Neha Joshi

Senior Consultant

Ernst & Young

Gurgaon

04.2019 - 12.2023

Assisted organizations with ISO 27001 certification, by gathering business understanding, scoping ISMS, conducting gap assessments, and formulating policies and procedures.
Developed and implemented security awareness and training program to deliver across mediums such as e-learning platforms, emailers, posters, classroom sessions, etc. , resulting in reduction in security incidents.
Performed risk assessments in accordance with ISO 27001, NIST 800-53 and RMF to identify risks. Assisted various clients across financial, healthcare, manufacturing, and IT sectors in implementation of security controls to mitigate the identified risks.
Established Risk Management Framework for multiple organizations.
Developed response strategies based on various standards and frameworks like NIST 800-53, ISO 27001 and NIST CSF to ensure business continuity and limit the impact of a security breach.
Prepared comprehensive gap analysis reports that highlighted specific areas where the organization's cybersecurity practices fell short of NIST CSF maturity framework.
Helped implement NIST CSF and NIST SSDF frameworks through gap analysis and recommendations.
Conducted Cyber Maturity Assessments (CMA) to analyse clients’ current security posture using Secure Controls Framework.
Developed security policies, procedures, and guidelines to protect clients’ IT infrastructure.
Conducted gap assessments for multiple clients, identifying critical vulnerabilities and recommended corrective actions that led to improvement in overall security posture.
Performed vendor assessments using the SIG standards and ISO 27001 standards.
Conducted vendor assessments and information security due diligence for client onboarding.
Audited internal IT controls for Sarbanes-Oxley Act compliance.
Executed IT general control reviews like application development, application maintenance, testing services, change management, incident management, service request management, and batch monitoring services for retail, pharmaceutical, and manufacturing clients.
Conducted on-site audit procedures in Manila, Philippines for a critical vendor security compliance.
Reviewed internal security controls related to areas like user access, incident, backup and Change management for an oil company in Saudi Arabia. Worked with the client in design and process improvement by providing recommendations.
Worked with the client in the creation of the Data Privacy Programs including work products like RoPA, data flow mapping (DFD), DPIA, and privacy & cookie policy based on the General Data Protection Regulation (GDPR) Act.