Summary
Overview
Work History
Education
Skills
Websites
Accomplishments
Certification
Timeline
Generic

Neha Joshi

Gurgaon

Summary

Working as a Senior Consultant with an equivalent of 06+ years of experience in technology & risk consulting. Experienced with a range of geographies and industries that helps in providing strategy management, cost-effective, and value-added solutions to clients’ diverse businesses on aspects related to governance, risk, and compliance. Experience in various aspects of consulting, including ISO implementation, risk & compliance advisory, vendor management, and due diligence engagements.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Senior Consultant

Ernst & Young
Gurgaon
04.2019 - 12.2023
  • Assisted organizations with ISO 27001 certification, by gathering business understanding, scoping ISMS, conducting gap assessments, and formulating policies and procedures.
  • Developed and implemented security awareness and training program to deliver across mediums such as e-learning platforms, emailers, posters, classroom sessions, etc. , resulting in reduction in security incidents.
  • Performed risk assessments in accordance with ISO 27001, NIST 800-53 and RMF to identify risks. Assisted various clients across financial, healthcare, manufacturing, and IT sectors in implementation of security controls to mitigate the identified risks.
  • Established Risk Management Framework for multiple organizations.
  • Developed response strategies based on various standards and frameworks like NIST 800-53, ISO 27001 and NIST CSF to ensure business continuity and limit the impact of a security breach.
  • Prepared comprehensive gap analysis reports that highlighted specific areas where the organization's cybersecurity practices fell short of NIST CSF maturity framework.
  • Helped implement NIST CSF and NIST SSDF frameworks through gap analysis and recommendations.
  • Conducted Cyber Maturity Assessments (CMA) to analyse clients’ current security posture using Secure Controls Framework.
  • Developed security policies, procedures, and guidelines to protect clients’ IT infrastructure.
  • Conducted gap assessments for multiple clients, identifying critical vulnerabilities and recommended corrective actions that led to improvement in overall security posture.
  • Performed vendor assessments using the SIG standards and ISO 27001 standards.
  • Conducted vendor assessments and information security due diligence for client onboarding.
  • Audited internal IT controls for Sarbanes-Oxley Act compliance.
  • Executed IT general control reviews like application development, application maintenance, testing services, change management, incident management, service request management, and batch monitoring services for retail, pharmaceutical, and manufacturing clients.
  • Conducted on-site audit procedures in Manila, Philippines for a critical vendor security compliance.
  • Reviewed internal security controls related to areas like user access, incident, backup and Change management for an oil company in Saudi Arabia. Worked with the client in design and process improvement by providing recommendations.
  • Worked with the client in the creation of the Data Privacy Programs including work products like RoPA, data flow mapping (DFD), DPIA, and privacy & cookie policy based on the General Data Protection Regulation (GDPR) Act.

Systems Engineer

Tata Consultancy Services
Gurgaon
01.2015 - 06.2017
  • As a System Engineer at Tata Consultancy Services (TCS), worked on developing and maintaining an e-commerce solution based on ATG platform catering to B2B transactions for large industrial appliances.
  • Managed various portals including Home Page, My Cart, Catalogue, and Payments. Involved in all stages of the Software Development Life Cycle (SDLC), ensured the site's robustness, security, and scalability by performing various testing. Additionally, handled documentation tasks and contributed to enhancing the payment pages, ensuring seamless transactions for the users.

Education

MBA - IT – Information Security

Symbiosis Centre For Information Technology, Pune
03-2019

B. Tech - Electronics and Communications

Uttar Pradesh Technical University, Greater Noida
07-2014

Skills

  • NIST CSF
  • SSDF
  • RMF
  • ITGC Controls
  • 800-53
  • SOX Assessment
  • Vendor Risk Assessment
  • ISO 27001 Implementation & Assessment
  • Risk Assessment and Management
  • Business Continuity Management
  • Maturity Assessments

Accomplishments

  • Awarded “Kudos” and “I am exceptional” awards from EY

Certification

  • Certified BSI ISO-27001 Lead Auditor (2021)
  • Certified in Cybersecurity by ISC^2 (2022)

Timeline

Senior Consultant

Ernst & Young
04.2019 - 12.2023

Systems Engineer

Tata Consultancy Services
01.2015 - 06.2017

MBA - IT – Information Security

Symbiosis Centre For Information Technology, Pune

B. Tech - Electronics and Communications

Uttar Pradesh Technical University, Greater Noida
Neha Joshi