Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Naman Mittal

Bengaluru

Summary

Proficient Information Security and Risk Analyst with 3.5 years of experience in cloud security, ISO 27001 compliance, vulnerability management, policy compliance, and risk assessment, management, and treatment. Skilled in designing and implementing security frameworks, remediation plans, and compliance controls to protect critical enterprise assets and ensure adherence to regulatory standards.

Expert in leveraging tools like ServiceNow, QualysGuard, JIRA, and Power BI for risk tracking, remediation monitoring, and compliance automation. Proven ability to conduct vulnerability assessments, gap analyses, and incident investigations to mitigate threats and enforce cloud security controls.

Hands-on experience with ISO 27001 audits, risk treatment plans, and enforcing information security policies across multi-cloud and hybrid environments (AWS, Azure). Demonstrated expertise in aligning security operations with industry standards, including NIST, CIS benchmarks, SOX, and GDPR.

Adept at collaborating in Agile, integrating security governance into the SDLC, and driving continuous improvements in compliance monitoring, incident response, disaster recovery planning (DRP), and business continuity management (BCM). Recognized for optimizing process workflows and security frameworks to support enterprise security posture and regulatory compliance.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Information Security Analyst

Deutsche Bank
Bengaluru
12.2023 - Current
  • Conducted risk management projects to identify deficiencies, and recommend corrective actions.
  • Compiled and submitted regular reports to update senior management on operations and progress.
  • Performed the risk assessment of the application based on the organization's adopted security controls framework ISO 27001.
  • Responsible for the analysis and verification of compliance issues within various concerned domains, such as identity and access controls, privilege access management, and ISMS controls.
  • Performed information security controls review in ServiceNow and RSA Archer for the applications.
  • Performed information security controls assurance review for the Google Cloud application.
  • Collaborated with external auditors in order to perform the control audit of the company’s in-scope applications.
  • Performing Risk Assessment: Identify and categorize the type of risk, analyze, and estimate the risk affecting the business.
  • Performed the remediation management of the application against the controls in order to make them compliant with the bank’s standards.
  • Performed the risk assessment and the SOX control assessment of the application.
  • Performed a risk assessment that identified and prioritized security vulnerabilities, allowing for the implementation of corrective measures to reduce risk.
  • Recommend the security controls to be implemented for the findings, based on the assessment results.
  • Collaborated with various departments within the organization to ensure effective implementation of risk mitigation strategies.

Cyber Security Analyst

Wipro Limited
Bengaluru
06.2021 - 12.2023
  • Conducting ongoing vulnerability and policy compliance assessments on all devices, encompassing servers running various operating systems like Unix/Linux, Windows, VMware, Red Hat, AIX, desktops, network devices, databases, and more, while continuously performing scans on all TCP and standard UDP ports.
  • Executing infrastructure vulnerability management and policy compliance scanning on servers, databases.
  • Evaluating policy compliance on devices, including servers, desktops, and network devices.
  • Engaging in endpoint scanning on devices to ensure adherence to both vulnerability and policy compliance security standards provided by the client.
  • Working on remediation and monitoring activities processing within the ServiceNow tool.
  • Investigating false positives, false negatives, and cases received from the customer.
  • Managing the Gateway Projects from start to finish using the JIRA tool. Running scans to ensure compliance with our internal Technical Security Standards (as per SOX regulations).
  • Conducting discovery and vulnerability scans to identify a range of vulnerabilities on our scan targets.
  • Checking the security (security standards) of database instances (MSSQL, Oracle Legacy, Oracle Cloud, IBM DB2 Midrange)
  • Participating in the creation of policies as per Artefacts Configuration Workbooks, both on demand and in collaboration with stakeholders.
  • Possessing experience in working with the JIRA tool for managing requests related to Vulnerability Exceptions, IP Exclusions, Onboarding, and Decommissioning of assets.
  • Adding value through Pragathi's development activities: Contributing productive work on Excel automation and submitting it as Pragathi's, further enhancing both personal and team value.
  • Gaining practical experience with the Qualys Guard Vulnerability and Policy Compliance Management Tool.

Teaching Assistant

Coding Ninjas
New Delhi
03.2020 - 07.2020
  • Scheduled tutoring sessions to help students improve grades and gain better grasp course material.
  • Helped students debug the code according to minimum time and space complexity.
  • Helped students in resolving doubts about C++ and Data Structures.
  • Achieved a 4.82/5.00 rating with a milestone of 1,200 doubts during my tenure.
  • Facilitated group discussions between students about advanced programming concepts.
  • Conducted assessments on student's coding abilities to determine the best course of action.

Education

Executive Post Graduation Programme - Cyber Security And Ethical Hacking

IHUB DivyaSampark- IIT Roorkee
08-2025

Bachelor of Engineering - Electronics And Telecommunication

Sathyabama Institute of Science And Technology
Chennai
05-2021

Skills

  • Information Security
  • Cyber Security
  • Risk Management
  • Risk Assesment
  • Remediation Management
  • ISO 27001: Lead Auditor
  • Governance, Risk and Compliance (GRC)
  • Regulatory Requirements
  • Vulnerability Management
  • Policy Compliance
  • Ethical Hacking
  • Cloud Security
  • Azure Fundamentals & GCP
  • RSA Archer, ServiceNow, Jira
  • Frameworks: NIST(CIS Standards), ISO 27001:2022
  • Excel, Power BI
  • C, HTML, CSS, JS, React, SQL
  • Privacy regulations
  • Risk analysis & mitigation
  • Qualysguard, Tenable Nessus, Wireshark, John the Ripper

Certification

  • ISO 27001: Lead Auditor
  • Microsoft Azure: AZ900
  • Qualys certified specialist: Vulnerability Management
  • Qualys certified specialist: Policy Compliance

Timeline

Information Security Analyst

Deutsche Bank
12.2023 - Current

Cyber Security Analyst

Wipro Limited
06.2021 - 12.2023

Teaching Assistant

Coding Ninjas
03.2020 - 07.2020

Executive Post Graduation Programme - Cyber Security And Ethical Hacking

IHUB DivyaSampark- IIT Roorkee

Bachelor of Engineering - Electronics And Telecommunication

Sathyabama Institute of Science And Technology
Naman Mittal