Saurabh Saroha

Currently leading a small team within corporate information security function of Teleperformance India which involves regular interaction with business operations, clients, vendors and global counterparts. The Key responsibilities of this role include:

• Managing information exception approvals as per global policy
• Driving annual review and updates of information security and IT policy & process documents as per ISO 27001 and global policy
• Running vendor risk assessment program for Teleperformance India
• Leading software compliance initiative for TP India
• Preparing and publishing key risk management reports including IT risk register and ensuring closures
• Preparing CIO dashboard and business CXO decks on monthly basis

Worked as key resource in compliance team of Corporate InfoSec function at EXL, responsible for managing InfoSec and technology aspects of all internal as well as external audits and representing EXL in all those audits. Also, acting as the governance SPOC & program manager of few external audit engagements to ensure timely completion of audit program.

• Program management of PCIDSS & ISO 27001 certification covering all major delivery centers
• Driving central governance program for InfoSec and Tech for improvements & compliance
• Managing multiple SOC audit engagements with Big-4
• Managing internal audit tracks as per the audit calendar
• Contractual reviews and advising teams like data privacy & business continuity for compliance
• Tracking and ensuring closure of all reported observations in internal / external audits
• Driving pre-audit readiness exercise before any internal / external audit
• Managing budgeting & vendor management aspects of external audit program
• Actively collaborating with tech / InfoSec sub-teams and enabling teams for timely completion of audi

Served as a key member of the corporate compliance team charged with formulating strategic direction and devising compliance initiatives consistent with overall vertical strategy.

• Leading and managing initiative of email restriction policy through DLP right from implementation, awareness and sustenance
• Representing Genpact in multiple client audits/vendor assessments
• Working on following up and ensuring remediation of audit observations
• Helping business in responding to RFI questionnaire by drafting/collating responses
• Driving internal assessments for prioritized accounts; MSA with client and internal compliance control checklist being the criteria
• Managing end to end incident cycle for all incidents reported by DLP team for our vertical
• Leading remediation & reporting of endpoint compliance issues monthly
• Collaborating with multiple cross-functional teams for audit activities

Financial Technologies group offers technology solutions to trade on next-generation financial markets, across asset classes including equities, commodities, currencies and bonds. I worked for ESG (Enterprise Solutions Group) which is a part of FTIL corporate structure and provides Information security risk consulting & audit services. My responsibilities at FTIL were:

• Conducting both sets of internal audits (ISO 27001, 9001, 14001 combined and ISO 20000) for more than 20 departments as per organization policy
• Reviews, updates and maintenance of all policy, procedure and other documentation
• All arrangements related to external audits of ISMS, ITSM, QMS & EMS
• Coordinating with all departments & ensuring closure of all internal & external audit findings
• Resolving all issues/queries related to ISMS, ITSM, QMS & EMS for all FTIL departments
• Training and awareness of ISMS, ITSM, QMS & EMS
• Attending CAB meetings and providing inputs for major changes
• Providing inputs while in-house development of tools like Change master & asset master
• Consulting assignment of ISMS audits for one of the leading Legal Process Outsourcing firm

Both Fluxonix and MitKat Advisory are couple of startups in consulting space providing Information security & risk consulting services. Immediately after graduating from PGDBM from Symbiosis, I joined Fluxonix Security Solutions followed by Mitkat services few months later, worked with both for brief periods as intern. My responsibilities at both firms are listed henceforth:

• Worked with top stock exchange of India, part of team who did ISMS/BCMS implementation, network & application VA scans and internal review
• Did an assignment of ISMS transition for India's leading payment card service provider
• Worked on a systems audit and cleanup project for an IT product and services client and also provided recommendations for preventive controls

Worked for mainly 2 clients, one was Top US OS developer and another was South African banking and insurance firm. My role and responsibilities there were:

• Understanding the business need of application which was partly on cloud
• Gathering, understanding and reviewing the requirements
• Performing test planning activities
• Designing and creating test artifacts
• Logging and reporting the defects, representing the team in triage and other meetings
• Assisting UAT (user acceptance test) team from client side and resolving their queries