Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic

SACHIN SAXENA

New Delhi

Summary

15 + Years work experience in IT Risk Assessment, Control Testing, Facilitating Internal Audits, ISO27001 Implementation, GDPR, HIPAA, PCI DSS, SOC2 Type 2, Data Privacy | ITGC (IT General Controls) | Experience in Governance, Risk and Compliance (GRC) | CISA, CRISC and ISO 27001 LA

Overview

20
20
years of professional experience
7
7
years of post-secondary education
3
3
Certifications

Work History

GRC Consultant

TATA Consultancy Services (TCS)
5 2012 - Current
  • Identifying, and mitigating operational and compliance risks in line with the organization's standards
  • Effectively monitoring and evidencing SOX controls
  • Implementing and monitoring the effectiveness of ISO 27001
  • Reviewing design and operating effectiveness of security controls, identifying gaps, and recommending enhancements to strengthen risk posture and regulatory compliance
  • Collaboration with control owners to remediate gaps/findings
  • Continuous monitoring to maintain the risk posture on implemented controls
  • Liaising effectively with stakeholders, 1LoD/2LoD and external auditors
  • Ensuring security policies and procedures are updated and verifying compliance with control requirements
  • Ensuring regular updates are provided to senior management on the control environment including presentations and reports.
  • Carried out review of Regulatory Compliance Risk Assessment documented in the GRC tool (Archer) to ensure the Business and Control Environment are appropriately assured and attested.
  • Delivered high-quality presentations showcasing key findings and recommendations to both internal stakeholders and clients.

Sr. Consultant

Concentrix india services
12.2010 - 05.2022
  • Ensuring IT assurance and compliance is effectively managed and providing regular updates to senior management including presentations and reports
  • Providing support for SOX/SOC2 and other regulatory audits
  • Effectively monitoring and evidencing SOX controls
  • Implementing and monitoring ISO 27001
  • Implementing and Monitoring IT assurance for ISO 27001, GDPR, HIPAA, PCI-DSS and SOC2 Type 2
  • Ensuring remediation actions are taken as per audit findings
  • Ensuring security policies and procedures are updated and verifying compliance with control requirements.

Information Security Officer

Royal bank of scotland (RBS)
01.2007 - 12.2010
  • Implementation of Role Based Access Control (RBAC)
  • Privilege User Access Management
  • MFA / 2FA Access Management
  • Performing quarterly access reviews and ensuring gaps are remediated
  • Supporting internal/external audits
  • Preparing dashboards/reports and status update to leadership.

Technical Support Executive

reliance communications
12.2004 - 01.2007
  • Providing technical support for internet connectivity issues
  • Providing support for software update/installation
  • Ensuring incident tickets are resolved within SLA
  • Preparing dashboards, metrics and reporting to management.

Education

MCA (Master of computer applications) - Computer And Information Sciences

UP Technical University Lucknow
01.2001 - 04.2004

Bachelor of Science (B.Sc) -

MJP Rohilkhand University
01.1997 - 04.2000

Skills

SOC2 Type 2

SOX

PCI-DSS

GDPR

ISO 27001

NIST CSF

Control Testing

IT Assurance

Risk Assessment

Data Privacy

PCI DSS Compliance

Enterprise risk management

Websites

Certification

CISA (Certified Information Systems Auditor)

Timeline

Sr. Consultant

Concentrix india services
12.2010 - 05.2022

Information Security Officer

Royal bank of scotland (RBS)
01.2007 - 12.2010

Technical Support Executive

reliance communications
12.2004 - 01.2007

MCA (Master of computer applications) - Computer And Information Sciences

UP Technical University Lucknow
01.2001 - 04.2004

Bachelor of Science (B.Sc) -

MJP Rohilkhand University
01.1997 - 04.2000

GRC Consultant

TATA Consultancy Services (TCS)
5 2012 - Current

Similar Profiles

CREATE PROFILE
SACHIN SAXENA