Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Languages
Disclaimer
Timeline
Generic

Lilesh Asawale

Thane

Summary

Information security GRC professional with 6+ years of experience. Skilled in Third party risk management(TPRM), IT governance, SSAE 18, SOC 2, PCI-DSS. Expertise in performing risk assessment as per ISO 27005 and ISO 31000 and internal audit for organization. Administration of Forcepoint DLP. Completed BE from Mumbai University

Overview

7
7
years of professional experience
1
1
Certification

Work History

Solution Delivery Lead(Sr. Consultant)

Deloitte & Touche LLP, India (Office of US)
02.2022 - Current
  • Handled information security risk assessments for effective on-boarding of third parties, vendor applications in client's environment
  • Develop and/or evaluate and enhance an organization's third-party risk management program and help the organization implement and/or customize risk management solutions
  • Performing detailed third party remote information security assessments for a fortune 500 multi-national technology company. Evaluated the security posture of cloud-based application development firms serving the client. Assessed the design and implementation of application security controls in areas of data protection, access controls, network security, logging and monitoring, incident management, business continuity and other information security domains
  • Prepared Risk Register reports based on assessment and share with the business.

Senior Executive - Governance, Risk & Compliance

NTT GDC and Cloud Infrastructure India
10.2020 - 02.2022
  • Assisted in SSAE 18 & SOC 2 audits
  • Interview with various stakeholders and gathering the evidence to successfully conclude the SSAE 18 & SOC 2 audit
  • Conduct risk assessment as per ISO 27005 & ISO 31000 for different functions and prepared risk treatment for successfully treating the risk as a result of risk assessment
  • Forcepoint DLP administration by creating the policies, resolving known DLP issues, monitoring of incidents, incident reporting and determine the Root cause analysis of the incidents
  • Performed current state assessment and pre-audit
  • Performed Business Impact Analysis as per ISO 22301
  • Assisted in ISO Surveillance & Re-certification audits as per ISO 27001 ISO 27001, PCI-DSS, ISO 9001, ISO 20000, ISO 22301
  • Tracking and verifying artefacts against ISO audit observations
  • Performed Internal audits for different functions as per compliance standards ISO 27001, PCIDSS, ISO 9001, ISO 20000, ISO 22301
  • Performing Governance activities (Access reviews, physical security controls, AVS review, Patch management review, vendor management related controls, change management, incident management, problem management) based on different compliance standards
  • Project: DC network management design project
  • Maintaining project tracker
  • Scheduling meetings and sharing project update with senior management and NTT global team
  • Follow-up with different internal stakeholders for status update on progress of project.

Information Security Analyst

C-Edge Technologies Ltd.
Thane
01.2019 - 10.2020
  • Verification/monitoring/Review of user access, Deviation management
  • Internal/External Audits and closure follow-up
  • Approving authority for additional software/Privilege access, Exits, physical access controls etc. Regular review of compliance against information security controls through AVS Update, Patch Management, User access audit, Exit cross verification audit and regular reports reviews etc
  • Review & Update information security policies/Standards and Procedures, VA/PT finding, closure coordination with stakeholders
  • Manage Request for Information (RFI) supports for clients
  • Manage and member of Change Control Board (CCB)
  • Development and Maintenance of Governance metrics (Objectives)across organization
  • Risk Assessment: Co-Ordinating with teams to identify treat and mitigate risk and maintain risk assessment sheet of functions
  • Checking compliance for Cyber security advisory release of regulatory bodies (RBI,NPCI)
  • Suspicious phishing mail analysis by creating IOC for blocking across organization
  • Design security controls in SIEM to improve security across organization
  • Research on various security topics and implemented appropriate control to match security as per industry practices
  • Creation of SOP, action plan, work flow diagram/flowchart for technologies and tools
  • Managing ISO27001:2013 Cyber Security, Banks audits, RBI Cyber security frame work audit
  • Scheduling the Preparedness audit
  • Conduct preparedness audit
  • Share the observations
  • Follow-up and Closure of observations
  • Final Audit coordination
  • Follow-up for closure of audit observations.

Quality Engineer

Ashidha Electronics Pvt Ltd.
04.2017 - 07.2018
Ashidhaudit regarding quality of end product.

Education

Bachelor of Engineering - Electronics and telecommunication

Mumbai University
Thane
05.2016

HSC -

Mumbai University
02.2012

SSC -

Maharashtra State Board
03.2010

Skills

  • Quick learning ability
  • Proactive learner towards new technologies
  • Good analytical & troubleshooting skills
  • Ability to deliver under time-bound and high-pressure conditions

Certification

  • Passed Certified Information Systems Auditor (CISA)
  • Certified Ethical Hacker v10 (CEH) from EC-Council.
  • Certified Internal Auditor of Information technology Service Management Based on ISO/IEC 20000-1 : 2018
  • Certified ISO27001 : 2013 Lead Auditor from Intertek.
  • Completed course and Certification on vulnerability management and PCI Compliance from QUALYS

Personal Information

  • Date of Birth: 06/03/95
  • Gender: Male
  • Marital Status: Single

Languages

  • English
  • Hindi
  • Marathi

Disclaimer

The information furnished above is correct and true to the best of my knowledge.

Timeline

Solution Delivery Lead(Sr. Consultant)

Deloitte & Touche LLP, India (Office of US)
02.2022 - Current

Senior Executive - Governance, Risk & Compliance

NTT GDC and Cloud Infrastructure India
10.2020 - 02.2022

Information Security Analyst

C-Edge Technologies Ltd.
01.2019 - 10.2020

Quality Engineer

Ashidha Electronics Pvt Ltd.
04.2017 - 07.2018

Bachelor of Engineering - Electronics and telecommunication

Mumbai University

HSC -

Mumbai University

SSC -

Maharashtra State Board

Similar Profiles

  • Suneel Mishra

    Suneel MishraSuneel Mishra

    Assistant Manager at Deloitte Touche Tohmatsu India LLP, DeloitteAssistant Manager at Deloitte Touche Tohmatsu India LLP, Deloitte

    View Profile
  • Abhinav Sharma

    Abhinav SharmaAbhinav Sharma

    Senior Consultant at Deloitte Touche Tohmatsu India LLPSenior Consultant at Deloitte Touche Tohmatsu India LLP

    View Profile
  • Veenu Joshi

    Veenu JoshiVeenu Joshi

    Consultant -ET&P Finance and Performance at Deloitte Touche Tohmatsu India LLPConsultant -ET&P Finance and Performance at Deloitte Touche Tohmatsu India LLP

    View Profile
Lilesh Asawale