POOJA GAUTAM
Gurugram
Summary
Information Technology Auditor known for high productivity and efficient task completion. Specialize in risk assessment, internal control audits, and compliance with IT standards. Excel in critical thinking, problem-solving, and communication, skills that ensure thorough audit processes and clear reporting. Committed to improving system integrity through careful analysis and professional skepticism.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior IS/IT Auditor
Nokia
Gurugram
04.2024 - Current
- Led audits across network security, third-party risk, and factory operations.
- Assessed compliance with NIS2 and DORA, integrating ICT governance and vendor oversight.
- Reviewed GCP IAM, CI/CD pipelines, and container security (GKE), enhancing cloud security posture.
- Collaborated with DevOps and cloud teams to align security controls with audit standards.
Senior Consultant
EY India
Gurugram
05.2021 - 03.2024
- Performed assessments and audits based on NIST CSF, NIST 800-53, ISO 22301 BCMS, ISO 27001 ISMS, ICSA Cloud Controls Matrix, and FFIEC CAT.
- Conducted compliance reviews to ensure client organizations met operational and ICT security standards mandated by DORA.
- Advised on procurement and management of third-party services to enhance vendor risk management under DORA.
- Developed cybersecurity governance frameworks for sectors such as energy and transport to meet NIS 2 requirements.
- Managed preparation and completion of SOC reports while collaborating with auditors for compliance.
- Executed comprehensive ISO 27001 audits for multinational organizations to evaluate information security management systems.
- Led global audit processes across more than 10 countries, ensuring adherence to ISO 27001 standards.
- Established vendor risk register and developed KPIs/KRIs for reporting dashboards on identified risks.
Intern
McAfee
Bengaluru
04.2020 - 06.2020
- Demonstrated strong problem-solving and communication skills to resolve complex issues.
- Collaborated with cross-functional teams to facilitate effective problem resolution.
- Supported governance initiatives related to data privacy laws, including GDPR compliance.
- Enhanced SIEM technology capabilities to improve detection and response measures.
- Managed assessments of third-party vendors, ensuring robust security and privacy practices.
- Conducted on-site audits and remote assessments for vendor compliance with regulations.
- Monitored vendor performance regularly, updating risk profiles and recommending corrective actions.
Senior System Engineer
Infosys Limited
Pune
12.2016 - 05.2019
- Prepared comprehensive reports on third-party risk exposure for executive management.
- Ensured compliance with NIST 800-53 by supporting implementation of security controls.
- Specialized in incident resolution, production monitoring, and post-code validation.
- Conducted research on data privacy trends, regulations, and best practices.
- Assisted in data breach responses, including notification processes.
- Responded to security threats, confirming effective security code implementation and data integrity.
- Collaborated with stakeholders for biweekly updates on security status and cybersecurity efforts.
- Mentored a team of six members, facilitating knowledge transfer sessions and promoting a cybersecurity-aware culture.
Education
MBA -
Symbiosis Centre for Information Technology
Pune12.2021
B.Tech. - Information Technology
Inderprastha Engineering College
Ghaziabad12.2016
Class XII - Science
Ramjas School
New Delhi12.2012
Class X -
Ramjas School
New Delhi12.2010
Skills
- ISMS audits
- Cyber maturity assessments
- Third-party risk assessment
- Data privacy and protection
- SOC reporting
- Control testing
- Process and policy review
- Cyber governance and risk management
- Cyber risk assurance
- Internal audit
- Network security
- Cloud security
Certification
- Certified Information System Auditor (CISA)
- ISO 27001:2022 - Certified Lead Auditor
- ISO 27001:2013 - Certified Lead Auditor
Personal Information
Date of Birth: 07/08/94
Key Highlights
- Experience across multiple sectors such as Telecom, Banking, Insurance, FinTech, and FMCG.
- Led multiple complex client engagements based on different geographies and utilized frameworks/standards like NIST CSF, 800-53, ISO 27001, BCMS, Cloud Security Alliance (CSA), DORA, NIS2 and GDPR.
- Demonstrated history of effectively leading teams, cultivating a collaborative and top-performing workplace atmosphere.
- Proficient in establishing and maintaining strong client relationships through clear and open communication.
Languages
English
First Language
Affiliations
- Global audit contributor – Led and supported cross-border audits involving teams from Europe and Asia, fostering collaboration with multicultural stakeholders in compliance, IT security, and financial operations
- Recognized Audit Excellence Award – received an internal award at Nokia for outstanding audit performance and actionable insights that enhanced system controls and reduced remediation time
- AI and IT audit advocate: Spearheaded internal initiatives to align IT and AI system audits with emerging EU regulations, like the EU AI Act, positioning the organization ahead of regulatory trends
- Language and cultural learner: currently pursuing beginner Dutch (A1) to integrate more effectively in multicultural teams and client environments
Timeline
Senior IS/IT Auditor
Nokia
04.2024 - Current
Senior Consultant
EY India
05.2021 - 03.2024
Intern
McAfee
04.2020 - 06.2020
Senior System Engineer
Infosys Limited
12.2016 - 05.2019
MBA -
Symbiosis Centre for Information Technology
B.Tech. - Information Technology
Inderprastha Engineering College
Class XII - Science
Ramjas School
Class X -
Ramjas School
Similar Profiles
Isaiah ShuttIsaiah Shutt
Construction Manager/Regional Technical Manager at NokiaConstruction Manager/Regional Technical Manager at Nokia
Mihai RusuMihai Rusu
Team Manager at NokiaTeam Manager at Nokia
Rakesh Kumar SinghRakesh Kumar Singh
DevOps Engineer – Cloud Infrastructure & Automation Specialist at NokiaDevOps Engineer – Cloud Infrastructure & Automation Specialist at Nokia
KESHRI NANDAN SINGHKESHRI NANDAN SINGH
Talent Acquisition Specialist at GoodEnough EnergyTalent Acquisition Specialist at GoodEnough Energy
Megha TanwarMegha Tanwar
HR Manager at Varank Tech Private Limited (Formerly Verchaska Infotech)HR Manager at Varank Tech Private Limited (Formerly Verchaska Infotech)