Nikhil S Singhvi
Chennai
Summary
Dedicated and passionate professional committed to continuous learning and excellence in Information Security and Privacy.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Associate Director
Finstein Advizory LLP
Chennai
03.2024 - Current
- Developed and implemented strategies to increase organizational effectiveness and efficiency.
- Monitored budgeting, forecasting, planning and reporting activities of the department.
- Conducted tasks aimed at enhancing business opportunities
- Coordinated with other departments to ensure successful completion of projects within established timelines and budgets.
- Provided guidance and support to staff in order to maximize their performance.
- Conducted regular meetings with staff members to review progress on goals and objectives.
- Reviewed employee performance and provided ongoing feedback and coaching to drive performance improvement.
- Planned and delivered training sessions to improve employee effectiveness and address areas of weakness.
- Executed thorough evaluations of worksheets
- Delivered comprehensive guidance covering RBI, HIPAA, NIST, ISO, PCI DSS, and HITRUST to the new hires.
- Conducted risk assessments for a Non-Banking Financial Company using risk-based approaches and asset based approaches.
- Spearheaded implementation of HITRUST compliance at major healthcare institution
- Executed comprehensive r2 evaluation for health insurance firm
- Executed SOC 2 Type 2 Attestation for Fortune 500 enterprise
- Ensured accuracy in population and evidence validation for HITRUST
- Performed numerous ITGC and ITAC audits across NBFCs, banking, finance sector clients
- Reviewed completed work to verify consistency, quality, and conformance.
- Conducted CISA audit for Prepaid Payment Instruments complying with RBI standards
HITRUST Senior
Wipfli LLP
Bengaluru
06.2021 - 11.2022
- Referred 5 leads to existing company and successfully converted one lead to client
- Work closely with Managers and Directors in preparing Kick off decks and draft Engagement letter for the clients
- Was involved in end-to-end process of pitching, client negotiation, onboarding, fee discussion, agreements and Invoicing
- Proficient and knowledgeable with network compliance, identifying issues, vulnerability assessments, security risk analysis
- Adept in development and review of audit reports, Information Technology security program strategy, policy and process documentation
- Proficient and knowledgeable of security risk management, analysis and assessment concepts and their application
- Develop and maintain a high performing team through effective hiring, vendor partner management, coaching and performance management
- Establishes goals and objectives for team performance and manages attainment of those goals
- Selects, trains and motivates teams; provides teams professional development; and works with team to correct deficiencies
- Assisted many leading Technology, Billing sector client in achieving HITRUST certification
- Working directly with Covered Entities and Business Associates to achieve HITRUST Certification
- Performed HIPAA Privacy and Security Assessment
- Conduct HITRUST r2 and i1 Validated assessment
- Conduct HITRUST interim assessment
- Conduct Walkthroughs of all 19 HITRUST domains
- Efficiently document the results of walkthroughs
- Validate accuracy and completeness of population received from client and perform sampling as per HITRUST sampling methodology
- Prepare Data Request List for HITRUST domains
- Efficiently perform testing and documentation of the tests performed for HITRUST requirement statement at all 5 maturity levels
- Perform QA for testing completed by peers, as first level of internal quality check
- Upload all the documentation and related evidence to the MyCSF tool for HITRUST QA
Cyber Technology Risk Consultant
Grant Thornton LLP
Chennai
04.2019 - 06.2021
- Performed IT and Application Controls testing for an Assurance Engagement relating to large Manufacturing client
- As part of the review, have covered User Access management, Change Management, Backup and Recovery and assessed Segregation of Duties conflict for key activities
- Conducted Cyber Security Audit for a leading Bank in India as per RBI regulations
- Executed SOC 1 and SOC 2 Engagement for a large Financial Services client to check design and operating effectiveness
- Validate accuracy and completeness of population received from client and perform sampling
- Understanding the client environment to identify risks and suggest clients, to implement controls to mitigate the identified risks
- Efficiently document the results of walkthroughs, design and implementation testing and operating effectiveness of the controls
- Prepare Data Request List
- Address review comments received from the internal QA team and ensured that we receive minimum QA comments as part of the internal QA process
- Work closely with Managers and Directors in preparing Kick off decks and draft Engagement letter for the clients
- Performed Sarbanes-Oxley (SOX) IT Controls testing for a large Financial Services client based out of the US
- Performed General Data Protection Regulation (GDPR) Assessment for one of the major reputed IT Organizations
- Led small project teams and provided domain expertise on multiple Information Protection clients projects related to ISMS, Cyber Security Framework, Data Classification
- Provide advance compliance draft audit consulting to focus on NIST Controls to align for governance of HIPAA, HITRUST, PHI, ePHI, PII, PCI, SOC, FDA and Best Practice
Information Security Analyst
Ernst & Young LLP (EY)
Chennai
07.2017 - 03.2019
- Performed ISO 27001 implementation, HITRUST implementation and certifications, Agreed Upon Procedures and System and Organization Controls (SOC) engagements
- Performed Risk assessment and provided remediation plans based on identified gaps and handheld customers through certification phase for Healthcare, Manufacturing, Telecommunication, Media and Technology clients
- Schedule and implement IT security audits with system owners using NIST - for HIPAA and NIST, NIST -a and NIST for baseline assessments
- Developed Information Security policies, procedures, guidelines and templates in-line with the ISO 27001 standard requirements
- Performed internal audits
- Assisted a leading Technology sector client in achieving HITRUST certification
- Have performed many validated assessments for Covered Entities and Business Associates to achieve HITRUST Certification
- Work with a team of professionals to carry out attestation and HITRUST engagements in an efficient and timely manner
- Preparing workpapers for SOC and HITRUST in an efficient manner and clearly showcasing the testing to cover as much details as possible
- Executed System and Organization Controls (SOC) engagement and Agreed Upon Procedures for a major IT company
Education
Doctorate in Business Administration -
Swiss School of Management
06.2022
Master of Science - Cyber Forensic and Information Security
University of Madras
04.2019
Diploma in Cyber Law -
Government Law College
06.2018
Bachelor of Computer Application -
Loyola College
06.2016
Skills
- Team leadership
- Project management
- Information Security Management
- Risk Management & Compliance
- Third Party Risk Management
- Cyber Regulatory Compliance Assessment
- Strong collaborative skills
- Security Assessment and Testing
- Data Privacy & Compliance
- Communication
- People Development
- Excellent problem-solving abilities
- Organizational Development
- Business Development
- Decision-Making
- Hiring and Training
- Performance Evaluations
- Staff Scheduling
Certification
- Certified Information System Auditor (Qualified)
- Certified Information Security Manager (Qualified)
- HITRUST Alliance - HITRUST CCSF Professional
- HITRUST Alliance - HITRUST CHQP
- PCI Security Standard Council - Payment Card Industry Professional (PCIP)
- EC-Council - Certified Hacking Forensic Investigator (CHFI)
- EC-Council - Certified Ethical Hacker (CEH)
- EC-Council - Certified Network Defender (CND)
- EC-Council - Certified Security Analyst (ECSA)
- AccessData Certified Examiner
- OSForensics Certified Examiner
- Cyber Management Alliance U.K. - Certified Incident Planning & Response (CIPR)
- Cisco Certified Network Associate - Routing & Switching
Awards
Wipfli - Spotlight Award - Exceeding client expectation, Wipfli - Recognition Award - Bringing first client to India Team, GT - Spotlight Award - Gone beyond the call of duty, GT - Spotlight Award - Exceptional Client Performance, EY - Spotlight Award - Client champion for the outstanding work performed., EY - Kudos Award - Managing Challenging Client Expectation and Exemplary Performance
Publications
- How the HITRUST Threat Catalogue delivers deeper value for your risk assessment - Wipfli
- Cyber Criminology and Information Security - Digital 4n6 Magazine (India)
- Windows Live Forensics - eForensic Magazine (UK)
- Establishing Incident Escalation Process - eForensic Magazine (UK)
- Incident Response - eForensic Magazine (UK)
Languages
English, Hindi, Tamil, Marathi
Timeline
Associate Director
Finstein Advizory LLP
03.2024 - Current
HITRUST Senior
Wipfli LLP
06.2021 - 11.2022
Cyber Technology Risk Consultant
Grant Thornton LLP
04.2019 - 06.2021
Information Security Analyst
Ernst & Young LLP (EY)
07.2017 - 03.2019
Doctorate in Business Administration -
Swiss School of Management
Master of Science - Cyber Forensic and Information Security
University of Madras
Diploma in Cyber Law -
Government Law College
Bachelor of Computer Application -
Loyola College
Similar Profiles
Abinesh JAbinesh J
Full Stack Developer Trainee at Finstein Advizory Service LLPFull Stack Developer Trainee at Finstein Advizory Service LLP
Vignesh BVignesh B
Practice Leader- Strategic Finance Vertical at Finstein Advisory ServicesPractice Leader- Strategic Finance Vertical at Finstein Advisory Services
S A T M E E T S I N G HS A T M E E T S I N G H
Managing Director at Advizory & Beyond Inc.Managing Director at Advizory & Beyond Inc.