Ritu Raj

Information Security Manager
• Plan, implement and review IT Governance, Risk, Compliance program, ensuring compliance within organization.
• Drive regulatory and industry guidelines into existing policies and standards.
• Review new services and initiatives from IT security and risk perspective and provide recommendations/mitigation measures.
• Oversee and perform Internal and External Audits capabilities like SOC2, ISO27001.
• Manage Enterprise Risk Management and IT Risk Register to report compliance review activity, tracking all actions and risks arising from review.
• Manage Information Security Steering Committee and Change Advisory Board, Incident Response Team, and Information Security & Privacy awareness training.
• Develop Third-Party Risk Management Program, incorporating most recent guidance and conduct on-site and off-site audits of vendor control environments.
• Drive threat and vulnerability management program to include data loss prevention, penetration testing, vulnerability scanning and threat assessment.
• Drive organization wide risk awareness training programs and security initiatives in cyber defense strategy.
• Oversee of Information/Cyber Security development and trends and work with industry to evaluate potential security offerings, including product evaluations, proof of concept and pilots.

Data Privacy as Data Protection Officer (DPO)
• Fulfill tasks of designated role of DPO to CISO.
• Inform and advise organization of their obligations.
• Implement DPO Center's established processes and practices.
• Create and implement strategies to ensure compliance with data protections laws.
• Perform DPIAs, PIAs and LI assessments and build/maintain client's Records of Processing Activities (RoPA).
• Draft and manage data protection policies, guidelines and processes.
• Maintain record of processing activities and impact assessments.
• Manage processes for breach response, complaints, claims and notifications.
• Advise on identifying, assessing and mitigating risks.
• Prepare recommendation reports and corresponding Master Service Agreements (MSA) and Schedule of Works (SoW).
• Devise, facilitate and deliver training and awareness workshops.
• Support client in responding to individuals' rights requests.
• Consistently inform and advise client on governance, accountability, and risks.
• Keep up to date with changes in data protection law and regulations.
• Ensuring organization gets attested to Global regulatory compliance frameworks like: GDPR/DPDPA/CCPA/GLBA/HIPAA.
• Conduct periodic compliance applicability audits.
• Actively contribute to building overall knowledge base within centralized team.

• Worked with various Risk Advisors across the organization.
• Conduct detailed Third-Party/Vendor Risk assessments and ensure that Risk assessments and outputs are recorded in enterprise tools and are in full compliance of defined policies and common standards, including the Third-Party Risk Management Framework.
• Identify IT risk issues or issues that are common across the landscape and help implement preventative controls across IT&S.
• Partner with other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics, and limits.
• Ensure implementation of a strong IT risk culture in partnership with various IT Risk Advisors and Risk Owners.
• Review the Contracts/Master Service Agreement between Third Party and Bank and ensure all the IS terms and conditions are covered.
• Engaging with different stake holders globally for procuring new tools for Cybersecurity.
• Perform Enterprise Compliance Risk Management (eCRM), Privacy (GDPR), and Information/Cyber Security risk assessments on Information Security, Sub-Advisory and Sub-Custodians for the bank.
• Develop the Third-Party Risk Management Program, incorporating the most recent guidance from Federal Reserve Board (SR-1319).
• Conducted the on-site and off-site audits of vendor control environments.

• Participating in Application Risk Assessment and involved in the remediation of gaps identified as part of the assessment.
• Enterprise Program / Project Risk Management - Technology Risk Project Risk Analysis, Risk Log Reviews, Third Party reviews, Project Status Reviews.
• Manage transition & steady state compliance risks of Monitoring and Tracking.
• End to End involvement in all the account related projects & IT Governance.
• Worked closely with Service Lines and ensure all documented roles & responsibilities are adhered to.
• Ensure that Compliance requirements such as employee on/off boarding, Data Privacy Education (especially linked to regulatory Compliance), Infrastructure Security Requirements are tracked and monitored.
• Conduct regular reviews on Compliance/Regulatory requirements, to ensure account is compliant with requirements defined by the Customer, Regulatory body, and the internal standards.
• Provide education and awareness to the account regarding all C&C Policies & procedures.
• Worked as audit response focal for external audits.
• Provide pre-audit and post-audit support for both internal audits and external audits to understand and fulfill data requests, understand findings/conditions and to establish rightful ownership of the issues.

• Provide analysis and investigation of security related data from a wide range of security devices and customer environments
• Active participation in facing client audits, researching trends and current countermeasures for cyber security vulnerabilities, exploits, and other malicious activity
• Reviewing Customer Security Document (CSD) and SOP
• Functioned as service line Compliance owner and responsible for maintaining the agreed SLA with Customer
• Any Risk / GAP identified during Audit and periodic review, will raise Mitigation action plan, and follow up for the Closure
• Coordinate and prepare Supporting staff and documentation in response to customer Audits
• Identification, analysis, and response to a variety of threats and vulnerabilities to the security of the company.

• Security and Risk Management, Administration of user’s accounts (Creation/deletion and amendment) in Windows/Unix.
• Creation of shared Drives and granting correct level of access to the Shared Drive as per Client's Request.
• Account migration from one region to another region (cross domain or inter domain).
• Mailbox migration from one server to another server including taking mailbox backup.
• Profile/My Docs Migration from one server to other server/ Inter and Intra Domain Moves.
• Worked on Root Cause Analysis (RCA), Process Behavior Analysis (PBA).