HARSH SHAH
Bengaluru
Summary
To use all the knowledge acquired during my tenure as security analyst as well as while doing certification in the best interest of organization and to be a part of the team which strives for the better growth of the organization, and which explores my potential and provides me with the opportunity to enhance my talent with an intention to be an asset to the company.
Experienced professional with a strong background in auditing and risk assessment, having conducted audits for major financial institutions including Goldman Sachs. Demonstrated ability to plan and execute audit strategies while ensuring compliance with RBI and SEBI regulations. Proficient in developing control frameworks and conducting risk assessments across various domains such as information security and asset management. Expertise in integrating security measures and conducting vulnerability assessments to enhance organizational resilience against emerging threats.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Associate
Goldman Sachs
04.2024 - Current
- Auditing the Mumbai entity of Goldman Sachs in regards with RBI and SEBI regulatory requirements
- Planning and scoping of controls to be tested for particular audit
- Worked on Strategy for Mumbai entity to plan and execute the audit
- Worked on enterprise controls for PF and gratuity
- Well versed with Data integrity and Data security controls
Senior Consultant
Ernst & Young
Mumbai
04.2022 - 04.2024
- Worked with one of the leading banks and assisted KRI submissions mandated by RBI
- Worked on risk assessment involving Tranche 1a and 1c for one of the leading banks
- Worked with one of the largest bank in middle east on risk assessment starting from scratch
- Well versed with defining Unified Control Framework, control portfolio, and Risk and Control Matrix
- Well versed with risk assessment with respect to Information Security, Asset Management, Backup and recovery, Change Management, Incident Management, Identity Access Management, User Access Management
Consultant
Capgemini Ltd.
04.2021 - 04.2022
- Working on Symantec DLP
- Writing policy in DLP with respect to client's requirements
- Data classification
- Assessing advisories from auscert and preparing remediation plan
- Assessing Indicator of Compromises and monitoring accordingly.
- Capgemini
Information Security Officer and IT Auditor
Axis Securities Ltd
08.2018 - 04.2021
- Conducting Risk assessment across all departments
- Conducting ITGC audit with respect to all the applications
- Helping out external auditors with my internal audit report with respect to ITGC
- Conducting risk assessment on trading applications for presence of any vulnerability
- Using Qualysguard (Vulnerability assessment tool for vulnerabilities on server for which application is hosted
- Development of Cyber Security policy aligned with SEBI.
- Ensuring all the servers are hardened in accordance with Standard Configuration document.
- Ensuring all the Endpoints and servers are updated with latest Patches (Using IBM Big Fix)
- Ensuring Change management process is followed for any changes made on Production or UAT
- Ensuring User access management process is followed
- To make sure ASL Adheres to RBI as well as SEBI guidelines.
- Working on Network access control
- Member of CMC (Change Management Committee)
- Axis Securities
Cyber Security Executive
AGC Networks ltd.
01.2017 - 08.2018
- Informing vulnerability reports to clients that can be exploited
- Raising incidents
- SIEM use case development
- Parser writing
- Customized automated reports
- Conducting client meetings and working on their requirements.
- ISO 27001:2013 Audit
- ITGC audit
- Risk Assessment
- AGC Networks - Cyber-I
Education
B.E - ELECTRONICS AND TELECOMMUNICATION
VIDYA VIKAS EDUCATION TRUST
HSC -
VIVA COLLEGE OF SCIENCE AND ARTS
SSC -
INFANT JESUS HIGH SCHOOL
Skills
- ITGC audit
- Risk Assessment
- KRI submissions
- Risk and Control Matrix
- Threat and vulnerability analysis
- Security advisory services
- Vulnerability assessment
- Use case development
- Policy Writing
- Writing custom parsers
- Software vulnerabilities
- Hardware vulnerabilities
- Decision making
- Integration of devices with SIEM
- Security issues
- Emerging trends
- Automated report generation
- Knowledge of common internet protocol
- Knowledge of applications
- ISMS Audit
- Knowledge of TCP/IP protocol
- Network analysis
- RBI compliance
- SEBI compliance
- Risk assessment
- Control testing
- Audit strategy
- Audit planning
- Control framework
Certification
- CERTIFIED ETHICAL HACKER (CEH-EC COUNCIL)
- MacAfee PRODUCT SPECIALIST - SIEM (INTEL SECURITY)
- ISO 27001-2013 LEAD AUDITOR (DNV-G.L)
- QUALYS POLICYCOMPLIANCE (QUALYSGUARD)
- QUALYS VULNERABILITY MANAGEMENT (QUALYSGUARD)
- CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA - ISACA)
Personal Information
- Date of Birth: 08/06/94
- Gender: Male
- Marital Status: Single
- Place of Birth: Gujarat
Hobbies and Interests
- Soccer
- Cooking
- Cricket
- Music
- Football
Languages
- Hindi
- Gujarati
- Marathi
- English
- Hindi
- Gujarati
- Marathi
Hands On Experiences
- MacAfee SIEM
- Implementation of SIEM components, integration of data sources, policy and rulemaking
- Writing custom parsers for unsupported log sources
- Forescout NAC tool, Qualysguard, Symantec DLP
- Basic awareness about Nessus scanner, Metasploit, Qualysguard
Languages
English
Advanced (C1)
C1
Hindi
Proficient (C2)
C2
Gujarati
Proficient (C2)
C2
Marathi
Upper Intermediate (B2)
B2
Timeline
Associate
Goldman Sachs
04.2024 - Current
Senior Consultant
Ernst & Young
04.2022 - 04.2024
Consultant
Capgemini Ltd.
04.2021 - 04.2022
Information Security Officer and IT Auditor
Axis Securities Ltd
08.2018 - 04.2021
Cyber Security Executive
AGC Networks ltd.
01.2017 - 08.2018
B.E - ELECTRONICS AND TELECOMMUNICATION
VIDYA VIKAS EDUCATION TRUST
HSC -
VIVA COLLEGE OF SCIENCE AND ARTS
SSC -
INFANT JESUS HIGH SCHOOL