ISO 27001, ISO 27017, ISO 27018 & ISO 27701
Shubham Mandal
Information Security Auditor
Bengaluru
Summary
Experienced InfoSec Audit professional with extensive expertise in Internal Auditing, Risk Management, Business Continuity Planning. Decisive and persuasive communicator with notable success in planning, analysis and implementation of security initiatives. Detail-oriented team player with strong organizational skills. Ability to handle multiple projects simultaneously with a high degree of accuracy.
Overview
1
1
year of professional experience
2
2
Certifications
Work History
GRC Associate
JusPay Technologies
07.2024 - Current
- Ensured the organization and all the individual tech stacks (EulerHS Dynamic Routing, HyperPG, UPI Issuing, UPI Acquiring, etc.) comply with relevant laws, regulations and industry standards (e.g. ISO 27001, SOC 2, RBI DL SAR, RBI CoFT, PCI-DSS, PCI 3DS etc.).
- Conducted regular quarterly Internal Audits of Systems, AWS Infra and Applications to identify gaps or weaknesses in existing security controls and recommend corrective actions.
- Successfully facilitated & program managed 40+ statutory audits as well as the 3rd party vendor bank audits throughout the financial year.
- Conducted yearly risk assessments of specific tech-stacks to identify potential security risks.
- Developed and delivered organization-wide training programs aimed at increasing awareness of basic information security practices among the employees.
Security Analyst
CyberCube Services
02.2024 - 06.2024
- Performed 3rd Party Audits and implemented various InfoSec standards/laws such as PCI-DSS v4.0, ISO 27001:2022, SOC (1, 2 & 3), RBI Data Localization Audit (SAR) etc.
- Created and maintained records demonstrating the client's compliance efforts including policies, procedures and audit reports.
- Conducted regular Gap Assessments with clients to address and mitigate the non-conformities within their organizations.
- Identified the gaps between existing controls and compliance requirements, highlighting potential areas of non-compliance and associated risks.
Information Security Analyst - Intern
Scrut Automation
10.2023 - 01.2024
- Analyzed the organization's security controls (e.g., access controls, encryption) and mapped them to the requirements of relevant regulations which ensured all compliance areas were addressed by the existing security measures for the US-based clients.
- Drafted and maintained necessary policies, procedures and controls to meet the standards' requirements.
Education
Bachelor of Technology - Electronics & Communication
Alliance University
Bengaluru, India 08.2013 - 2017.06
Skills
Governance, Risk & Compliance (GRC)
Internal Auditing
Business Continuity Planning (BCP)
Fin-Tech Compliance
Certification
Certified in Cybersecurity (ISC)²
Software
GDPR
SOC 1, 2 & 3
PCI DSS, PCI 3DS
RBI Data Localization Audit (SAR)
RBI Card on File Tokenization Audit (SAR)
Timeline
GRC Associate
JusPay Technologies
07.2024 - Current
ISO/IEC 27001:2022 Lead Auditor (TÜV Rheinland Group)
05-2024
Certified in Cybersecurity (ISC)²
03-2024
Security Analyst
CyberCube Services
02.2024 - 06.2024
Information Security Analyst - Intern
Scrut Automation
10.2023 - 01.2024
Bachelor of Technology - Electronics & Communication
Alliance University
08.2013 - 2017.06
Similar Profiles
Nelson Nelson null
Senior Product Solution Engineer at Juspay TechnologiesSenior Product Solution Engineer at Juspay Technologies
Neeraj KeerthiNeeraj Keerthi
Software Developer at Juspay TechnologiesSoftware Developer at Juspay Technologies
Muskan BhagatMuskan Bhagat
Product Solution Engineer at Juspay TechnologiesProduct Solution Engineer at Juspay Technologies