Shwetha Surendra
Risk & Control Advisor
Bangalore
Summary
Results-driven Information Security professional with a strong track record of 9 years in safeguarding organizations from cyber threats. Expertise in risk and compliance management with ISO 27001, PCI DSS, GDPR, SOX and COBIT 5 frameworks and proactive improvement of security policies and procedures with the help of several information security tools.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Risk & Control Advisor
Royal Dutch Shell - Shell Market India Pvt Ltd
Bangalore
03.2022 - Current
- Led internal audits to validate PCI DSS requirements (PCI V4) for Shell Retail and Financial applications for multi-million dollar projects, while Identified areas for improvement and addressed control gaps, enhancing security postures and reducing vulnerabilities.
- Facilitated the acquisition of new attestations (SOC 1 & 2, PCI DSS, ISO 27001 etc) as needed to meet evolving regulatory requirements. Demonstrated expertise in managing Enterprise Risk and Third-Party Risk for various vendors managing Shell applications.
- Performed PCI DSS Assessment and scoping while facilitating implementation of Firewalls, Intrusion Prevention Systems, Load Balancers, Proxy, SFTP, Antivirus, and Mail Gateway for PCI DSS compliance for applications hosted on Azure and AWS.
Security and Compliance Analyst
Royal Dutch Shell - Shell Market India Pvt Ltd
Bangalore
10.2019 - 02.2022
- Conducted thorough Risk Assessments, including Business Impact Analysis and Legal & Regulatory Assessments, across the globe within Shell.
- Executed internal IT audits, assessing ITGC & ITAC Control Implementation in compliance with SOX financial controls.
- Proficiently managed end-to-end risk and control gap assessments for Shell's retail and finance applications, following the COBIT 5 security control framework.
Business Analyst
HTC Global Services
Bangalore
11.2018 - 09.2019
- Reviewed compliance findings and devised effective solutions to aid stakeholders in executing remediation actions & continuous involvement of leadership of the progress
- Assessed risk outcomes in retail applications, coordinating with teams to implement controls based on risk assessments
- Provided informed guidance to Business Application Owners (BAO) regarding security findings, remediation strategies, best practices, and document management tools
Solution Expert
MetricStream India Pvt. Ltd
Bangalore
11.2014 - 10.2018
- Collaborated with 30 + clients from fortune 500 companies to perform comprehensive Risk Assessments, analyzing potential vulnerabilities and threats within their IT infrastructure.
- Expertise in GRC platform applications like Business Continuity Management, Enterprise Risk Management, Operational Risk Management, Metrics, Compliance Management, Policy & Document Management, Internal Audit, Survey, Business Continuity Management, Third Party Management etc.
Education
Bachelor of Engineering - Information Science
Vemana Institute of Technology
Bangalore 08.2010 - 2014.07
Skills
Information Security Tools
Certification
Payment Card Industry Professional from PCI SSC
Accomplishments
- Implemented a comprehensive risk management framework and compliance program for a multi million dollar project.
- Remediated 200 lightly managed applications & Received the best performer of the year
- Designed 35+ cost effective controls which helped secure cloud infrastructure for shell applications hosted on azure
Timeline
Risk & Control Advisor
Royal Dutch Shell - Shell Market India Pvt Ltd
03.2022 - Current
Security and Compliance Analyst
Royal Dutch Shell - Shell Market India Pvt Ltd
10.2019 - 02.2022
Business Analyst
HTC Global Services
11.2018 - 09.2019
Solution Expert
MetricStream India Pvt. Ltd
11.2014 - 10.2018
Bachelor of Engineering - Information Science
Vemana Institute of Technology
08.2010 - 2014.07