Swati Gaur

ACHIEVEMENTS/TASKS

• Conduct end to end third party vendor due diligence evaluating on the various stages of Risk management. Review of Third party audit documentation like ISO 27001, SSAE 16.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Performed risk analyses to identify appropriate security countermeasures.
• Recommend improvements in security systems and procedures.
• Conducted security audits to identify vulnerabilities.
• Prepared variety of different written communications, reports and documents.
• Examine Application level Controls for third party owned application.
• Recommend Security controls for high risk vendors.
• Reviewed and conducted SOX compliance audit.
• Assist in managing 3rd party vendor data security and physical security reports (audits).
• Create follow-up actions and assign to appropriate parties.
• Participate in the security audit process for all new vendors.
• Assist in the management of assessment meetings and meeting documentation.
• Interact with Ameriprise Line of Business partners and external vendors in all aspects of the process.
• Ensure open audit findings are closed within designated timeframes.
• Resource for Strategic Sourcing and internal business partners with questions regarding Ameriprise Audit Policies/Processes.
  
• Specialties: Business Continuity Management,
  Disaster Recovery,
  Risk Management,
  Information Security Management,
  Governance Risk and Compliance.

• Identified issues, analyzed information and provided solutions to problems.
• Conducted security audits to identify vulnerabilities.
• Recommend improvements in security systems and procedures.
• Completed paperwork, recognizing discrepancies and promptly addressing for resolution.
• Conducts IT-SOX Audits,SOC Audits (SSAE16Reports)and overseeing IT integration of financial audits across a wide range of sectors (FAIT Audits)
• Perform risk assessments on a variety of processes and functions and review documentation and final
  deliverables to the client;
• Identify areas of process improvement and coordinate with client stakeholders to mitigate business risks
  Performing testing of IT- General Controls for multiple clients.
• Responsible for ISO 27001 based Information Security Management System internal audit.
• Creating remediation's and sending reports to developers/clients
  Researching on new vulnerabilities and creating test cases.
• Reviewed and conducted SOX compliance audit

• Perform Information Security Risk assessments on an ongoing basis and report critical risks.
• Defining, implementing and maintaining security policies and procedures.
• Review Information Security controls in areas as mentioned below:
  o Change management process
  o Incident management process
  o Backup process
  o User identity and access management
• Perform SOX Audit for various manufacturing and Health industries.
• Identified service improvements to increase customer satisfaction.
• Maintained records of account specific service problems and assisted in prioritizing work requests.
• Reported project status to drive on-time project deliverables.
• Interpreted demand forecasts and planned and delivered end-to-end services.