Shreya Hota

Awareness Initiatives

• Organized and oversaw all activities during Quarterly InfoSec Awareness Weeks
• Implemented engaging quizzes, games, and crosswords resulting in a notable boost of nearly 250% in employee engagement and participation.
• Led successful phishing simulation exercises, enhancing awareness and achieving a 25% drop in success rates
• Received appreciation from the L&D team for developing scenario-based emailers that significantly improved employee comprehension.

Audit Activities

• Led end-to-end PCI audit activities, coordinating teams for timely resolution of findings and achieving a clean audit with no major issues.
• Effectively coordinated with auditors and internal teams to achieve a successful outcome in the ITGC audit process for approximately 25 applications, resulting in no major findings
• Contributed to the first-time closure and certification of ISO audit by actively participating in ISO Phase 1 & 2 audits, creating new infosec policies, and facilitating timely evidence sharing.

Automation Projects:

• Streamlined operations and reduced manual efforts by developing workflows for InfoSec automation projects, such as implementing Risk Exception processes.
• Contributed to the development of the Swiggy Cyber Defense website, providing quick access to InfoSec resources and updates on the latest cyber trends

Compliance Activities:

• Established and oversaw a comprehensive compliance calendar with 28 tasks, sequentially organized by quarters and months to facilitate smooth implementation
• Successfully ensured that all scheduled activities were completed promptly by achieving a 95% adherence to the compliance calendar.
• Improved Onboarding and Offboarding compliance from 70% to 97%, and increased compliance rates for Intune patches from 30% to 90%, JamF from 93% to, and Endpoint from 78% to 89%
• Prepared and submitted monthly compliance reports to management effectively closing 90% of findings.

Leading global healthcare institution & UK Based Retailer:

• Conducted third-party risk assessments for offshore vendors, focusing on test of design and operation levels influenced by vendor criticality.
• Aligned assessments with internal standards ISO 27001:2013 and NIST 800 to ensure compliance and security best practices
• Managed and executed vendor assessments for 2-3 months, encompassing diverse domains like risk management, incident and response management, operational security, and physical/environmental security.
• Conducted compliance evaluations utilizing company's random sampling techniques on various samples extracted from the vendor population.

Leading Global Banking and Financial Services Company

• Led 120+ ISO 27001 based risk assessments and internal control reviews across various critical applications and business services to ensure compliance with ISMS standard.
• Covered major areas including Logging and Monitoring, Change Management, Incident Management, Backup Management, Access Management, SDLC procedures, and BCP/DR for ISO 27001:2013 certification sustenance
• Managed international stakeholder communications through profiling, assessment, gap analysis, gap discussion, and risk treatment plan stages
• Integrated assessments into IBM OpenPages GRC tool for efficient client service delivery

Large Indian Private Sector Bank:

• Conducted 20+ onboarding and integrated vendor risk assessments
• Ensured vendor compliance with contractual obligations, regulatory requirements, legal standards, and information security protocols
• Utilized Archer GRC tool to report final observations and ensure compliance transparency with vendors

• Supported in the Risk Assessments and Internal audits and had hands on experience on the ISO 27001 Certification process
• Assisted in providing user awareness training program to the client.