Jayalakshmi R
Chennai
Summary
Highly competent and organized Information Security professional with extensive experience seeking a challenging opportunity in Information & Cyber Security Governance, Risk and Compliance/IT audit management. Dedicated to driving effective internal audit practices and enhancing IT governance & security within the organization. Proven ability to assist in end-to-end consulting, monitoring, and controlling the security mechanism as per various standards and guidelines.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Lead IT Risk & Security Engineer
DTCC
09.2021 - Current
- Hands on experience in internal audit from scoping, planning, executing and closure across 8+ information security department with the role of risk identification, assessment in accordance with organizational risk management policy & Information Security policy
- Practical experience in auditing processes such as IT Governance, SDLC, Business continuity & Incident Management, IT infrastructure such as Network firewalls including cloud, Vulnerability & Patch management, Physical Security, HR, System Migration etc.
- Developing audit questionnaire for audit readiness across technology risk management team
- Identified the critical processes & functions of Tier 1 applications by workflow mapping and led the risk-based end to end InfoSec audit
- Collaborated with IAM engineering team and developed use cases in the 'User Behavior & Analytics tool' to simulate key risk scenarios based on sensitive user accesses in identification of internal risk for their processes
- Developing risk management strategy and framework in accordance with project strategy to meet business objectives
- Maintain & facilitate review of Information security policy, BCP policy in line with organizational objectives
- Collaborating with stakeholders from operations, technology & cyber security team for effective project deliverables, and thereby executing project objective with accepted timelines
- Implementation of ISMS across Information Security, development of control standards etc
- Participated in gap assessment, security assessment and helped in assessing control objective
- Hands on experience in 'Metrics & reporting' highlighting the compliant status to business leaders in line to the risk management policy highlighting KPIs & KRIs
- Led end-end internal audit for business continuity management and coordinated with certification bodies for surveillance & full certification audit for the past 3 years
- Development of business cases and RFPs for certification bodies to conduct ISO 22301 certification, performed third-party risk assessment in line with risk management policy, developing vendor assessment checklist etc
- Collaborated with IT teams to integrate security measures into software development processes, enhancing overall application security.
- Developed comprehensive security policies and procedures for the organization, resulting in improved protection against potential threats.
- Provided training programs for employees on cybersecurity best practices, increasing awareness and fostering a proactive security culture within the organization.
- Contributed to business continuity planning efforts by assessing potential risks to critical systems and implementing backup strategies that ensured minimal downtime during disaster recovery scenarios.
- Designed and implemented employee awareness campaigns, raising the level of security consciousness within the organization and reducing incidents related to human error.
- Streamlined communication between departments regarding cybersecurity matters by creating an effective reporting structure that enabled prompt action against identified threats.
- Played a key role in securing certifications such as ISO 27001, demonstrating the organization''s commitment to maintaining a robust cybersecurity program.
- Collaborated with vendors and suppliers to assess third-party risk levels, ensuring that external partners adhered to organizational security standards.
- Performed risk assessments on new projects and initiatives, identifying potential threats early in the planning process to ensure proper mitigation strategies were implemented from the outset.
- Implemented robust access controls for sensitive data repositories, reducing the risk of unauthorized access and data breaches.
- Worked with teams to develop company-wide information assurance, security standards and procedures.
Team Lead
BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021
- Consult and Manage Cyber Risk related projects End to End till closure
- Conducted various Implementation, Audits and Assessments across IAM teams
- Develop and enforce security policies, procedures and guidelines in alignment with industry standards and regulations
- Oversee IAM processes, ensuring secure and efficient access control across the organization
- Conduct regular audits and assessments to identify and mitigate potential security risks around IAM processes
- Collaborated with stakeholders to develop and implement comprehensive cyber resilience strategies, ensuring robust protection against cyber threats
- Headed implementation of IAM solutions like Sail point, resulting in efficient governance and risk management of people, applications etc.
- Engaging with stakeholders and businesses information owners to identify critical accesses and applications, allocating risk scores and scheduling access recertification
- Collaborated with business role owners and recertified the applications onboarded in the business role within Sailpoint
- Participated in role composition and creation of business roles in Sailpoint
- Teamed up with information security team for running ISO27001 implementation and auditing along with risk management & risk assessments
- Critical applications providing access to material nonpublic information are identified by following ISO27001 control standard, and assigned with sensitivity and risk score in Sailpoint and GRC process is implemented as a part of continuous improvement
- Segregation of duties, policy violation rules are developed in Sailpoint to manage the accesses effectively according to ISO 27001 control standard
- Access insights are developed using Sailpoint governance tool, thereby achieved effective handling of GRC processes around an identity in the tool
- Application, Entitlement owner, Role Composition, Manager, transfer recertification are scheduled in Sailpoint to avoid rubber stamping of accesses in accordance with ISO 27001 control standard
- Managed risks and mitigated potential issues through proactive planning, monitoring, and timely decision making.
- Implemented process improvements that led to reduced turnaround times for critical tasks without compromising quality.
- Spearheaded multiple high-impact projects simultaneously while meeting tight deadlines under pressure-packed situations.
- Developed succession planning strategies to ensure continuity of leadership within the team and facilitate smooth transitions during organizational changes.
- Assisted in developing policies and procedures that aligned with organizational objectives while adhering to regulatory requirements.
- Provided expert guidance on regulatory requirements, ensuring that clients maintained full compliance with industry standards.
- Conducted gap analysis exercises for clients, identifying areas requiring attention in order to achieve complete adherence to requisite standards.
- Delivered detailed reports on audit findings, providing actionable insights for clients to strengthen their internal control systems.
- Oversaw implementation of data protection measures designed at preventing unauthorized access or loss of sensitive information.
- Enhanced GRC program effectiveness by conducting comprehensive risk assessments and recommending mitigation strategies.
- Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.
- Identified key risks and mitigating factors of potential investments such as asset types and values, legal and ownership structures and industry segments.
- Compared industry-specific securities against outside metrics and each other to develop recommendations.
Senior Project Engineer
Wipro Technologies
08.2009 - 06.2016
- Creation of various CyberArk gateway, login and reconcile accounts on different servers
- Central Administration of all the generic, privileged, static, and personal accounts via CyberArk
- Resuming CPM and Reconciliation of failed password object on various Servers through CyberArk
- Administering the Safes and the Vault via Private Ark and PVWA
- AD implementation on Private Ark
- Integration of the Active Directory groups with CyberArk Safe roles
- Defining the policy IDs for various safes in PVWA
- Creation of new Safes and Policy ids
- Generating various CyberArk reports from the Vault and PVWA
- Ensuring security resilience and SOX compliance on the user accounts placed in CyberArk
- Recertification and revalidation of password objects, AD users and Safe Roles on CyberArk
- Identity management via Core Web Security
- User facilitation and administration on different applications via Core Web Security
Education
Bachelor of Engineering - Electronics & Communications
Arunai Engineering College
TiruvannamalaiHigher Secondary -
St. Annes. Girls. Hr. Sec. School
High School -
St. Annes. Girls. Hr. Sec. School
Skills
- ISO 27001
- ITIL
- Internal Audit Management
- Data Analytics
- Project Management
- Stakeholder Management
- IT Governance & Compliance
- Cloud Security
- Metrics & Reporting
- Business Continuity & Disaster Recovery
- Regulatory Standard
- Identity & Access Management
- Process Implementation
- Vendor Management
- Process Improvement
- Escalation Management
Certification
- Certified Information Security Manager (CISM)
- ISO/IEC 27001:2013 Lead Auditor (ISMS)
- ITIL 2011 Foundation Certification
- GDPR (Trained)
Languages
English
Tamil
Personal Information
- Date of Birth: 01/05/87
- Gender: Female
- Nationality: Indian
- Marital Status: Married
Hobbies and Interests
- Baking
- Playing Shuttle
- Exploring new places
Disclaimer
I hereby declare that the information furnished above is true and correct to the best of my knowledge., Chennai, India, 17/09/24
Timeline
Lead IT Risk & Security Engineer
DTCC
09.2021 - Current
Team Lead
BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021
Senior Project Engineer
Wipro Technologies
08.2009 - 06.2016
Bachelor of Engineering - Electronics & Communications
Arunai Engineering College
Higher Secondary -
St. Annes. Girls. Hr. Sec. School
High School -
St. Annes. Girls. Hr. Sec. School
Similar Profiles
Abinash PandaAbinash Panda
Director of Software Engineering at DTCCDirector of Software Engineering at DTCC
Annabel BullosAnnabel Bullos
Client Connectivity Senior Analyst at DTCCClient Connectivity Senior Analyst at DTCC
Lindsey AltLindsey Alt
Associate Director SQL Server Database Engineering at DTCCAssociate Director SQL Server Database Engineering at DTCC
Deijah SimonDeijah Simon
EDGE IT BSA at DTCCEDGE IT BSA at DTCC
Zaheer Syed.SZaheer Syed.S
Team Manager at GSR Global ServicesTeam Manager at GSR Global Services