Highly competent and organized Information Security professional with extensive experience seeking a challenging opportunity in Information & Cyber Security Governance, Risk and Compliance/IT audit management. Dedicated to driving effective internal audit practices and enhancing IT governance & security within the organization. Proven ability to assist in end-to-end consulting, monitoring, and controlling the security mechanism as per various standards and guidelines.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Lead IT Risk & Security Engineer
DTCC
09.2021 - Current
Hands on experience in internal audit from scoping, planning, executing and closure across 8+ information security department with the role of risk identification, assessment in accordance with organizational risk management policy & Information Security policy
Practical experience in auditing processes such as IT Governance, SDLC, Business continuity & Incident Management, IT infrastructure such as Network firewalls including cloud, Vulnerability & Patch management, Physical Security, HR, System Migration etc.
Developing audit questionnaire for audit readiness across technology risk management team
Identified the critical processes & functions of Tier 1 applications by workflow mapping and led the risk-based end to end InfoSec audit
Collaborated with IAM engineering team and developed use cases in the 'User Behavior & Analytics tool' to simulate key risk scenarios based on sensitive user accesses in identification of internal risk for their processes
Developing risk management strategy and framework in accordance with project strategy to meet business objectives
Maintain & facilitate review of Information security policy, BCP policy in line with organizational objectives
Collaborating with stakeholders from operations, technology & cyber security team for effective project deliverables, and thereby executing project objective with accepted timelines
Implementation of ISMS across Information Security, development of control standards etc
Participated in gap assessment, security assessment and helped in assessing control objective
Hands on experience in 'Metrics & reporting' highlighting the compliant status to business leaders in line to the risk management policy highlighting KPIs & KRIs
Led end-end internal audit for business continuity management and coordinated with certification bodies for surveillance & full certification audit for the past 3 years
Development of business cases and RFPs for certification bodies to conduct ISO 22301 certification, performed third-party risk assessment in line with risk management policy, developing vendor assessment checklist etc
Collaborated with IT teams to integrate security measures into software development processes, enhancing overall application security.
Developed comprehensive security policies and procedures for the organization, resulting in improved protection against potential threats.
Provided training programs for employees on cybersecurity best practices, increasing awareness and fostering a proactive security culture within the organization.
Contributed to business continuity planning efforts by assessing potential risks to critical systems and implementing backup strategies that ensured minimal downtime during disaster recovery scenarios.
Designed and implemented employee awareness campaigns, raising the level of security consciousness within the organization and reducing incidents related to human error.
Streamlined communication between departments regarding cybersecurity matters by creating an effective reporting structure that enabled prompt action against identified threats.
Played a key role in securing certifications such as ISO 27001, demonstrating the organization''s commitment to maintaining a robust cybersecurity program.
Collaborated with vendors and suppliers to assess third-party risk levels, ensuring that external partners adhered to organizational security standards.
Performed risk assessments on new projects and initiatives, identifying potential threats early in the planning process to ensure proper mitigation strategies were implemented from the outset.
Implemented robust access controls for sensitive data repositories, reducing the risk of unauthorized access and data breaches.
Worked with teams to develop company-wide information assurance, security standards and procedures.
Team Lead
BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021
Consult and Manage Cyber Risk related projects End to End till closure
Conducted various Implementation, Audits and Assessments across IAM teams
Develop and enforce security policies, procedures and guidelines in alignment with industry standards and regulations
Oversee IAM processes, ensuring secure and efficient access control across the organization
Conduct regular audits and assessments to identify and mitigate potential security risks around IAM processes
Collaborated with stakeholders to develop and implement comprehensive cyber resilience strategies, ensuring robust protection against cyber threats
Headed implementation of IAM solutions like Sail point, resulting in efficient governance and risk management of people, applications etc.
Engaging with stakeholders and businesses information owners to identify critical accesses and applications, allocating risk scores and scheduling access recertification
Collaborated with business role owners and recertified the applications onboarded in the business role within Sailpoint
Participated in role composition and creation of business roles in Sailpoint
Teamed up with information security team for running ISO27001 implementation and auditing along with risk management & risk assessments
Critical applications providing access to material nonpublic information are identified by following ISO27001 control standard, and assigned with sensitivity and risk score in Sailpoint and GRC process is implemented as a part of continuous improvement
Segregation of duties, policy violation rules are developed in Sailpoint to manage the accesses effectively according to ISO 27001 control standard
Access insights are developed using Sailpoint governance tool, thereby achieved effective handling of GRC processes around an identity in the tool
Application, Entitlement owner, Role Composition, Manager, transfer recertification are scheduled in Sailpoint to avoid rubber stamping of accesses in accordance with ISO 27001 control standard
Managed risks and mitigated potential issues through proactive planning, monitoring, and timely decision making.
Implemented process improvements that led to reduced turnaround times for critical tasks without compromising quality.
Spearheaded multiple high-impact projects simultaneously while meeting tight deadlines under pressure-packed situations.
Developed succession planning strategies to ensure continuity of leadership within the team and facilitate smooth transitions during organizational changes.
Assisted in developing policies and procedures that aligned with organizational objectives while adhering to regulatory requirements.
Provided expert guidance on regulatory requirements, ensuring that clients maintained full compliance with industry standards.
Conducted gap analysis exercises for clients, identifying areas requiring attention in order to achieve complete adherence to requisite standards.
Delivered detailed reports on audit findings, providing actionable insights for clients to strengthen their internal control systems.
Oversaw implementation of data protection measures designed at preventing unauthorized access or loss of sensitive information.
Enhanced GRC program effectiveness by conducting comprehensive risk assessments and recommending mitigation strategies.
Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.
Identified key risks and mitigating factors of potential investments such as asset types and values, legal and ownership structures and industry segments.
Compared industry-specific securities against outside metrics and each other to develop recommendations.
Senior Project Engineer
Wipro Technologies
08.2009 - 06.2016
Creation of various CyberArk gateway, login and reconcile accounts on different servers
Central Administration of all the generic, privileged, static, and personal accounts via CyberArk
Resuming CPM and Reconciliation of failed password object on various Servers through CyberArk
Administering the Safes and the Vault via Private Ark and PVWA
AD implementation on Private Ark
Integration of the Active Directory groups with CyberArk Safe roles
Defining the policy IDs for various safes in PVWA
Creation of new Safes and Policy ids
Generating various CyberArk reports from the Vault and PVWA
Ensuring security resilience and SOX compliance on the user accounts placed in CyberArk
Recertification and revalidation of password objects, AD users and Safe Roles on CyberArk
Identity management via Core Web Security
User facilitation and administration on different applications via Core Web Security
Education
Bachelor of Engineering - Electronics & Communications
Arunai Engineering College
Tiruvannamalai
Higher Secondary -
St. Annes. Girls. Hr. Sec. School
High School -
St. Annes. Girls. Hr. Sec. School
Skills
ISO 27001
ITIL
Internal Audit Management
Data Analytics
Project Management
Stakeholder Management
IT Governance & Compliance
Cloud Security
Metrics & Reporting
Business Continuity & Disaster Recovery
Regulatory Standard
Identity & Access Management
Process Implementation
Vendor Management
Process Improvement
Escalation Management
Certification
Certified Information Security Manager (CISM)
ISO/IEC 27001:2013 Lead Auditor (ISMS)
ITIL 2011 Foundation Certification
GDPR (Trained)
Languages
English
Tamil
Personal Information
Date of Birth: 01/05/87
Gender: Female
Nationality: Indian
Marital Status: Married
Hobbies and Interests
Baking
Playing Shuttle
Exploring new places
Disclaimer
I hereby declare that the information furnished above is true and correct to the best of my knowledge., Chennai, India, 17/09/24
Timeline
Lead IT Risk & Security Engineer
DTCC
09.2021 - Current
Team Lead
BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021
Senior Project Engineer
Wipro Technologies
08.2009 - 06.2016
Bachelor of Engineering - Electronics & Communications