Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Timeline
Generic

SWATANTRA KUMAR GUPTA

Bengaluru

Summary

As a Vice President at JPMorganChase, I leverage my 14+ years of experience in cybersecurity and risk management to evaluate effectiveness of IT controls for the technology teams to validate they are effectively managing their risk and aligning with firm, regulatory, industry standards and compliance. I currently perform internal audits for the Infrastructure Platforms teams at JPMC.


Previously, I have worked with Deloitte and EY, providing advisory services to financial services and government sector clients on various aspects of cybersecurity, such as third party assessments, application control assessments, and quality assurance. I also have experience in penetration testing, security solutions advisory, and information security awareness programs development and roll-out.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Vice President - Technology Audit Manager

JPMorganChase
03.2019 - Current
  • Managing a team of 6 India based team members that perform global IT audits.
  • Lead recruitment efforts and instrumental in on-boarding the team members and bring them up to speed with Department expectations
  • Part of the Infrastructure Platforms (IP) Audit - Management Team reporting functionally to the Head of IP Audit
  • Reviewing applicability of data localization requirements for IT Infrastructure for countries such as Luxembourg and validating controls during audits
  • End to end execution, project management and stakeholder management responsibility of global audits to Audit Leadership and accountability towards the Annual Audit Plan
  • Performed internal and external cloud audits and India Lead for Global Cloud Working Group for Internal Audit
  • Conducted audits for products against firm standards, regulations and specific industry standards (such as PCI DSS, SOC2) to identify coverage and assurance levels
  • Conducted JPMC India Branch Technology audits to provide assurance against Reserve Bank of India (RBI) compliance requirements
  • Conducted fieldwork to test control design and operating effectiveness of controls implemented by the technology teams
  • Prepared audit working papers and schedules to document audit evidence and conclusions
  • Prepared audit reports that accurately summarized audit findings, detailed the results of the audit and identified potential risks
  • Performed Annual Risk Assessments and Continuous Monitoring

Manager - Risk Transformation

EY Global Delivery Services
12.2017 - 03.2019
  • Pillar lead for Quality Assurance (QA) for Third Party Risk Management (TPRM) for 4 Banking Clients in the United States
  • Managing teams across 3 geographies (US, India and Philippines) that perform QA at 2 levels (L1and L2) prior to the assessment report being rolled out to clients
  • Developed Audit Work Programs and Risk and Control Matrix for regulatory requirements such as PCI DSS and SOC2
  • Developed and implemented Quality Control Framework for the deliverables to the clients in the capacity of the Quality Control Team Lead
  • Active participant in designing the TPRM framework and select modules for the TPRM platform to be used by the banks
  • Developed and implemented a risk-based audit approach that identified and addressed potential areas of IT Risk
  • Acted as a IT Controls assessment trainer for the assessor team that performed third party risk assessments

Senior Consultant - Cybersecurity : Strategy & Governance

Deloitte US-India Offices
12.2015 - 11.2017
  • Conducted third party assessments for one of the Fortune 100 banks in the United States
  • Prepared reports to highlight the findings, gaps and recommendations
  • Performed Quality check (QC) of the reports prepared by the bank’s internal audit team to ensure that leading practices are followed and quality is ensured
  • Conducted Application Control Assessments for the third parties of one of the Fortune 50 banks in the United States
  • Prepared reports to highlight the findings, gaps and recommendations
  • Peer review of the reports prepared by other assessors to ensure quality
  • Identified potential use cases of Robotic Process Automation, Cognitive Intelligence, Risk Sensing and Block Chain within the Cyber Risk market offering
  • Evaluated the products available in the market and finding the best fit and worked with the developers to develop a proof of concept

Senior Consultant - Cybersecurity

EY India
04.2011 - 11.2015
  • Prepared Audit framework, audit schedules and relevant templates for Data Center Audits
  • Acted as a Central Team member for Third Party Audit engagements at 7 State Data Centers across India managing key project timelines, milestones, deliverables and reports for the state data centers
  • Interfaced with client leadership team for updates, roadblocks and next steps
  • Coordinated with location Data Center audit team members for Audit activities and follow ups
  • Maintaining knowledge repository on the basis of Audits conducted
  • Designed the Physical security and IT Security technology and processes for a CA Solution to issue Digital Signature Certificates, Online Directory Services for Digital Signature Certificates
  • Designed the Security Operations Centre requirements and Security Components specifications
  • Drafted the Service level Agreements (SLAs)
  • Outlining the periodic internal audit requirements
  • Worked as the Information Security Consultant for Information Security Strategy for a Government Department in Qatar
  • Reviewed current state of Information Security
  • Reviewed and modified current Information Security policies, and develop new policies and procedures
  • Prepared Information Security Strategy, Security Operating Model, Master Plan and Quick Wins
  • Worked as a Consultant for ISO 27001 readiness assessments, quarterly reviews and implementation advisory for multiple government entities in India
  • Performed ISO 27001 quarterly reviews
  • Conducted ISO 27001 awareness workshops

Education

Master of Business Administration - Information Systems & Security

Symbiosis Center For Information Technology
Pune, Maharashtra
04.2011

Bachelor of Technology - Computer Science & Information Technology Engineering

MJP Rohilkhand University
Bareilly, Uttar Pradesh
07.2008

Skills

  • Team leadership
  • Relationship building
  • Decision-making
  • Critical thinking
  • Coaching and mentoring
  • Client relationship building
  • Documentation and reporting
  • Risk management
  • Staff development
  • Policy and procedure development

Certification

  • Certified Information Systems Security Professional (CISSP), 10/20, ISC2


  • Certified Information Systems Auditor (CISA), 08/17, ISACA


  • Certificate of Cloud Security Knowledge (CCSK), 01/22, Cloud Security Alliance

Personal Information

Title: Vice President - Technology Audit Manager

Timeline

Vice President - Technology Audit Manager

JPMorganChase
03.2019 - Current

Manager - Risk Transformation

EY Global Delivery Services
12.2017 - 03.2019

Senior Consultant - Cybersecurity : Strategy & Governance

Deloitte US-India Offices
12.2015 - 11.2017

Senior Consultant - Cybersecurity

EY India
04.2011 - 11.2015

Bachelor of Technology - Computer Science & Information Technology Engineering

MJP Rohilkhand University

Master of Business Administration - Information Systems & Security

Symbiosis Center For Information Technology

Similar Profiles

  • Olivia Diorio

    Olivia DiorioOlivia Diorio

    Data Management Controller (DMC) at JPMorganChaseData Management Controller (DMC) at JPMorganChase

    View Profile
  • Joseph Jenson

    Joseph JensonJoseph Jenson

    VP - Quantitative Analytics Manager at JPMorganChaseVP - Quantitative Analytics Manager at JPMorganChase

    View Profile
  • Isaac Ollarsaba

    Isaac OllarsabaIsaac Ollarsaba

    Lockbox Processor at JPMorganChaseLockbox Processor at JPMorganChase

    View Profile
SWATANTRA KUMAR GUPTA