Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic
Prashant Ghadge

Prashant Ghadge

Mumbai

Summary

Experienced in managing IT compliance and risk assessment initiatives, with a focus on internal controls and audit processes. Conducts COBIT audits quarterly to ensure adherence to regulatory standards such as NCUA, OCC, and FFIEC. Provides expertise in IT risk assessments, application controls, and compliance management, facilitating remediation of IT risks and deficiencies. Supports key reporting activities and leads SDLC assessments for technology projects and vendor evaluations.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Tech Lead - GRC

Bank of America
Mumbai
08.2016 - Current
  • Performing control based objective audit (COBIT) for internal applications and processes on quarterly basis to comply with regulators like National Credit Union Administration (NCUA), The Office of the Comptroller of the Currency (OCC) and Federal Financial Institutions Examination Council (FFIEC).
  • Define action plans and timelines with process owners and manage them to completion/implementation.
  • Act as a subject matter expert on IT internal controls risk assessments and analysis for application controls, and lead IT compliance initiatives and services as appropriate.
  • Provide support and evidence for both internal and external IT Audits, including SOX, and other risk based advisory engagements.
  • Facilitate remediation, reporting and monitoring of related IT risks, deficiencies, gaps and audit issues.
  • Advise and assist application owners on compensating control alternatives where IT risk requirements cannot be met.
  • Support key reporting activities associated within IT compliance.
  • Perform SDLC assessments of technology enabled projects and 3rd party vendor assessments.
  • Global Information Security - Risk and Compliance

Data Privacy Manager

Bank of America
Mumbai
08.2016 - Current
  • Manages the process for receiving, documenting, tracking, investigating, and taking actions on incidents and complaints concerning bank's privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
  • Compliance Management - function as SME for privacy compliance initiatives, such as General Data Protection Regulation (GDPR), and assist stakeholders to comply with requirements for all relevant entities in the EMEA.
  • Global Information Security - Risk and Compliance

SOC Operations

Bank of America
Mumbai
08.2016 - Current
  • Operate against a SOC playbook to protect banks people, missions, and assets.
  • Evaluate system, application, and user data for adherence to organizational policies and procedures.
  • Apply critical thinking to all activities and actions, in pursuit of banks Information Security goals.
  • Perform open-source threat collection and analysis activities identifying indication of cyber threats, identify malicious code, websites, and vulnerabilities using existing and purpose-built tools.
  • Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
  • Compile and review utilization/volume reports for senior management.
  • Provide Security awareness to internal associates for banks security policies and protocols.
  • Provide support to security operations, incident response, and vulnerability management campaigns.
  • Create and review documentation and process regarding recurring issues, new standard operating procedures, and knowledge transfer materials, etc.
  • Quality assurance and control of security events/alerts notification tickets.
  • Global Information Security - Risk and Compliance

Sr. Engineer (Information Security SOC)

Netmagic (an ntt communications company)
Mumbai
09.2015 - 07.2016
  • Provided detection, analysis, research and data gathering for security events.
  • Monitored security systems to ensure that all equipment is operative.
  • Compiled weekly, monthly and quarterly reports for senior management.
  • IDPS Administration - Analyzing/suppressing/blocking reported intrusion alerts.
  • Vulnerability management (Nessus/Qualys) - Weekly/monthly scanning of entire infrastructure nodes and generating detailed report to review. Eliminating false positives and providing recommendations to fix the identified vulnerabilities.
  • DDoS mitigation/protection (Arbor) - Monitoring and mitigating medium to high live DDoS alerts (reached above threshold).
  • Copyright Infringements - Reporting identified copyright infringements to clients for further legal actions and protection of the data.
  • Bluecoat ProxySG - content filtering administration.

System Engineer

ATOS India
Mumbai
09.2011 - 09.2015
  • Endpoint Security- Mcafee ePO (Antivirus)
  • Deployed & managed Mcafee ePO antivirus on 7000 workstations & servers.
  • Created policies and automatic responses from Mcafee ePO console.
  • Maintained daily, weekly and monthly AV report for all the workstation and servers.
  • Manually updated non-compliant servers and workstations.
  • Resolved ticket base requests for any workstation or servers in terms of possible virus/infection scanning and remediation.
  • IDPS Administration - SourceFire.
  • Analyzed and fine-tuned false positive intrusion events.
  • Packet analysis of the events for bad actors/reputation.
  • Monitored IPS device health checkups.
  • Generated and reviewed monthly intrusion event report for compliance.
  • SIEM/AV administration: McAfee ESM/ePO correlated alerting, reporting, compliance, and analysis.
  • Performed daily Tripwire enterprise file integrity checks and analysis.
  • Worked on ticket base requests/incidents.
  • Performed quarterly network vulnerability scanning through Qualys and fixing vulnerabilities.
  • Created and reviewed work level instructions.
  • Provided vulnerability assessment report for entire infrastructure network nodes of the client to fix identified gaps/deficiencies for PCI DSS compliance.
  • Performed detection, analysis, research and data gathering for security events.

Education

B.Sc. - Computer Science

Maharashtra State Board
Mumbai

MBA - Information Systems

ICFAI University

Skills

  • Knowledge of common security controls
  • Detection capabilities
  • Securing digital environments
  • Packet flows
  • TCP & UDP traffic
  • LDAP
  • Anti-virus
  • Intrusion detection/prevention systems
  • Host-based monitoring
  • Email monitoring
  • Spam technologies
  • SIEMs
  • IT compliance
  • Risk assessment
  • Data privacy
  • Incident management

Certification

  • CompTIA Security+ Certified
  • McAfee Certified Product Specialist-EPO

Timeline

Tech Lead - GRC

Bank of America
08.2016 - Current

Data Privacy Manager

Bank of America
08.2016 - Current

SOC Operations

Bank of America
08.2016 - Current

Sr. Engineer (Information Security SOC)

Netmagic (an ntt communications company)
09.2015 - 07.2016

System Engineer

ATOS India
09.2011 - 09.2015

B.Sc. - Computer Science

Maharashtra State Board

MBA - Information Systems

ICFAI University
Prashant Ghadge