Summary
Overview
Work History
Education
Skills
Certification
Languages
Personal Information
Hobbies and Interests
Disclaimer
Timeline
Generic
Jayalakshmi R

Jayalakshmi R

Chennai

Summary

Highly competent and organized Information Security professional with extensive experience seeking a challenging opportunity in Information & Cyber Security Governance, Risk and Compliance/IT audit management. Dedicated to driving effective internal audit practices and enhancing IT governance & security within the organization. Proven ability to assist in end-to-end consulting, monitoring, and controlling the security mechanism as per various standards and guidelines.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Lead IT Risk & Security Engineer

DTCC
09.2021 - Current
  • Hands on experience in internal audit from scoping, planning, executing and closure across 8+ information security department with the role of risk identification, assessment in accordance with organizational risk management policy & Information Security policy
  • Practical experience in auditing processes such as IT Governance, SDLC, Business continuity & Incident Management, IT infrastructure such as Network firewalls including cloud, Vulnerability & Patch management, Physical Security, HR, System Migration etc.
  • Developing audit questionnaire for audit readiness across technology risk management team
  • Identified the critical processes & functions of Tier 1 applications by workflow mapping and led the risk-based end to end InfoSec audit
  • Collaborated with IAM engineering team and developed use cases in the 'User Behavior & Analytics tool' to simulate key risk scenarios based on sensitive user accesses in identification of internal risk for their processes
  • Developing risk management strategy and framework in accordance with project strategy to meet business objectives
  • Maintain & facilitate review of Information security policy, BCP policy in line with organizational objectives
  • Collaborating with stakeholders from operations, technology & cyber security team for effective project deliverables, and thereby executing project objective with accepted timelines
  • Implementation of ISMS across Information Security, development of control standards etc
  • Participated in gap assessment, security assessment and helped in assessing control objective
  • Hands on experience in 'Metrics & reporting' highlighting the compliant status to business leaders in line to the risk management policy highlighting KPIs & KRIs
  • Led end-end internal audit for business continuity management and coordinated with certification bodies for surveillance & full certification audit for the past 3 years
  • Development of business cases and RFPs for certification bodies to conduct ISO 22301 certification, performed third-party risk assessment in line with risk management policy, developing vendor assessment checklist etc
  • Collaborated with IT teams to integrate security measures into software development processes, enhancing overall application security.
  • Developed comprehensive security policies and procedures for the organization, resulting in improved protection against potential threats.
  • Provided training programs for employees on cybersecurity best practices, increasing awareness and fostering a proactive security culture within the organization.
  • Contributed to business continuity planning efforts by assessing potential risks to critical systems and implementing backup strategies that ensured minimal downtime during disaster recovery scenarios.
  • Designed and implemented employee awareness campaigns, raising the level of security consciousness within the organization and reducing incidents related to human error.
  • Streamlined communication between departments regarding cybersecurity matters by creating an effective reporting structure that enabled prompt action against identified threats.
  • Played a key role in securing certifications such as ISO 27001, demonstrating the organization''s commitment to maintaining a robust cybersecurity program.
  • Collaborated with vendors and suppliers to assess third-party risk levels, ensuring that external partners adhered to organizational security standards.
  • Performed risk assessments on new projects and initiatives, identifying potential threats early in the planning process to ensure proper mitigation strategies were implemented from the outset.
  • Implemented robust access controls for sensitive data repositories, reducing the risk of unauthorized access and data breaches.
  • Worked with teams to develop company-wide information assurance, security standards and procedures.

Team Lead

BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021
  • Consult and Manage Cyber Risk related projects End to End till closure
  • Conducted various Implementation, Audits and Assessments across IAM teams
  • Develop and enforce security policies, procedures and guidelines in alignment with industry standards and regulations
  • Oversee IAM processes, ensuring secure and efficient access control across the organization
  • Conduct regular audits and assessments to identify and mitigate potential security risks around IAM processes
  • Collaborated with stakeholders to develop and implement comprehensive cyber resilience strategies, ensuring robust protection against cyber threats
  • Headed implementation of IAM solutions like Sail point, resulting in efficient governance and risk management of people, applications etc.
  • Engaging with stakeholders and businesses information owners to identify critical accesses and applications, allocating risk scores and scheduling access recertification
  • Collaborated with business role owners and recertified the applications onboarded in the business role within Sailpoint
  • Participated in role composition and creation of business roles in Sailpoint
  • Teamed up with information security team for running ISO27001 implementation and auditing along with risk management & risk assessments
  • Critical applications providing access to material nonpublic information are identified by following ISO27001 control standard, and assigned with sensitivity and risk score in Sailpoint and GRC process is implemented as a part of continuous improvement
  • Segregation of duties, policy violation rules are developed in Sailpoint to manage the accesses effectively according to ISO 27001 control standard
  • Access insights are developed using Sailpoint governance tool, thereby achieved effective handling of GRC processes around an identity in the tool
  • Application, Entitlement owner, Role Composition, Manager, transfer recertification are scheduled in Sailpoint to avoid rubber stamping of accesses in accordance with ISO 27001 control standard
  • Managed risks and mitigated potential issues through proactive planning, monitoring, and timely decision making.
  • Implemented process improvements that led to reduced turnaround times for critical tasks without compromising quality.
  • Spearheaded multiple high-impact projects simultaneously while meeting tight deadlines under pressure-packed situations.
  • Developed succession planning strategies to ensure continuity of leadership within the team and facilitate smooth transitions during organizational changes.
  • Assisted in developing policies and procedures that aligned with organizational objectives while adhering to regulatory requirements.
  • Provided expert guidance on regulatory requirements, ensuring that clients maintained full compliance with industry standards.
  • Conducted gap analysis exercises for clients, identifying areas requiring attention in order to achieve complete adherence to requisite standards.
  • Delivered detailed reports on audit findings, providing actionable insights for clients to strengthen their internal control systems.
  • Oversaw implementation of data protection measures designed at preventing unauthorized access or loss of sensitive information.
  • Enhanced GRC program effectiveness by conducting comprehensive risk assessments and recommending mitigation strategies.
  • Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.
  • Identified key risks and mitigating factors of potential investments such as asset types and values, legal and ownership structures and industry segments.
  • Compared industry-specific securities against outside metrics and each other to develop recommendations.

Senior Project Engineer

Wipro Technologies
08.2009 - 06.2016
  • Creation of various CyberArk gateway, login and reconcile accounts on different servers
  • Central Administration of all the generic, privileged, static, and personal accounts via CyberArk
  • Resuming CPM and Reconciliation of failed password object on various Servers through CyberArk
  • Administering the Safes and the Vault via Private Ark and PVWA
  • AD implementation on Private Ark
  • Integration of the Active Directory groups with CyberArk Safe roles
  • Defining the policy IDs for various safes in PVWA
  • Creation of new Safes and Policy ids
  • Generating various CyberArk reports from the Vault and PVWA
  • Ensuring security resilience and SOX compliance on the user accounts placed in CyberArk
  • Recertification and revalidation of password objects, AD users and Safe Roles on CyberArk
  • Identity management via Core Web Security
  • User facilitation and administration on different applications via Core Web Security

Education

Bachelor of Engineering - Electronics & Communications

Arunai Engineering College
Tiruvannamalai

Higher Secondary -

St. Annes. Girls. Hr. Sec. School

High School -

St. Annes. Girls. Hr. Sec. School

Skills

  • ISO 27001
  • ITIL
  • Internal Audit Management
  • Data Analytics
  • Project Management
  • Stakeholder Management
  • IT Governance & Compliance
  • Cloud Security
  • Metrics & Reporting
  • Business Continuity & Disaster Recovery
  • Regulatory Standard
  • Identity & Access Management
  • Process Implementation
  • Vendor Management
  • Process Improvement
  • Escalation Management

Certification

  • Certified Information Security Manager (CISM)
  • ISO/IEC 27001:2013 Lead Auditor (ISMS)
  • ITIL 2011 Foundation Certification
  • GDPR (Trained)

Languages

English
Tamil

Personal Information

  • Date of Birth: 01/05/87
  • Gender: Female
  • Nationality: Indian
  • Marital Status: Married

Hobbies and Interests

  • Baking
  • Playing Shuttle
  • Exploring new places

Disclaimer

I hereby declare that the information furnished above is true and correct to the best of my knowledge., Chennai, India, 17/09/24

Timeline

Lead IT Risk & Security Engineer

DTCC
09.2021 - Current

Team Lead

BNP Paribas India Solutions Pvt Ltd
06.2016 - 09.2021

Senior Project Engineer

Wipro Technologies
08.2009 - 06.2016

Bachelor of Engineering - Electronics & Communications

Arunai Engineering College

Higher Secondary -

St. Annes. Girls. Hr. Sec. School

High School -

St. Annes. Girls. Hr. Sec. School
Jayalakshmi R