Raga Jyoti

• Team size : 6members
• Provided reporting, analysis and insights about risks, controls and issue management to support Global Technology analytics.
• Responsible to ensure all IT changes are driven and complies within the Cyber security standards.
• Help create and maintain Governance, compliance and manage all Risk and control related changes are effectively adopted in Information security domain.
• Develop and assess Change readiness and impact of the change across the organization in liaison with the ongoing IT Risks.
• Create a maintain Change Management SOP and ensure all Org changes are readily prepared and adopted.
• Developed and enhanced dashboards/reports connecting to single or multiple data sources to improve performance using tools like Tableau, Alteryx etc.
• Interpreted data and translated ad hoc requirements and requests to deliver relevant and impactful results.
• Managed multiple projects with high degree of accuracy and attention to detail.

• Team Size : 10members
• Established strategy for operations reporting and analytics, identifying key needs for deliverables.
• Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
• Knowledge on control requirements, policies and exceptions, compensating controls as a service. Defining them, preparing methodology and service documents etc.
• Conducted comprehensive IT audits across multiple platforms, identifying critical vulnerabilities and implementing corrective actions that improved system security
• Preparing BCP reports LoB wise and discussing about the confidence scoring, risk assessment scores, plan profiling and much more.
• Worked on IT & IS Policies, Control Standards, requirements and Controls & Risks
• Conducted ITGC audits to evaluate the effectiveness of access controls, change management, and data protection measures, ensuring compliance with industry standards and regulations
• Prepared detailed audit reports and presented findings to senior management, facilitating informed decision-making and strategic planning
• Monitored remediation efforts for identified control gaps, ensuring timely implementation of corrective actions and continuous improvement of IT processes
• Provided detailed reports to management, outlining potential risks and recommended actions to mitigate threats and enhance system integrity.
• Developed short-term goals and long-term strategic plans to improve risk control and mitigation.

• Team Size : 14members

Application Security Testing:

• Acquainted with various approaches to Gray box & Black box application security testing.
• Proficient in understanding and executing application level vulnerability attacks like - XSS (Cross Site Scripting), SQL injection, CSRF (Cross Site Request Forgery), Session Hijacking, Privilege escalation, Authorization Bypass, Authentication flaws, Design level vulnerabilities etc.
• Proficient in Executing the test cases and preparing a delivery report.

Security Compliance:

• Checking the calendar on a periodic basis(quarterly, half-yearly.) to perform Compliance checking as required.
• Performing the configuration in tool to customer agreed values and scheduling scans for Servers in Scanning Tool(IEM, Qualys).
• Scanning the devices with automated tools and validating the Report.

Security Patch Management:

• Perform the patching activity within the stipulated period, collecting and storing artifacts to substantiate the patching activity and updating the CIRATS record with the required documents for closure.
• Generating the pre-patch report and verifying.

Web Application Testing:

• Designing the test cases as per OWASP for Web application.
• Proficient in using proxy tools like Burpsuite. Good skill on HTTP and HTTPS protocols.
• Maintaining security standards and baseline controls related to the operating systems, network systems & applications.
• Performed in-depth IT audits across various platforms, pinpointing key vulnerabilities and implementing corrective measures to enhance system security.
• Conducting periodic vulnerability and risk assessment.