Naman Mittal
Bengaluru
Summary
Proficient Information Security and Risk Analyst with 3.5 years of experience in cloud security, ISO 27001 compliance, vulnerability management, policy compliance, and risk assessment, management, and treatment. Skilled in designing and implementing security frameworks, remediation plans, and compliance controls to protect critical enterprise assets and ensure adherence to regulatory standards.
Expert in leveraging tools like ServiceNow, QualysGuard, JIRA, and Power BI for risk tracking, remediation monitoring, and compliance automation. Proven ability to conduct vulnerability assessments, gap analyses, and incident investigations to mitigate threats and enforce cloud security controls.
Hands-on experience with ISO 27001 audits, risk treatment plans, and enforcing information security policies across multi-cloud and hybrid environments (AWS, Azure). Demonstrated expertise in aligning security operations with industry standards, including NIST, CIS benchmarks, SOX, and GDPR.
Adept at collaborating in Agile, integrating security governance into the SDLC, and driving continuous improvements in compliance monitoring, incident response, disaster recovery planning (DRP), and business continuity management (BCM). Recognized for optimizing process workflows and security frameworks to support enterprise security posture and regulatory compliance.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Information Security Analyst
Deutsche Bank
Bengaluru
12.2023 - Current
- Conducted risk management projects to identify deficiencies, and recommend corrective actions.
- Compiled and submitted regular reports to update senior management on operations and progress.
- Performed the risk assessment of the application based on the organization's adopted security controls framework ISO 27001.
- Responsible for the analysis and verification of compliance issues within various concerned domains, such as identity and access controls, privilege access management, and ISMS controls.
- Performed information security controls review in ServiceNow and RSA Archer for the applications.
- Performed information security controls assurance review for the Google Cloud application.
- Collaborated with external auditors in order to perform the control audit of the company’s in-scope applications.
- Performing Risk Assessment: Identify and categorize the type of risk, analyze, and estimate the risk affecting the business.
- Performed the remediation management of the application against the controls in order to make them compliant with the bank’s standards.
- Performed the risk assessment and the SOX control assessment of the application.
- Performed a risk assessment that identified and prioritized security vulnerabilities, allowing for the implementation of corrective measures to reduce risk.
- Recommend the security controls to be implemented for the findings, based on the assessment results.
- Collaborated with various departments within the organization to ensure effective implementation of risk mitigation strategies.
Cyber Security Analyst
Wipro Limited
Bengaluru
06.2021 - 12.2023
- Conducting ongoing vulnerability and policy compliance assessments on all devices, encompassing servers running various operating systems like Unix/Linux, Windows, VMware, Red Hat, AIX, desktops, network devices, databases, and more, while continuously performing scans on all TCP and standard UDP ports.
- Executing infrastructure vulnerability management and policy compliance scanning on servers, databases.
- Evaluating policy compliance on devices, including servers, desktops, and network devices.
- Engaging in endpoint scanning on devices to ensure adherence to both vulnerability and policy compliance security standards provided by the client.
- Working on remediation and monitoring activities processing within the ServiceNow tool.
- Investigating false positives, false negatives, and cases received from the customer.
- Managing the Gateway Projects from start to finish using the JIRA tool. Running scans to ensure compliance with our internal Technical Security Standards (as per SOX regulations).
- Conducting discovery and vulnerability scans to identify a range of vulnerabilities on our scan targets.
- Checking the security (security standards) of database instances (MSSQL, Oracle Legacy, Oracle Cloud, IBM DB2 Midrange)
- Participating in the creation of policies as per Artefacts Configuration Workbooks, both on demand and in collaboration with stakeholders.
- Possessing experience in working with the JIRA tool for managing requests related to Vulnerability Exceptions, IP Exclusions, Onboarding, and Decommissioning of assets.
- Adding value through Pragathi's development activities: Contributing productive work on Excel automation and submitting it as Pragathi's, further enhancing both personal and team value.
- Gaining practical experience with the Qualys Guard Vulnerability and Policy Compliance Management Tool.
Teaching Assistant
Coding Ninjas
New Delhi
03.2020 - 07.2020
- Scheduled tutoring sessions to help students improve grades and gain better grasp course material.
- Helped students debug the code according to minimum time and space complexity.
- Helped students in resolving doubts about C++ and Data Structures.
- Achieved a 4.82/5.00 rating with a milestone of 1,200 doubts during my tenure.
- Facilitated group discussions between students about advanced programming concepts.
- Conducted assessments on student's coding abilities to determine the best course of action.
Education
Executive Post Graduation Programme - Cyber Security And Ethical Hacking
IHUB DivyaSampark- IIT Roorkee
08-2025
Bachelor of Engineering - Electronics And Telecommunication
Sathyabama Institute of Science And Technology
Chennai05-2021
Skills
- Information Security
- Cyber Security
- Risk Management
- Risk Assesment
- Remediation Management
- ISO 27001: Lead Auditor
- Governance, Risk and Compliance (GRC)
- Regulatory Requirements
- Vulnerability Management
- Policy Compliance
- Ethical Hacking
- Cloud Security
- Azure Fundamentals & GCP
- RSA Archer, ServiceNow, Jira
- Frameworks: NIST(CIS Standards), ISO 27001:2022
- Excel, Power BI
- C, HTML, CSS, JS, React, SQL
- Privacy regulations
- Risk analysis & mitigation
- Qualysguard, Tenable Nessus, Wireshark, John the Ripper
Certification
- ISO 27001: Lead Auditor
- Microsoft Azure: AZ900
- Qualys certified specialist: Vulnerability Management
- Qualys certified specialist: Policy Compliance
Timeline
Information Security Analyst
Deutsche Bank
12.2023 - Current
Cyber Security Analyst
Wipro Limited
06.2021 - 12.2023
Teaching Assistant
Coding Ninjas
03.2020 - 07.2020
Executive Post Graduation Programme - Cyber Security And Ethical Hacking
IHUB DivyaSampark- IIT Roorkee
Bachelor of Engineering - Electronics And Telecommunication
Sathyabama Institute of Science And Technology
Similar Profiles
Dnyaneshwar BhogilDnyaneshwar Bhogil
Trade and Transaction Analyst at Deutsche Bank Group, Deutsche BankTrade and Transaction Analyst at Deutsche Bank Group, Deutsche Bank
PRADEEP KUMARPRADEEP KUMAR
Assistant Vice President at Deutsche India Private Limited (Deutsche Bank Group)Assistant Vice President at Deutsche India Private Limited (Deutsche Bank Group)
Manoj Singh SolankiManoj Singh Solanki
Senior Analyst at Deutsche India Pvt. Ltd- Deutsche Bank GroupSenior Analyst at Deutsche India Pvt. Ltd- Deutsche Bank Group
Amit KulkarniAmit Kulkarni
Vice President at Deutsche India Pvt. Ltd, Deutsche Bank of India, DBOIVice President at Deutsche India Pvt. Ltd, Deutsche Bank of India, DBOI
Sabir PashaSabir Pasha
Senior Technical Solutions Engineer at BARRACUDA NETWORKSSenior Technical Solutions Engineer at BARRACUDA NETWORKS