Summary
Overview
Work History
Education
Skills
Websites
Certification
Accomplishments
Disclaimer
Timeline
Generic
Kajal Koli

Kajal Koli

Mumbai

Summary

Detail-oriented professional in Information Security with a strong commitment to leveraging skills for organizational growth. Proven ability to implement security measures that enhance data protection and mitigate risks. Aiming to contribute expertise in cybersecurity while pursuing challenging opportunities that foster personal and professional development.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Security Delivery-Assistant Manager

Accenture
08.2023 - Current
  • Conducted comprehensive information security assessments for FMCG client applications, ensuring alignment with established design principles and security baseline controls.
  • Collaborated with enterprise and solution architects to provide security recommendations during the design phase, enhancing overall security posture.
  • Led a team of 5, supporting their roles and spearheading efforts to automate reporting processes, improving efficiency and accuracy.

Data Protection SME

Kimberly Clark
01.2021 - 08.2023
  • Implemented and managed the vendor risk tracking process, enhancing risk visibility and formalizing exception and risk acceptance procedures.
  • Collaborated cross-functionally to automate assessment workflows, significantly reducing SLA times and improving efficiency and evidence management.
  • Managed end-to-end third-party risk assessments for vendors, independently reporting to senior stakeholders on various domains including Physical and Logical Access, Security Policy, and Network Security.
  • Implemented a formal vendor risk tracking process, driving improvements and automating assessment workflows to enhance efficiency and streamline evidence management.
  • Collaborated cross-functionally with business functions and vendor partners across time zones to conduct comprehensive cyber security risk assessments and support Technology Risk Management and Enterprise Architect teams.
  • Conducted comprehensive third-party risk assessments for vendors, ensuring independent reporting to senior stakeholders and evaluating domains such as Physical and Logical Access, Security Policy, and Network Security.
  • Provided independent reports to senior stakeholders, ensuring transparency and informed decision-making.

Senior Consultant

Ernst & Young
02.2018 - 01.2021
  • Conducted comprehensive IT risk assessments for key financial systems, SAP systems, and priority personal data systems, ensuring compliance with client's security baseline controls.
  • Led a team of three in developing and implementing security baseline controls and compliance scorecards using ISO 27001 and CIS standards, enhancing the firm's global information security assessment process.
  • Performed detailed information classification and availability assessments, monitored IT global security mailbox, and managed policy exceptions and risk remediation, reporting compliance to platform directors weekly.
  • Reviewed and created information security standards, policies, and guidelines, secured baseline controls document, conducted information classification and availability assessments, and managed the IT global security mailbox to address critical security requests within SLAs.
  • Performed in-depth information security assessments for HR platforms and RPA tools, ensuring data privacy and compliance with industry regulations.

Senior Associate Consultant

SISA Information security
06.2017 - 02.2018
  • Managed end-to-end PCI-DSS external audits for large financial institutions, ensuring compliance and security standards were met.
  • Developed and documented comprehensive policies and procedures, including Change, Patch, and Vulnerability Management, tailored to client needs.
  • Performed detailed risk assessments across multiple domains, utilizing internal tools to identify and mitigate potential security threats.
  • Performed detailed gap assessments and developed action trackers, leading to successful remediation and compliance
  • Compiled comprehensive reports on compliance and attestation post-remediation and final audit.

Executive GRC

Netmagic Solutions
09.2016 - 05.2017
  • Conducted Information Security Internal Audits and Readiness Assessments, ensuring compliance with industry standards.
  • Performed ISO 27001 Readiness Assessments and facilitated the achievement of certification.
  • Developed and delivered custom client-specific reports, detailing compliance status and operational metrics.
  • Facilitated SOC2 audits to ensure compliance.

Associate Software Engineer

Accenture
08.2014 - 08.2016
  • Developed and delivered comprehensive information security awareness training for new joiners, existing employees, and leadership members.
  • Facilitated external audits for ISO 27001 and SOC, successfully achieving certifications, and coordinating with project teams and auditors to provide necessary evidence and track action items to closure.
  • Conducted internal audits on ISO27001 controls and various projects, identifying gaps and driving remediation efforts to ensure compliance.

Education

TY.Bsc.IT - Information Technology

Mumbai
Mumbai
01.2014

T.Y.Dipl. - Industrial electronics

Mumbai
Mumbai
01.2010

S.S.C. -

Mumbai
Mumbai, Maharashtra
01.2006

Skills

  • Information Security Governance & Compliance
  • ISO 27001/2 (including ISO 27017 & 27018), FedRAMP, SOC 2, PCI-DSS, HIPAA, NIST CSF / 800-53
  • Third-Party Risk Assessments & Vendor Management
  • Security Audits (Internal & External), Gap Assessments, and Remediation
  • Security Risk Management & Risk Mitigation
  • Security Architecture Design Review
  • Cloud Security
  • Security Process Automation
  • Cross-functional Collaboration with teams such as Enterprise Architecture, IT, and Legal
  • Reporting and KPI Tracking

Certification

  • ITIL foundation certified
  • Certified Ethical Hacking V9 certified
  • ISO27001K:2013 LA Certified

Accomplishments

  • Received Accenture excellence award (ACE) award, less than 1% of the employees are rewarded with this award in Accenture annually.
  • Received performance award under business operator category in Accenture.
  • Received performance award for achieving 100% strike rate on completion of Internal Audits.
  • Received Spotlight award twice in client leadership.
  • Received performance award for quality, timely delivery, and client appreciation.
  • Received awards in Client leadership category in EY.

Disclaimer

I hereby declare that the above-mentioned information is true to the best of my knowledge.

Timeline

Security Delivery-Assistant Manager

Accenture
08.2023 - Current

Data Protection SME

Kimberly Clark
01.2021 - 08.2023

Senior Consultant

Ernst & Young
02.2018 - 01.2021

Senior Associate Consultant

SISA Information security
06.2017 - 02.2018

Executive GRC

Netmagic Solutions
09.2016 - 05.2017

Associate Software Engineer

Accenture
08.2014 - 08.2016

TY.Bsc.IT - Information Technology

Mumbai

T.Y.Dipl. - Industrial electronics

Mumbai

S.S.C. -

Mumbai

Similar Profiles

  • Uttara Merupula

    Uttara MerupulaUttara Merupula

    Team Leader at AccentureTeam Leader at Accenture

    View Profile
  • Anchitha K R

    Anchitha K RAnchitha K R

    Senior Software Engineer at AccentureSenior Software Engineer at Accenture

    View Profile
  • PHANI TEJA NALLAMOTHU

    PHANI TEJA NALLAMOTHUPHANI TEJA NALLAMOTHU

    Senior Manager, Technology Architecture at AccentureSenior Manager, Technology Architecture at Accenture

    View Profile
Kajal Koli