PREMANAND JAYAKUMAR

Risk Assessments:

• Conducted thorough reviews and evaluations of organizational risks for compliance and acceptance.
• Monitored findings and risk assessments, followed up with business units on action plans.
• Developed process documents for new procedures.
• Assessed RFPs/POCs for new assets.
• Provided IT security consultations for newly onboarded applications.
• Established and monitored controls based on associated risks.

Privacy Impact Assessment and Compliance:

• Performed Privacy Impact Assessments in line with GDPR compliance.
• Managed RFP/RFI processes from an Information Security perspective.
• Conducted internal audits with various departments at Shell.
• Automated IT Information Security processes.
• Assessed supplier assurance processes and validated vendor-owned controls.
• Reviewed assurance reports, including SOC II Type II reports.

Consultancy and Compliance:

• Evaluated Information Security posture for specific projects and provided consultancy for compliance with Shell's Data Security & Privacy framework.
• Reviewed and analyzed Master Service Agreements/Contracts, Statements of Work, Inter-Departmental Documents of Understanding, and third-party agreements to evaluate client security requirements.
• Developed security plans and operating procedure documents for individual projects to ensure compliance with Data Security & Privacy framework.
• Recorded data security risks for projects and advised project managers on appropriate mitigating controls.
• Reviewed access control lists and separation of duties records, suggested appropriate mitigating controls for conflicting roles.

Audits and Reporting:

• Performed spot checks/audits and reported findings to senior management.
• Ensured timely closure of open audit findings by reporting and escalating issues to project managers and executives.
• Interpreted technical security findings for non-technical audiences and provided coaching to mitigate findings.
• Developed comprehensive reports to track audit status, open findings, escalations, and data analysis.
• Successfully cleared ISO, SOX audits, and Key Control over Operations assessments without any observations.

• Company Overview: Contracted with PwC and acting as a consultant for Shell Information security & Risk management
• Performed the assessment on the application security, which involves in Access, authentication, data storage, data transmission
• Proactively review information security and related risks, threats, and vulnerabilities, legal and regulatory
• Proven ability to engage with business partners, establish effective working relationships, and deliver results
• Assessing application from data localization aspects
• Reviewing Assurance reports like SOC II type II reports
• Recorded Data Security Risks for applications and advised Project Managers about appropriate mitigating controls
• Collaborate with key stakeholders at all levels of organization to confirm, verify and address audit findings, control deficiencies and remediation plans
• Contracted with PwC and acting as a consultant for Shell Information security & Risk management

• Perform the role of a functional specialist for IT Information Risk Management (IRM) within application and infrastructure projects
• Performing the Business Impact Assessment, Legal & Regulatory Assessment
• Proactively review information security and related risks, threats, and vulnerabilities, legal and regulatory
• Execute IT Projects reviews - guide projects towards project stage gate signoffs so that the projects deliver secure, reliable, and compliant IT solutions
• Led the POC on the application used by the major client and sub-contractors, this involves is assessment on the vulnerability in the applications used across countries
• Assessing the Supplier Assurance Process & validate the Vendor owned Controls

• Monitors project scope, schedule, costs, resources, quality, and risk to ensure project activities/tasks are occurring as planned and any variances are identified
• Applies project management methodology, tools, techniques, and terminology - Is able to demonstrate a theoretical understanding and can identify the application of each in driving successful project execution
• Documents changes to project scope, schedule, quality, and cost - Documents changes to the project scope, schedule, quality, and costs to keep the project plan accurate, updated, reflective of authorized project changes as defined in the change management plan
• Documents project risks, assumptions, issues, and decisions - Document's project risks, assumptions, issues, and decisions, and as applicable, under the direction of a project manager
• Monitors project work - Measure's performance using appropriate tools and techniques to monitor the progress of the project, identifies and quantifies any variances to the approved plan, and as applicable, works with the project manager to identify and communicate corrective actions

• Monitoring process around the Continuous Demand Management Process (CDMP)
• Managing and supporting IT program portfolios
• Setting up the program structure in all effected tools in cooperation with a program manager
• Creating and publishing regular and ad hoc reports
• Supporting senior managers with follow-up clarification/questions
• Gathering data from onshore partners and Subject Matter Experts as well as various databases
• Conducting analysis and graphical presentation of the data

• Supporting and coordinating project management tasks (Quality Control checks, RAID & RAG Reporting)
• Project financials (resources planning, resource management and reporting, budget planning, controlling, and reporting)
• Milestones / Deliverables tracking and reporting
• Updating resource actuals/ forecasts and monthly reconciliation
• Support ad-hoc clean-up and bulk modification requests in SharePoint database
• Initial quality assurance on received data inputs based on given guidelines