Summary
Overview
Work History
Education
Skills
Accomplishments
Relevant Experience
Trained And Certified
Positives
Personal Information
Timeline
Generic
PEOCI GHOSH DAS

PEOCI GHOSH DAS

Bangalore

Summary

Want to build a successful career in the IT industry with skill in Opportunity for IT Audit, Risk & Compliance, certified in ISO 27001:2013 and ISO 31000 Risk management from TUV NORD. Hands on experience in Quality Management with ISO 9001:2015 certified and Six Sigma Trained. Worked on HIPAA compliance. Have knowledge of PCIDSS and have hands on experience on tools like Archer, Risk recon and XSOAR.

Overview

11
11
years of professional experience

Work History

Risk Consultant & IT auditor

AXA Global Business
4 2023
  • Monitor and ensure compliance with relevant data protection laws and regulations such as GDPR or other privacy law
  • Support the internal risk assessments, identify areas of potential technical and process vulnerability, and recommend compensating controls
  • Evaluate and maintain up-to-date knowledge of the effectiveness of standards and compensating controls in mitigating IT risk
  • Interact with Internal/External Audit and IT teams to ensure on-going Compliance with company IT security policies and standards
  • Understand the balance between technical security measures and potential organizational mitigating measures
  • Identify various Information security themes across our estate and push for continuous improvement
  • Help maintain operations required for maintaining an ISO27001/ISO9001 compliant organization
  • Working with stakeholders and control owners on driving performance, continuous improvement and maturity
  • Maintaining security policy governance and lifecycle, executing an effective end to end Information Security program while supporting internal and external audits from evidence submission through to finding remediation
  • Manage multiple concurrent tasks and be flexible to perform and review IT risk assessments, supplier assessments, and support audits, as applicable
  • Work closely with the data governance team to adhere to data privacy and compliance policies
  • Implement data quality checks, data profiling, and data cleansing techniques to maintain high data accuracy and consistency
  • Governance and Policy Management: Develop, implement, and maintain information security policies, standards, and procedures
  • Ensure alignment of security policies with industry standards, regulations, and best practices
  • Risk Management: Conduct regular risk assessments to identify, evaluate, and prioritize information security risks
  • Develop and implement risk mitigation strategies and action plans
  • Coordinate and support external audits and assessments related to information security
  • IT Audit Management: Plan and execute IT audits to assess the effectiveness of information security controls
  • Coordinate with internal and external audit teams, addressing findings and ensuring timely remediation
  • Security Awareness and Training: Develop and deliver security awareness and training programs for employees
  • Promote a culture of security awareness and compliance throughout the organization
  • Incident Response and Investigation: Lead incident response efforts in the event of security incidents or breaches
  • Vendor Risk Management: Assess and manage the security risks associated with third-party vendors and service providers.

IT AUDITOR & Risk Consultant (HIPAA COMPLIANCE)

V2SOFT INDIA PVT.LTD
07.2020
  • Roles and Responsibilities: Working
  • Gather evidence by interviewing Hr., staff, managers, and other departments & stakeholders
  • Conduct reports on the findings and inform different teams on gap closure
  • Ensure all the controls are outlined for an application/Infrastructure are designed effectively
  • Maintaining Risk Registers
  • Actively participated in reviewing and improving the Information Security Controls implemented in the organization
  • Maintaining daily/Weekly/Monthly activities reports, follow up on escalations/Audit NCs till the closure
  • Support in risk assurance and audits
  • Objectively review an organization's business process
  • Evaluate the efficacy of risk management procedures that are currently in place
  • Protect against fraud and theft of the organization's assets
  • Ensure that the organization is complying with relevant laws and statutes
  • Make recommendations on how to improve internal control
  • Working on share point and Jira tool
  • Uploading incidents data on share point
  • Creating incidents on Share point and details and status.

DSP

Bosch Global Software Technology
01.2022 - 04.2023
  • Trained Lead Auditor and Risk Consultant
  • Roles and Responsibilities: Working as a Risk Consultant & IT auditor: Reviewing of Security Incidents and maintaining a tracker
  • Performing Internal audit checks as per ISO 27001 standard
  • Performing Gap Analysis
  • Provide guidance and training in risk management processes
  • Conducting Risk Assessment
  • Review VA-PT results and recommend the risks to be remediated
  • Audit of physical access of users
  • Analysis on Hardware Checks and performing risk assessment
  • Working on GDPR Compliance
  • Handling Data security in different departments
  • Implementing ISMS Policies
  • Maintaining Risk register
  • Conducting Risk Analysis and working on gaps
  • Conducting BCP and call tree test
  • Working on Cardio checks (Access policy, Environment security, Password policy etc.)
  • Have hands-on experience in GDPR compliance.

Risk Consultant & Internal Auditor

Concentrix
- 01.2022
  • Review VA-PT results and recommend the risks to be remediated
  • Extracting reports from Qualys and reaching out to VA team
  • Conduct Audit for different teams
  • Tracking of Incidents and reviewing of Security Incidents
  • Performing Internal audit checks
  • Performing gap analysis and providing NC
  • Audit on Identity Management
  • Coordinating with SOC team for Service Assurance report
  • Ensure all the risks are documented, classified, and addressed with appropriate action as per the IRM standards
  • Provide training in risk management processes to various stakeholders
  • Objectively review an organization's business process
  • Evaluate the efficacy of risk management procedures that are currently in place
  • Conduct Risk Assessment for different units.

Auditor and Risk consultant

NBIRS
01.2019 - 01.2020
  • Driving QMS initiatives along with functional teams to formulize a robust processes and systems with proper Records, Reports, Forms etc
  • In a standardized manner
  • Worked on CMMI (Capability Maturity Model Integration)
  • Managing Information security Setup as per security requirements
  • Designing policies & security controls
  • Ensuring compliance
  • Conducting Information security & Risk Mgt
  • Awareness sessions & presentations
  • Promote the awareness and understanding of good operational InfoSec risk practices
  • Identifying the root cause, corrective action, preventive action etc
  • Along with regional operation teams under proper CAPA framework leading to customer satisfaction
  • Identifying Risk and reaching out to different teams for findings
  • Application audit with Risk assessment
  • Pulling VA reports and sending to VA-PT teams.

Internal Quality Assurance Auditor

Vibgyor High
01.2018 - 01.2019
  • Driving QMS initiatives along with functional teams with PDCA(Plan-Do-Check-Act) cycle
  • Active participation in formulating the business goals and objectives along with Audit Team, working jointly with operation management and breaking down the key business drivers in measurable terms, maintaining relationship with different functions to make sure, quality initiatives are driven strongly
  • Identifying the root cause, corrective action, preventive action etc
  • Along with regional operation teams under proper CAPA framework leading to customer satisfaction.

Quality Auditor

Cambridge Institution K.R Puram
01.2017 - 01.2018
  • Conducting Process reviews and process improvement initiatives covering all critical functions
  • Maintaining Audit Reports and follow up with resp
  • Functions for closure of NC's
  • A process based internal inspection and escalations to measure the service level compliance of every process with Management
  • Reporting the non-adherence level at a regular frequency with proper quality gates so that the defect will not pass to the next process
  • Maintaining daily/Weekly/Monthly activities reports, follow up on escalations/Audit NC's till the closure
  • Implementation of Action plans in coordination with Operations
  • Involving in the checks and measure of Physical threats.

Quality Auditor

RCIS Begur
01.2015 - 01.2016
  • Conducting Process reviews and process improvement initiatives covering all critical functions
  • Maintaining Audit Reports and follow up with resp
  • Functions for closure of NC's
  • A process based internal inspection and escalations to measure the service level compliance of every process with Management
  • Reporting the non-adherence level at a regular frequency with proper quality gates so that the defect will not pass to the next process
  • Maintaining daily/Weekly/Monthly activities reports, follow up on escalations/Audit NC's till the closure
  • Implementation of Action plans in coordination with Operations
  • Involving in the checks and measure of Physical threats.

Risk & Audit Management

IBM Global
01.2012 - 06.2012
  • Maintain Accurate reports ISMS standards
  • Understand and Evaluate Risk
  • Having experience in Risk Management
  • Worked on Risk tracker Sheet
  • Creating Awareness session on Risk management
  • Maintaining Risk Register and tracking incidents
  • Review and provide assurance on risk identification and mitigations
  • Analyzing the risk of change and reviewing the impact
  • Coordinating with different teams to understand the risk involved in the change management
  • Improve and contribute risk and control requirements and associated policies and guidance
  • Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.

Education

Skills

Motivated, Enthusiastic, Quick learner and flexible with overall 8 years of experience in diverse IT and Non-IT Domain in Quality Assurance and Information Security Management System Highly Flexible and can work with internal Quality and ISMS teamundefined

Accomplishments

  • Awarded with certificate for +2 CBSE Topper in commerce stream (school level)
  • Public Speaking & Anchoring

Relevant Experience

8 years (IT AUDIT & IT RISK)

Trained And Certified

  • TUV NORD trained in ISO 27001:2022 Lead Auditor
  • TUV Certified in ISO 9001:2015 Internal Quality Auditor.
  • TUV Certified in ISO 27001:2013 Information Security audit Mgt.
  • TUV Certified in ISO 31000:2018 Risk Management
  • ITIL V4 Trained

Positives

  • Leadership Qualities
  • Excellent Communication Skill
  • Ability to express the ideas clearly
  • Quick learner
  • Wonderful interacting capability

Personal Information

  • Passport Number: RO314140
  • Father's Name: Mr. Anil Kr Ghosh
  • Date of Birth: 04/10/84
  • Gender: Female
  • Nationality: Indian
  • Religion: Hindu

Timeline

DSP

Bosch Global Software Technology
01.2022 - 04.2023

IT AUDITOR & Risk Consultant (HIPAA COMPLIANCE)

V2SOFT INDIA PVT.LTD
07.2020

Auditor and Risk consultant

NBIRS
01.2019 - 01.2020

Internal Quality Assurance Auditor

Vibgyor High
01.2018 - 01.2019

Quality Auditor

Cambridge Institution K.R Puram
01.2017 - 01.2018

Quality Auditor

RCIS Begur
01.2015 - 01.2016

Risk & Audit Management

IBM Global
01.2012 - 06.2012

Risk Consultant & IT auditor

AXA Global Business
4 2023

Risk Consultant & Internal Auditor

Concentrix
- 01.2022

Similar Profiles

CREATE PROFILE
PEOCI GHOSH DAS