Ritesh Mohanty

IBM IaaS Compute - Security & Compliance Program

• Worked alongside the cross-functional teams in conjunction with Cloud development, Architecture and DevOps teams to provide visibility of cloud security posture
• Performed security assessment and articulated the findings in an easily consumable manner to the stakeholders
• Managed public cloud exceptions for the business-critical processes and technologies, maintained the risk register and drive timely closure of the identified risk.
• Performed applicable cloud security audits (e.g. ISMAP(Japan), ConMon, Internal Audit/assessment etc) to its successful closure and track the timely closure of audit findings.
• Successfully interfaced and discussed gaps/findings with skilled technical and non-technical stakeholders
• Worked in an Agile environment leveraging strong work management, organizational and planning skills

Multi-level Protection Scheme(MLPS) Compliance Assessment - China

• Classification of Donaldson Systems into level 2 or level 3 based on MLPS security criteria
• Identify departments, stakeholders and 3rd party vendors which will be in scope for the assessment
• Creation of master set questionnaire based on MLPS security requirements
• Conduct initial meetings, discussions and request for necessary documents to analyze from the stakeholders
• Creation of final gap list and master report with necessary recommendations

PCI-DSS Compliance Assessment

• Validate the scope of the Cardholder Data Environment (CDE) as determined by the assessed organization
• Analyzed the as-is organization environment and decided on which SAQ is applicable for the organization
• Assessed with a sampling approach (as approved by the PCI DSS audit standard) and selecting employees, facilities, systems, and system components accurately representing the assessed environment and which is in scope
• Provided opinion on whether the assessed organization is compliant and meets PCI DSS Requirements
• Based on the assessment and validation of the findings provide an AOC to the assessed organization’s PCI DSS compliance status
• Maintaining documents, paper works, and recordings of interviews that were collected during the PCI DSS Assessment as evidence and using it to validate the findings

Cyber-Strategy and Governance - Conducting Phishing Campaigns

• Research current phishing email trends to deliver more realistic simulated phishing messages
• Communicate with employees. Develop a set of clear instructions for employees on how to report any identified phishing emails, and/or associated social engineering attacks
• Train employees who fail to spot phishing emails
• Create metrics dashboard that uses captured simulated phishing campaign data to analyze the success rate of the campaign.

ICS/OT Cybersecurity Audit – Jubail (Saudi Arabia)

• Review of SCADA/ICS Cyber security architecture, Security policies and procedures, firewall,switches and routers, Remote access review. Antivirus Management & Patch management review,Workstation management consoles. Incident management, Backup and Recovery process review
• Worked on ICS infrastructure identifying gaps, mitigation plans, policy, framework drafting for Oil & gas, Power Utilities, Manufacturing industries, Shipping industries
• Reviewed active directory for control centre and worked on Security standards like NIST CSF,NIST 800-82, IEC 62443, NCA, HCIS
• Reviewed the Cyber Security policies and procedures for IT-OT infrastructure and perform the assessment in terms of standard frameworks and guidelines
• Evaluated Security gaps in (ICS) & OT environment and drive implementation of controls to mitigate the same

ISO 27001 and Contractual Compliance – Delhi (India)

• Performed design review of Information Security Policy and supporting procedures. Key focus areas include adequacy with respect to client’s IT environment and adequacy with respect to international standards, IT security good practices
• Conducted audit on security areas like IT Asset Management, User Access Management, Logging and monitoring, Antivirus Management, Business Continuity & Disaster Recovery, End User Security and Third-party security
• Physical & Environmental security controls at key access points, critical areas such as server room and hub rooms etc
• Prepare audit reports for multiple business units and highlighting the gaps, risks and recommendations

Hi-Trust Cybersecurity Assessment – Gurgaon (India)

• Performed Hi-Trust Assessment on 15 security domains on the as is IT environment of the client and helped them to find gaps and provided recommendations to mitigate them and also helped the client to obtain the Hi-Trust Certification
• Utilized a risk-based approach to plan and perform the assessment and provided advance compliance audit consulting to focus on Hi-Trust controls to align for governance of HIPAA, PHI, ePHI and PII best practices for healthcare clients
• Audited client based on Information security program, Antivirus management, Audit, logging and monitoring, Password management, Incident management, Third party management, Physical and
  environmental security domain
• Developed Hi-Trust Assessment Papers based on the above domains evidencing performance of all audit work

Data Specialist

• Analysis of Source data using Business Intelligence tools coming from myriad tables and flat files
• Understanding the business requirements from the functional documents
• Understanding the logic and applying the same using SQL programming language
• Developed Informatica mappings and workflows. Conducted the code testing
• Involved in data validation and unit testing
• Involved in preparing the pre-release documents
• Monitoring of critical processes
• Provided resolution to production issues which were critical
• Send weekly monitoring report to higher management and resolving field problems in coordination with Field
  Engineers