SHRUTI TOMAR
Lead Cyber Risk Analyst
Noida
Summary
Cybersecurity professional with robust background in assessing and managing cyber risks. Known for thorough analysis and implementation of effective security protocols. Excellent team player with focus on collaboration and achieving organizational goals while adapting to evolving security needs.
Overview
8
8
years of professional experience
Work History
Lead Cyber Risk Analyst
Ultimate Kronos Group
Noida
03.2022 - Current
- Monitor control processes across UKG products, ensuring solutions for identified gaps
- Ensured the design and implementation of control activities within customer-hosted environments aligned with data security, confidentiality, privacy, integrity, and availability standards.
- Coordinate with auditors on compliance audits, validating evidence against DRL requirements.
- Provide expertise on security frameworks, ensuring compliance with SSAE 18(SOC1 & SOC2), ISO27001, and SOX.
- Analyze IT control deficiencies and audit findings, proposing remediation strategies and compensating controls to mitigate associated risks.
- Engage in comprehensive risk assessments and audit program design to proactively address potential risks.
- Execute Logical Access Reviews on a regular and systematic basis.
- Contribute to all internal audit phases, including planning, execution, and reporting, while facilitating closing meetings.
- Recommend process improvements and best practices, supporting Managers and Senior Managers in enhancing risk management strategies.
- Partner with internal security and business teams to scope assessments, conduct interviews, and manage risks transparently using structured methodologies.
- Support the creation and maintenance of critical documentation, including narratives, how-to guides, knowledge bases, and standard operating procedures (SOPs).
Information Security Engineer
NCR Corporation
Gurugram
01.2020 - 02.2022
- Managed GRC projects, risk assessments, and issue ratings for enhanced security.
- Facilitated cross-departmental risk management and maintained risks in ServiceNow.
- Conducted risk assessments and threat modeling as per regulatory requirements including Internal/External Audit, SSAE 18, ISO27001/17/18, Risk Management, Monitoring, GRC.
- Oversaw IT risk management and presented critical risk dashboards to stakeholders.
- Worked on integration of enterprise-wide physical and site security risk management and strategy documentation.
- Refined and implemented enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities.
IT Analyst (Enterprise Data Warehousing & Enterprise Data Analytics Operations Team)
NCR Corporation
Gurugram
01.2018 - 12.2020
- Work closely with project managers, business users, and development teams. Provide data analysis and recommendations for the correction, enhancement and/or development of ad-hoc and canned end-user reports/applications.
- Perform monitoring, optimization, and refinement of ETL solutions using Informatica.
- Work closely on Unix and Teradata environment in EDW Operations.
- Having a considerable knowledge of reporting tool, such as TABLEAU and BO.
- Responsible for deployment process of various Sales, Services, Finance and Supply Chain Applications.
Education
Bachelor of Technology - Computer Science
Shobhit University
Meerut01.2017
Skills
- Audit management
- ISO27001/17/18
- SSAE 18 (SOC 1 & SOC 2)
- Risk Management
- Monitoring
- GRC
- ServiceNow
- LogicGate
- AuditBoard
- RDBMS
- UNIX
- SQL
- Teradata
- TD SQL Assistant
- Tableau
- Informatica
Timeline
Lead Cyber Risk Analyst
Ultimate Kronos Group
03.2022 - Current
Information Security Engineer
NCR Corporation
01.2020 - 02.2022
IT Analyst (Enterprise Data Warehousing & Enterprise Data Analytics Operations Team)
NCR Corporation
01.2018 - 12.2020
Bachelor of Technology - Computer Science
Shobhit University
INTERNSHIP
Intern BHEL (Bharat Heavy Electricals Ltd) Noida / Jul 2017 - Dec 2017