec policy, Data security and privacy and intellectual property rights of client to drive culture of compliance.
  • Hands on with Excel and share point.
  • Took on additional responsibilities by leading system compliance audits at Tech Mahindra Bangalore. Conducted internal audits across various functions (Quality, Training, HR) to ensure compliance with SOPs and adherence to delivery plans and SOW
  • Certified Internal Auditor (ISO 9001:2015) with experience in conducting internal audits across Tech Mahindra locations. Served as site security facilitator, ensuring compliance with physical security standards and conducting client-specific audits to meet requirements

Analyst

Transworld System India Private Limited
Bengaluru, Karnataka
08.2020 - 07.2021
  • Reported to the Internal Audit team, as a team helped the various Business Unit to adhere to the TSI governed policies and procedures
  • Conducting Compliance Control Testing on monthly basis for CRM unit for Business Operation
  • Conducting Due Diligence while on boarding any new vendor
  • Sending VRAQ (Vendor Risk Assessment Questionnaire) to the respective vendor basis their risk rating and reviewing the document along with the relevant evidence to prepare the audit report with the help of InfoSec Team
  • Governance of Spend Report for across Geo Location to track the cost for all vendors
  • Reporting of Performance Matrix for all vendors, maintaining records of new vendors onboarded and also the one offboarded

Risk Assessor - Transactional Integrity Group

24/7.ai
Bengaluru, Karnataka
08.2017 - 08.2020
  • Auditing multiple Line of Business for a US Telecom client as a Global Risk Assessor and single-handedly supporting their business in Bangalore
  • Audit and mitigate the Risk in scope of Application vulnerability and financial loss for the client and 24/7.ai
  • Monitor the floor for Clean Desk Policy and PCI standard
  • Testing the tools to ensure customers personal data is not misused and there is no data leakage
  • The same is reported to the Annual Compliance Report

Education

Bachelor of Engineering - Instrumentation Engineering

Assam Engineering College
Guwahati, India
08.2016

Skills

  • Vulnerability Assessment
  • Identity and Access Management
  • Threat Intelligence
  • Endpoint Security
  • Security Awareness Training
  • Physical Security
  • Quality Assurance
  • Compliance Management

Certification

1. ISO 27001 Lead Auditor - Information Security Certification - TÜV Rheinland Group

2. ISO 9001: Quality Management Systems Certified - Tech Mahindra

3. Business intelligence using Power BI - Skill Nation

4. GDPR Compliance - LinkedIN Learning

5. California Consumer Privacy Act (CCPA) - LinkedIN Learning

6. Vulnerability Management - LinkedIN Learning

7. Cybersecurity Awareness: Cloud Security - LinkedIN Learning

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Languages

English
Advanced (C1)
Bengali
Bilingual or Proficient (C2)
Hindi
Upper intermediate (B2)

Work Preference

Work Type

Full Time

Work Location

RemoteHybridOn-Site

Important To Me

Career advancementWork-life balanceCompany CulturePersonal development programsHealthcare benefits

Interests

Cooking

Listening music

Playing indoor games

Software

Microsoft 365

Microsoft Azure

Microsoft Defender

Falcon Crowdstrike

Suralink

SNOW

JIRA

Quote

The way to get started is to quit talking and begin doing.
Walt Disney

Timeline

Compliance and Security Consultant

Sapiens Technologies
09.2022 - Current

Senior Compliance Analyst

Tech Mahindra
07.2021 - 09.2022

Analyst

Transworld System India Private Limited
08.2020 - 07.2021

Risk Assessor - Transactional Integrity Group

24/7.ai
08.2017 - 08.2020

Bachelor of Engineering - Instrumentation Engineering

Assam Engineering College

Similar Profiles

  • Nikita Soni

    Nikita SoniNikita Soni

    Sr HR Partner at Sapiens TechnologiesSr HR Partner at Sapiens Technologies

    View Profile
  • Ankit Parate

    Ankit ParateAnkit Parate

    Developer at Sapiens TechnologiesDeveloper at Sapiens Technologies

    View Profile
  • Shyam Baskaran

    Shyam BaskaranShyam Baskaran

    Implementation Engineer Senior Consultant at Sapiens TechnologiesImplementation Engineer Senior Consultant at Sapiens Technologies

    View Profile
AVISHEK SAHA