Saumyajit Chakraborty

• Managing end to end IT Risk and audit requirements for group function - IT and establish governance for remediation.
• Reviewing Security, Compliance, Privacy, Export control and SOX requirements for large technology projects and establish IT governance.
• Performing Compliance governance for vendors supporting technology platforms.
• Reporting matrix to CIO dashboard and providing visibility.

• Heading Security compliance portfolio to ensure Fiserv's ondot Cloud is compliant with various compliance requirements that includes - SOC 2 Type 2, PCI - Report of compliance, ISO 27001, GDPR, ISO 27017, ISO27018 etc.
• Performing internal security audit in cloud environment and ensure all gaps are getting addressed with in stringent timelines.
• Collaborating with external auditors and providing them with artifacts to demonstrate various compliance adherence (SOC2, PCI, ISO 27001 etc.)

• Lead Diageo's Global Digital Security Compliance portfolio with in CISO organization and establish security governance.
• Provided technology risk advisory guidance to senior leadership and business team and ensure establishment of controls to protect global digital brand websites, consumer data, customer data and maintain overall digital compliance posture - GDPR, PCI etc.
• Supported omni-channel digital transformation strategy and ensuring enablement of technology solutions with secure by design principles and maintain holistic security compliance posture.
• Involved in Strategic alignment of security controls to protect cloud environment hosting 400+ brand websites, off platform SAAS offering and their underlying platform infrastructure.
• Ensured Diageo have right mechanism of tools, technologies and processes to protect against various Digital risk.
• Evaluated vendor product capabilities which can cater to meet organizational needs.
• Collaborated with various internal and external functions such as - platform owners, application owners, enterprise architecture, security operations, Cyber threat management, Legal, brand teams etc. to support business initiative programs.
• Oversight governance to various Digital workstream which includes - technology risk assessment, technical vulnerability management, security design review, contractual security clauses review, ITGC Controls enablement, GDPR gap assessments, tracking PCI compliance matrix, cloud posture assessment etc.
• Lead Global security assurance team for any new initiatives that includes review of cloud hosted applications, services, Digital , RPA services, etc.
• Involved in budgeting, planning and working closely with overall cyber strategy.

Deployed in Client location - Sony India Software Centre)

• Assisted Global Information Security and Privacy team by facilitating third party risk assessment services across various Sony Operating companies. Services includes - PCI DSS assessment, Privacy impact assessments, business impact assessment, Cloud Security assessments, Other technology Service engagements.
• Worked as a Cloud Security & Risk Specialist and assisted team members in accessing complex risk assessment engagements.
• Analyzed Risk Areas by understanding business engagement and access controls implemented.
• Suggested recommendations to mitigate identified Risks to business and third-party vendors.

• Created project road-map and ensure deliverable are met on time and provide periodic status reporting to Stakeholders.
• Performed business impact analysis and risk assessments for various Vendors that includes Traditional IT and Cloud Service providers and provided holistic risk posture overview to business.
• Performed Cloud Security assessments, PCI DSS assessments, Privacy assessments in coordination with legal team.
• Managed Vulnerability Management program, security exception review, Change management review, asset management, System classification, Application toll gate review, IT Audit etc.
• Ensured mitigation of risk pertaining to organizational information assets by conducting comprehensive baseline risk assessment across all projects, support functions which include review of risk register, risk treatment plans.
• Reviewed organizational policies and ensure it is effectively adhered, audited, monitored and improved on regular basics.
• Implemented ISO27002, NIST, SANS, etc., standard best practices and controls to meet Regulatory Compliance requirements.

Duration - June 2010 to Jan 2011 and Mar 2011 to Aug 2011

• Maintained IT compliance metrics by ensuring to meet compliance requirement.
• Performed Troubleshooting, monitoring and maintenance of Cisco Router / Switches.
• Configured Firewalls ACL policies in line with policies defined by organization.
• Managing user groups, role based access provisioning and de-provisioning.
• Performed Installation of anti – viruses for safe guarding systems and monitoring health in Trend Micro.