Dev Mishra
Senior Consultant - Risk And Compliance
Bangalore
Summary
Driven Senior Consultant with 4years' experience in the Third party management. Adept in collaborative problem solving, risk management and creative solutions. Passionate about bringing changes in businesses. Proficient in conducting primary and secondary research. A certified CTPRP(Certified Third Party Risk Professional) and ISO 27001 Lead Auditor.
Looking for an organization which provides an opportunity to build my skills in technical and managerial aspects of information security, where I can utilize my acquired skills and knowledge towards mutual growth and advancement
Overview
4
4
years of professional experience
3
3
Certifications
Work History
Senior Consultant
IBM
Bangalore
04.2022 - Current
- Design and development of security policies,standards and procedures in accordance with organizational goals
- Evaluate and Advise on implementation and effectiveness of the cybersecurity safegaurds to endure that they provide the intended level of proectection.
- Identify and escalate project risks to project stakeholders on data security governance, data classification, data security design, security management, personal information compliance and protection consulting.
- Assist in developing knowledge assets such as methodologies,templates, white papers etc.
Associate Consultant
KPMG KGS, TPRM
07.2021 - 04.2022
- Third Party Risk Management : Remote assessment on vendors of Finance sector client.
- Performed remote vendor risk assessment on vendors of client ranging from Conducting kickoff meetings, performing remote assessment, conducting internal and external finding discussions and providing closure report.
- Performed analysis of key risk indicators to identify and escalate appropriate issues for management attention
- The assessment is performed by collaborating with vendors and collecting and inspecting of evidences
- Scheduling and conducting kick-off discussion with vendor to understand the scope of the assessment
- Publishing the questionnaire and conducting remote assessment call based on the evidences provided
- Creating report on the risk posture of the vendor
- Conducting Internal finding discussions with the client to confirm on the findings
- Conducting external finding discussion with the vendor
- Assist the client with drafting of closure letter report.
Associate
Grant Thornton LLP
04.2019 - 07.2021
- Project 1 : Third Party Risk Management for Healthcare sector client:
- Performed remote vendor risk audits and assessments for various clients as per their third-party information security benchmarks using vendor provided documentation such as ISO 27001 Statement of Applicability, SOC Reports, Policies, BCP/DR plans, Incident Response Plan, 23 NYCRR 500 Certificate of Compliance, etc
- Provided in line with the questions raised
- Coordinated with the vendors until the findings of the assessments and audits were remediated
- Helped a property and casualty insurance client in updating its TPRM information security assessment matrix and Inherent Risk Calculator (IRR)
- Worked with the client’s TPRM head to create a process flow for issue (finding) management process
- Devloped expertise in Onetrust tool for reporting of risks and results of the assessments of vendors
- Created Due Diligence questionnaire to assess the criticality of the vendor
- Conducting walkthrough for the vendors of the Information security controls assessment questionnaire
- Took responsibility of end to end project management activities of the project
- Used Onetrust to report the vendor risks and vendor criticality to the client
- Certified vendor risk assessment expert - Onetrust
- Project 2 : CCPA Readiness assessment (prison communications firm)
- Conducted 29 workshops with 91 stakeholders representing 27 of client's core business functions with the greatest potential to be impacted by CCPA
- Using the customized data inventory toolkit, stakeholders were engaged to identify and inventory how they interact with personal information of California residents in order to catalogue the business function activities for risk ranking purposes
- Business Process Risk Rankings: Conducted a review of the information compiled in the data inventory tool and used risk ranking criteria to identify the business operations likely to be most impacted by CCPA requirements based on client's data processing activities
- Data Inventory Upload to OneTrust: Configured the data inventorying module in OneTrust
- Project 3 : CCPA Readiness assessment (Engineering simulation solutions industry client)
- Conducted workshops with stakeholders to build out existing system inventory and to follow up with the asset owners to gather information and update the system inventory
- Business Process Risk Rankings: Conducted a review of the information compiled in the data inventory tool and used risk ranking criteria to identify the business operations likely to be most impacted by CCPA requirements based on client's data processing activities
- Data Inventory Upload to OneTrust: Configured the data inventorying module in OneTrust for storing all the systems, assets and third parties with their respective process risk rankings
- Project 4:- Third Party Risk management Tool
- Creating a tool which helps organization understand their service criticality based on which the tool assists the client to choose the appropriate vendor
- Created the Service intelligence questionnaire which would describe the criticality of service based on the type of data stored, downtime limitations, volume of data and type of access
- Created the Vendor Intelligence questionnaire which would assist the organization to onboard the appropriate vendor.
Education
MBA -
Symbiosis Centre for Information Technology
B.E - Information Technology
Symbiosis International University
undefined
Laxmi Narain College of Technology and Science
XII - Science
Rajiv Gandhi Proudyogiki Vishwavidyalaya
undefined
Delhi Public School
X - undefined
Central Board of Secondary Education
Skills
Third Party Risk Management ( CTPRP certified)
undefinedCertification
ISO 27001 Certified Lead Auditor
Accomplishments
- CTPRP - Certified Third Party Risk Professional
- ISO 27001 Lead Auditor
- Awarded Rising star in IBM FY 2022
- Lead the Rewards and Recognition program in Grant thornton
CTPRP - Certified Third Party Risk Management
Competed CTPRP Certification in FY december 2021.
Timeline
Senior Consultant
IBM
04.2022 - Current
Associate Consultant
KPMG KGS, TPRM
07.2021 - 04.2022
Associate
Grant Thornton LLP
04.2019 - 07.2021
MBA -
Symbiosis Centre for Information Technology
B.E - Information Technology
Symbiosis International University
undefined
Laxmi Narain College of Technology and Science
XII - Science
Rajiv Gandhi Proudyogiki Vishwavidyalaya
undefined
Delhi Public School
X - undefined
Central Board of Secondary Education
Similar Profiles
RAJKUMAR PRAJKUMAR P
Azure Devops Engineer at IBMAzure Devops Engineer at IBM
PARIKSHITH UPADHYAYAPARIKSHITH UPADHYAYA
Onshore Lead & Business Analyst, Oracle CC&B at IBMOnshore Lead & Business Analyst, Oracle CC&B at IBM
MOHD YASIRMOHD YASIR
Senior Application Developer at IBMSenior Application Developer at IBM
Mário ValentínyMário Valentíny
CIO Finance Operations Manager at IBMCIO Finance Operations Manager at IBM
Muskan JainMuskan Jain
Associate – Bid Management at Subex Ltd.Associate – Bid Management at Subex Ltd.