Varun Tyagi

Primary responsibility is to lead IT Governance, Risk & Compliance and Regulatory vertical, to ensure that the organization (and its employees) are following the rules and regulations of regulatory agencies, company policies and procedures and firm-wide standards.

Key responsibilities include - Recognize, develop, maintain, and administer all aspects of the IT Governance, Risk & Compliance program adequate to ensure adherence to applicable RBI laws and regulations for Bank's in India.

• Aligned IT with business goals while managing risks and meeting all industry and government regulations.
• Augmented procedures for ongoing vendor assessments, risk management, and remediation program governance.
• Lead gap assessments to identify areas of improvement, implementing changes that resulted in greater operational efficiency.
• Supervised third-party examinations and audits including regulatory audits like RBI IT Examination, SWIFT Controls Audit, ISE Audit, RBI KRI Audit, Statutory Audit, RBI Tranche's etc.
• Responsible for correspondence with the regulators like RBI, CERT-In, IDRBT, ReBIT for data submissions and disseminating IT regulations to business and support functions and providing ongoing advisory service.
• Provide guidance to management on IT compliance matters including the development and oversight of regulatory developments governing regulatory compliance of projects and products.
• Successfully managed change within the organization, ensuring smooth transitions during periods of restructuring or process improvements.
• Established policies and procedures that improved operational efficiency within the organization.
• Maintained compliance with industry regulations by implementing risk mitigation measures and maintaining accurate documentation.
• Worked proactively to assess and prioritize risk and compliance issues; established, implemented, and managed IT compliance policies, procedures, and monitoring throughout the organization to ensure that the compliance program is effective and be efficient in identifying, preventing, detecting, and correcting non-compliance with internal policies and regulatory requirements.

• Enhanced privacy compliance by developing and implementing comprehensive policies and procedures.
• Assisted in identifying, assessing, monitoring, controlling and mitigating data management, privacy and record management risks to the Group.
• Collaborated with cross-functional teams to ensure privacy regulations were incorporated into new product development processes.
• Spearheaded training initiatives to educate employees on privacy laws and best practices, promoting a culture of data protection awareness.
• Championed a culture of continuous improvement within the privacy function, fostering innovation and adaptability to meet evolving regulatory demands.
• Advised senior management on strategic decisions related to privacy issues, supporting informed decision-making at all levels of the organization.
• Oversaw incident response efforts, conducting investigations and reporting breaches as necessary to regulatory authorities.
• Provided expert guidance on data processing agreements, safeguarding the company''s interests in third-party collaborations.
• Lead privacy impact assessments for major projects, minimizing risks associated with personal data processing activities.
• Established strong working relationships with regulators, demonstrating proactive engagement in privacy matters.
• Achieved efficient vendor management through detailed reviews of their privacy practices and documentation requirements.
• Managed timely responses to data subject access requests, ensuring compliance with applicable regulations.

• Planned audits and audit activities to allocate necessary resources and determine consistency of plans with audit objectives.
• Ensured compliance with regulatory requirements by performing regular audits and staying up-to-date on industry standards.
• Mentored junior auditors, sharing knowledge and best practices to foster their professional growth within the team.
• Streamlined audit processes, improving efficiency and reducing time spent on each audit engagement.
• Conducted risk assessments to determine areas requiring increased focus during subsequent audits.
• Managed multiple concurrent audit engagements, prioritizing tasks to meet deadlines without compromising quality.
• Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
• Collaborated closely with external auditors, providing requested documentation promptly to facilitate smooth year-end audits.
• Developed audit policies, guiding administrative and technical functions.
• Managed and supervised a varied team of Information Security and System Auditors overseeing audits of internal and external stakeholders.
• Ensured compliance and reporting of Information Security initiatives across the organization.
• Led the GDPR and IS Audit of London Branch across Branch Information Assets to IT infrastructure in Bank Data
  Centre and on Cloud.
• Key Contributor in designing and updating the Information Security Policies and standards of operation for the
  organization in line with RBI guidelines adopting NIST cyber-security framework.
• Manage and lead the ISMS Audit conducting pre-emptive audits and reviewing Information Security Policies prior to external ISO Certification Audit.
• Managed continuous monitoring of the corporate network via service providers ensuring regular Vulnerability Assessments and Penetration Testing performed upon Bank’s critical Information Assets and applications.
• Bridge the gap and act as a Subject Matter Expert for stakeholders and capabilities for the timely rectification of Vulnerability Assessments/ Penetration Testing findings and observations.
• Directed the Disaster Recovery (DR) Site Migration Audit Project involving Pre-Migration, Migration and Post-Migration Activity Audit.
• Manage the third-party audit and oversight function of the bank facilitating risk assessments of vendors providing services like Financial Inclusion through POS machines, Card Centre Service providers, Network Operations Centre (NOC) service providers, Hosting service providers for website, email, etc.
• Ensured Technology Resilience through Disaster Recovery (DR) drill with thorough checks on Application and Database Servers, Network related infrastructure, Review of Firewalls, Logical access control checks.
• Experienced in auditing Bank’s Data Centre multiple times with thorough checks on physical and logical security including Server’s Operating System, Database, Routers, Network Radius Servers, Firewalls, Storage Devices et al.
• Audited SWIFT environment of Bank with control checks on all related IT infrastructure.
• Conducted Security Operations Centre (SOC) Audit of Bank with audit ranging from policies, rules configured in SIEM Solutions, review of tools integrated with SIEM for log collection, review of reports generated and the related IT infrastructure including Servers, Databases and Appliances.
• Conducted Review of Bank’s Firewall rules and policies and review the VPN connections and network zones spanned across.
• Conducted internal PCI-DSS Audit of Card Centre department of Bank.

• Researching prospective accounts in target markets.
• Pursuing leads and moving them to the sales cycle.
• Supporting the IT infrastructure of the organization by administering the role and access privileges.
• Accomplished multiple tasks within established timeframes.
• Maximized performance by monitoring daily activities and mentoring team members.
• Enhanced customer satisfaction by resolving disputes promptly, maintaining open lines of communication, and ensuring high-quality service delivery.
• Setting goals and developing plans for business and revenue growth.