Sudipto Chakraborty

• Assist with various Third-Party Risk Management program initiatives working closely with the Third-Party Risk Management Leads
• Facilitate and coordinate with Subject Matter Experts (SMEs) in areas such as Data Privacy, Export Licensing, and Continuity of Business (COB) to complete required due diligence activities
• Monitor information quality, management and access for TPRM activities
• Maintain segmentation, risk assessment tools and due diligence requirements and processes
• Lead the onsite assessment, providing the overall IT Risk expertise
• Develop project plan and execution approach
• Identify opportunities for process improvements to deliver increasing operational efficiency in the processes
• Identify opportunities for improving third party risk posture as well as client’ s third party risk management processes, including expanded monitoring, KRI tracking, etc
• Work with the Vendor Management Office and Head Strategic Sourcing & Vendor Management to formulate holistic strategy around key third parties
• Day-to-day management of risk activities for the TPRM office
• Leveraging holistic third-party risk reporting as another tool in the management of third-party performance
• Ensure assessments and remediation plans are progressing through process and meeting our Service Level Agreements
• Work with Local Third-Party Risk Management, Business Relationship Managers, SME to monitor and close all action items from audit findings for TPRM related findings on time
• Develop and manage the firm’s vendor risk management program
• Improve awareness of Operational Risks faced by Business from third party failure/poor performance and work with Local TPRM/Legal/Business to mitigate any losses
• Uphold the compliance risk-based framework by identifying and assessing the effectiveness of controls in place via engagement with management and, where necessary, develop actions plans to address control deficiencies or gaps identified
• Identify IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio
• Serve as an internal information security consultant to the Foulath stakeholders to assist / advise / educate on all aspects of information security and compliance
• Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention
• Establish governance and monitor compliance with the organizations security policies and procedures among employees, contractors and other third parties and take corrective action where necessary including roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets
• Manage the overall Information Security strategy for the company, thereby protecting the confidentiality, integrity, and availability of the company’s information assets and services
• Establish a compliance culture by instilling awareness in day-to-day interactions and also ensuring completion of the ISMS Compliance training programs
• Assisting in development, review, and dissemination of information security awareness communications in coordination with other institutional stakeholders
• Monitor the audit findings are followed up by the system owners for closure of any non-conformances. Following up with secondary audits to ensure the work is being completed

• Proactively manage the organization’s ISO 27001:2013 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification
• Keep Regional Compliance, Local Management and relevant Committees informed and updated of all related compliance matters/issues, including escalating reportable compliance issues in accordance with set timeframes and requirements
• Audit information systems in accordance with regulatory requirements, including, but not limited to, ISO 27001, SOC and HIPPA
• Provide oversight for all IT audit engagements
• Identify IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio
• Establish a compliance culture by instilling awareness in day-to-day interactions and also ensuring completion of the ISMS Compliance training programs
• Conduct internal audits related to ITGC's and application controls.
• Implemented a risk-based audit program.
• Identified process inefficiencies through gap analysis
• Manage engagement activities between compliance, internal audit and external audit teams.
• Articulated audit findings, risk and detailed recommendations to upper management
• Established goals, policies, and performance indicators.
• Analyzed new and repetitive events, incidents, and problems within the technology environment to find common underlying root cause(s).
• Conducted statistical analysis via trend analysis and various reporting methods to demonstrate where incidents were occurring.
• Assisting in development, review, and dissemination of information security awareness communications in coordination with other institutional stakeholders
• Monitor the audit findings are followed up by the system owners for closure of any non-conformances. Following up with secondary audits to ensure the work is being completed

• Served as change agent with strong credibility and influence in the organization
• Drive culture of Innovation and Continuous Improvement through best practice sharing, vocal advocacy and visible hands-on leadership
• Develop and provide right metrics to measure process quality and productivity, providing meaningful feedback to the technology and business teams
• Identify IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio
• Establish a compliance culture by instilling awareness in day-to-day interactions and also ensuring completion of the ISMS Compliance training programs
• Assisting in development, review, and dissemination of information security awareness communications in coordination with other institutional stakeholders
• Monitor the audit findings are followed up by the system owners for closure of any non-conformances. Following up with secondary audits to ensure the work is being completed
• Guide operations business teams and our contact centers in their ability to develop and execute daily, weekly and monthly action plan that increase quality and customer experience
• Create final audit reports, oversee implementation of corrective action plans, while maintaining communication with all levels of management, and prepare draft reports for review by department management.
• Manage project status; facilitate audit status meetings to communicate findings, issues and areas for improvement to client management, executive leadership and Corporate Internal Audit leadership
• Evaluate IT infrastructure in terms of risks to the organization and establish controls to mitigate loss. Determine and recommend improvements to enterprise risk management controls.

• Established metrics, applied industry best practices and developed new tools and processes.
• Communicated directly with QA team to resolve user-reported problems and questions.
• Wrote, reviewed and approved documents to preserve quality assurance.
• Performed internal audits to maintain operating procedure and regulatory standards compliance.
• Directed day-to-day quality assurance department activities, establishing rapport with team members to facilitate effective communication and coordination.
• Analyzed quality management system metrics to identify trends, lead improvement projects and prepare third-party inspections and audits.
• Analyzed quality threshold metrics to compile QMS reports.
• Created requirements for milestones and monitored completion of tasks for QA team.
• Evaluated interactions between associates and customers to assess personnel performance.