Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Generic

Pragya Poddar

Vice President
Bangalore

Summary

Bringing over 8 years of expertise in Information Security, I excel in Data Loss Prevention, Incident Management, and Insider Threat Programs. My background spans Governance, Risk, and Compliance, including Vendor Risk Management and Incident Response. With deep knowledge in SIEM, Vulnerability Management, and IAM, I am poised to drive impactful security solutions and elevate risk management strategies in a dynamic organization.

Overview

8
8
years of professional experience
6
6
years of post-secondary education
10
10
Certifications

Work History

Vice President

Goldman Sachs
12.2023 - Current
  • · Led cross-functional teams for the successful completion of major projects in Data loss Prevention and Insider Threat.
  • · Collaborated with senior management to develop strategic initiatives for DLP and Insider Program.
  • · Served as SME for DLP and Insider tools to expand DLP program by defining additional processes/controls for continuous risk reduction.
  • · Tune DLP policies on a continuous basis to maintain a mature set of policies within the scope of the DLP Program.
  • · Provide support in defining and building upon metrics and reporting to enhance understanding of DLP and Insider Program development and maturity.
  • · Supporting process improvement initiatives and maturity assessment program for insider threat.
  • · Developed an insider threat detection system to identify instances of impersonation within current roles and flag them as potential suspicious hiring activities.

Associate

Goldman Sachs
08.2021 - 12.2023
  • · Analyzed potential infrastructure security incidents to determine if incident qualifies as legitimate security breach.
  • · Worked in Virtual cyber fusion and led significant incidents over call coordinating with multiple team.
  • · Handled moderate to complex incidents including significant events reporting and Sr leadership communications.
  • · Conducted triage on significant user reported data security incidents.
  • · Conducted end to end triage on insider threat cases and escalated issues to senior management as warranted.
  • · Conducted table top drills to create awareness of current process and procedure to follow while triaging of cases.
  • · Lead security projects assigned by taking ownership of planning, implementation and coordination.

GRC Analyst

Netapp
05.2020 - 07.2021
  • Perform vendor security assessments, drive risk remediation, and collaborate with various teams across NetApp
  • Responsible for conducting Information security assessment for third party vendors and engaged with technical and business process owners to understand third party relationships and the services provided to NetApp
  • Review Risk Assessment Questionnaire and Information Security Survey from different vendors and provide Information Security Assessment result to satisfy compliance requirements and mitigate risks to an acceptable level
  • Initiate Business Risk Acceptance/Business Risk Waiver for third party vendors in order to document security controls not in line with Netapp requirement
  • Perform Information security contract review for Master Service Agreement (Security Exhibit) for third party vendor
  • Developed process documentation for completing third party reviews and assessments along with the monthly reporting on all functions related to third party risk management functions
  • Collaborate with VM team on third party scanning software (RiskRecon) to assist in review of third parties and report for different vendors to mitigate vulnerabilities associated
  • Part of Security awareness training development program and also conducted engagement level Information security awareness sessions at Organization level
  • Track of status of mandatory compliance trainings taken by employee.

Cyber Security Analyst

NetApp
05.2019 - 04.2020
  • · Performing daily operational real-time security monitoring and analysis of security events from different sources including SIEM, IPS, EDR, etc.
  • · Analysis of emails being reported into environment with bad factors such as Phishing URL , malware download, unusual redirections etc.
  • · Follow operational process and procedures to investigate alerts.
  • · Proactively 'hunt' for potential malicious activity and incidents using advanced threat network and host-based tools.
  • · Releasing Weekly and Monthly reports for update of regular metrics to leadership.

Information Security Analyst

Accenture
05.2018 - 05.2019
  • · Managing tools and technologies :Qualys Guard, Splunk (ES and UBA), Active Directory, Akamai WAF.
  • · Analyzing and investigating the abnormal behavior on Splunk and suspecting the potential threats in the environment.
  • · Threat hunting via deep diving into logs and find abnormal activity.
  • · Performing vulnerability scan and preparing customized report for remediation in Qualys Guard.
  • · Coordinating with teams for short term mitigations and long term remediation identified via vulnerability scans.
  • · Exposure on user access management including provisioning and de-provisioning of users on Active Directory in IAM domain.
  • · Hands on experience in SIEM tool – Splunk and having good exposure for notable investigation and logs analysis.
  • · Creating SNOW reports and dashboards require to prepare metrics for presenting to Sr Leadership and other forums.

Information Security Associate

Accenture
10.2016 - 05.2018
  • · Working in Security operations center managing all aspects of security environment of e-commerce website
  • · Performed Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from multiple sources including events like IDS / IPS, Firewall Logs and Network Devices logs
  • · Analyzed and assess security incidents and escalate to client resources or appropriate internal teams for additional assistance.

Education

PGDM - Business Management

Narsee Monjee Institute Of Management Studies(NMIMS)
01.2018 - 05.2020

BTech - Computer and Science Engineering

Accurate Institute of Management And Technology - Greater Noida
08.2012 - 05.2016

Skills

SIEM: Splunk, Qradar

Vulnerability Management: QualysGuard

Threat intelligence: Akamai Defender (WAF), Microsoft ATA and Azure

DNS Monitoring: Cisco Umbrella

EDR: Digital Guardian, Crowd strike

IPS/IDS: CSP, Cisco Firepower

Sandbox: Cisco Threat Grid

Email Security: Cisco IronPort, 0365, ProofPoint, Area1, Ediscovery

IAM tool: Windows AD, CyberArk

DLP tool: Symantec and Zscalar

Ticketing and Reporting Tool: SNOW, Tableau

Risk Assessment Tool: Ariba

Certification

Splunk Power User, 05/2018

Accomplishments

  • Appreciation for leading security awareness program at NetApp.
  • Awarded as Star of Business at Accenture.
  • Recognized as Top performer in Incident handling continuously for 3 months at Accenture.
  • Completed Intern Project applied for Summer Internship program at IIT Guwahati.

Timeline

Vice President

Goldman Sachs
12.2023 - Current

Associate

Goldman Sachs
08.2021 - 12.2023

GRC Analyst

Netapp
05.2020 - 07.2021

Cyber Security Analyst

NetApp
05.2019 - 04.2020

Information Security Analyst

Accenture
05.2018 - 05.2019

PGDM - Business Management

Narsee Monjee Institute Of Management Studies(NMIMS)
01.2018 - 05.2020

Information Security Associate

Accenture
10.2016 - 05.2018

BTech - Computer and Science Engineering

Accurate Institute of Management And Technology - Greater Noida
08.2012 - 05.2016
Pragya PoddarVice President