Information Security Lead Auditor
Resume:
Contact: +91-982**-*****, Email id: **********.********@*****.***
AUDIT MANAGER FOR TECHNOLOGY AUDITS / CLIENT PARTNER INFORMATION SECURITY AND CYBER SECRUITY ENGAGEMENTS / DELIVERY MANAGER / QUALITY ASSURANCE AND QUALITY CONTROL LEAD – SOFTWARE INDUSTRY CISA, CCSK, ISO 27001 Lead Auditor, Data Privacy Lead Auditor, ITIL Foundation V3 Certified, ISO 9001:2008 Lead Auditor, CMMi Green Belt Certified
PROFESSIONAL EXPERIENCE
Citicorp Services India Private Limited, Mumbai
December 2022 – December 2023
Role: Audit Manager for Global and Regional Audits for Business Resilience domain
Successfully lead teams across multiple geographical locations as Audit Lead for Global and Regional Audits in Business Resilience domain.
Managed team across various geographies and ensured on time delivery of global and regional audits.
Involved in Planning, Estimation and overall management of entire audit cycle including planning, fieldwork and reporting
Involved in Design Effectiveness and Operative Effectiveness testing of the technology controls for the business continuity and disaster recovery team.
Provided technical guidance to audit teams in delivering audits and ensuring on time and quality delivery on audits.
Actively involved in defining the Risk Control Matrix and Controls in audit scope and DEA and OET test steps
Received Appreciation from Senior Management for timely and quality delivery of audits.
Involved In mentoring junior team members of audit team. EY, PUNE
June 2018 – December 2022
Role: Senior Lead Cyber Security Consultant
Worked as Senior Lead Auditor for assessing ITGC and Cyber Controls for a large and complex Australian Bank. Performed Design and Operative Effectiveness testing for Technology, Network Security and Cyber controls. Received Client appreciation for effective my effective contribution to this assignment. Was engaged on the assignment from June 2020 to June 2021.
Worked as Senior Lead for two of largest MNC American banks as Third Party Risk Assessment Lead. Performed Risk Assessment for Suppliers for these multinational banks and worked directly in the Clients and the Suppliers. Received appreciation from the organization for my valuable contribution. Was engaged on these assignments from July 2021 to December 2022.
Worked as Senior Lead Cyber Security for Leading Large European Bank Deployed at Client location. Lead a team of Cyber Security Professionals for a large and complex Engagement for a leading MNC bank in Europe on Application Security Assessments of the Critical Banking Applications, which involved understanding the Application Architecture and conducting Application Security Testing of Applications namely SAST / DAST / Manual Test depending on the availability of the Code of these critical banking Applications. Extensively used tools like Checkmarx and Fortify and IBM AppScan source for source code analysis. Also used IBM Appscan and Burpsuite for performing DAST tests.
The role also involved Estimation for the Engagement, being the SPOC for Client, ensuring Timely and Quality deliverables to the client. Received Client Appreciation for completing the work with Quality and on time. Was able to increase business for the organization, from the Client on account of the same. Received Award from EY for being Client Champion for the December Quarter 2019. Worked for the Client during the period from March 2019 to April 2020.
Have also worked Senior Cyber Security Consultant for Leading NBFC on Digital Transformation Project. Deployed at Client location. Designed ISO processes and various Security process templates for the Client during the period June 2019 to August 2019.
Also have worked as ISMS Assessment lead for leading Insurance Client and as Digital Transformation Security lead for a leading NBFC. Worked for this Client from May 2019 to June 2019.
Worked for leading MNC bank in Europe on Risk Assessments of Critical Assets of various Banking Applications which involved understanding the Application Architecture and conducting Risk Assessment of Application using Microsoft STRIDE Threat Modelling Technique. The role also involved preparing the Risk Assessment Report, providing Recommendations on fixing the Risks and submitting the report to the various Application Development Teams. I was also involved in Risk Assessment of various CRs for planned releases of various Applications by assessing the Change Request and detailed design of CRs and providing recommendations on the same. Worked for the Client during the period from June 2018 to December 2018. October 2017 – February 2018
Pursued Certified Information Systems Auditor thru ISACA Pune Chapter. Passed CISA Examination in Dec 2017 in 1st Attempt. Pursued ISO 27K : 2013 through TUV SUD . Passed ISO27K LA course conducted by IRCA in 1st Attempt. TECHMAHINDRA LTD, PUNE
Role: Principal Lead Quality and Information Security Processes / Senior Lead Quality Control / Resourcing Lead May 2017 – September 2017 for Tier2 US Telecom Player Responsibilities
Principal Lead for Quality and Information Security Processes for the Account. Responsible for Information Security ISO27K Compliance and CMMi Compliance for the Account.
Acting as Quality and Information Security SPOC and responsible for Internal and External Audits for the Account.
Also managing Resourcing for the entire Account single handedly. TECHMAHINDRA LTD, PUNE
Role: Delivery Manager / Quality n Information Security Process Lead January 2016 – May 2017 for Tier1 Canadian Telecom Player Responsibilities
As Delivery Manager for Complex Middleware Cache Implementation Engagement.
Principal Lead for Quality and SOC Audit for the Entire Account.
Internal Information Security Process Lead for the Entire Account. Responsible for ISO 27K Compliance for the Account.
Delivery Manager for all T & M Engagements for the Entire Account. End to End responsibility of the Account from Hiring to Invoicing
Career Highlights
o Received Appreciation from Delivery Unit for managing 3rd Party SOC Audit Single handedly for the Entire Account and successful completion of the Audit.
Senior Project Manager, June 2014 - December 2015
Role: Quality and Information Security SPOC for Delivery Unit / Senior Release Management Lead for multiple Delivery units within Business Unit
Responsibilities:
Principal Lead for Quality and Information Security SPOC for the Entire Delivery Unit. Responsible for ISO27K Compliance and CMMi Compliance for the entire Delivery unit.
Responsible for Internal and External Audits and SPOC for Information Security Compliance and Quality.
Design and Implementation of Release Management Processes for various Delivery Units based on business models.
Design and Implementation of Defect Management Processes for various Delivery Units based on business models.
Coordination across various Delivery Units and acting as SPOC for Defect Management activities FLUXONIX SECURITY SOLUTIONS PVT LTD, PUNE
Senior Program Manager Quality Assurance and Information Security Process Lead June 2013 - May 2014 Responsibilities:
Principal Lead Quality and Information Security Process Lead for the Entire Organization
Responsible for Design and Implementation of Quality Processes for the Organization.
Senior Lead GRC Compliance and Application and Network Vulnerability Assessment and Penetration Testing Assessment.
Information Security Processes and Quality Training Lead
Customer facing, Participating in Client meetings as Senior Program Manager Information Security Processes and Quality
Served as a Coach and Mentor to the delivery team, to ensure Process Compliance and enhance Information Security Processes and Quality Processes within the projects thereby improving quality of deliverables being delivered to Customer.
Heading the Quality and Information Security Processes function responsible for ISO 9K Compliance and ISO27K Compliance.
SEED INFOTECH, PUNE October 2011 – March 2013
Delivery Manager, October 2011 – March 2013
Responsibilities:
Project Delivery Management and Principal Lead Process and Quality
Customer facing, Acting a Project Delivery manager for Service management project and SPOC for Client.
Served as a Coach and Mentor to the program, to ensure Process Compliance and enhance Quality and Information Security Processes within the project thereby improving quality of deliverables being delivered to Customer.
Served as a coach and mentor to the Service management project Team to enhance productivity, provide value addition To Client by working “SMART” while delivering Service management project. Career Highlights
Received 5 out 5 i.e. Perfect CSAT from Customer for the Engagement managed by me. TECH MAHINDRA, PUNE Sept’05 - Feb’11
Software Quality Assurance and Information Security Processes Consultant and FP SPOC – for Independent Delivery Unit, Oct’08 – Feb’11
Test Manager and Quality Consultant – for an Independent Delivery Unit, Jul’08 – Oct’08 Product Testing Consultant, Jun’07 – Jul’08
Account Manager, Sept’05 – Jun’07
Served as a coach and mentor to nearly 40 various project teams simultaneously, to ensure process compliance and enhance Information Security and Quality processes within the project thereby improving quality of deliverables being delivered to Customer.
Served as Single Point of Contact for Information Security Processes and Quality Processes.
Responsible for Information Security processes and Quality processes Compliance and Internal and External Audits for the Account.
Serving as a coach and mentored the existing QA Team to enhance productivity and cut down on un-necessary test cycles without compromising on the Quality
Coordinating with clients to define engagement along with project development and resource estimates.
Accountable for project management and completing them within defined time and budget including preparation and maintenance of project plans, estimates, schedules, and other project documents
Conducting daily status meetings to ensure steady progress during regression testing phases and effectively recorded, reported, tracked defects
Career Highlights
Successfully & independently lead team of auditors and cyber security professionals to deliver technology audits and cyber security engagements with quality and on time deliveries for large MNC banks in United States and Europe.
Independently have managed Accounts as Customer Delivery manager and have handled and managed QA and Information Security Compliance of multiple complex products simultaneously and ensured Customer Satisfaction.
Independently managed Quality and Information Security process compliance for more than 20 projects of 2 different Independent delivery units of the organization.
Strong expertise in Project Planning, Project Management, Project Execution and People Management.
Ensured compliance of Internal Quality audits and Project Management reviews, conducting software quality assurance awareness and Information Security process awareness trainings, acting as Auditor while conducting internal Information Security and quality audits.
Worked as Function Point SPOC for the entire IDU.
Was selected by Microsoft to represent on behalf of Tech Mahindra on their customer advisory council for defining features of one of their prestigious SDLC suite.
BINDVIEW INDIA PVT LTD (Now SYMANTEC CORPORATION), PUNE Jul’03 – Jul’05
Quality Manager, Reporting to Group Manager, Team Size – 11 members
Accountable for Project Planning, Project Management, People Management, Project Execution, Test Strategy Planning, Resource Coordination for Network Administration Products. Career Highlights
Received Appreciation from Delivery Unit Head for Ensuring Quality delivery of Products and On Time deliveries.
COGNIZANT TECHNOLOGY SOLUTIONS, PUNE Jun’00 – Jun’03 Project Lead
Involved Test Planning, Designing Testing methodology, Creating Test Plans, Creating Test Procedures, Conducting Testing activity, Creating Automated Test Scripts using Win Runner and also Creating Test Scripts in Load Runner for Performance Testing of the Application.
Career Highlights
Received Rotating Dice Reward from the Customer for delivering Excellent Quality deliverables for delivering the same On Time and within Schedule.
MAGIC SOFTWARE, Oct’99 – Jun’00
Sr Test Lead & Internal Auditor IS0 9000
IIT BOMBAY Aug’97 – Oct’99
Project Coordinator
Project SMARS - First Pre Authorized Debit Smart Card Pilot in India. This project aimed at Evolving National Standards to provide interoperability, mass acceptance and proliferation of smart cards. This was a Research and Development Project carried out for Reserve Bank of India by IIT Bombay. A Pilot project was implemented in IIT Bombay Campus. Also an Inter Bank Settlement System was developed which was implemented in this pilot run. Career Highlights
The Preauthorized Debit Card National Standards delivered to RBI were implemented and was proud member of the Team and Project lead of the Entire that worked on developing the National Standards which eventually were accepted and adapted by RBI. PREVIOUS ASSIGNMENTS
TATA CONSULTANCY SERVICES Sept’96 – Aug’97
Team Member
SEED, PUNE Feb’96 – Jun’96
Developer
PCS INDUSTRIES, BOMBAY Mar’94 – Jun’95
Customer Support Engineer
Responsibilities included testing forms, scripts, and reports, monitoring activities, database creation, tuning oracle parameters, tuning UNIX parameters,
Projects Undertaken
Benchmarking of Typical Oracle Application for IPCL Bombay.
Benchmarking of Typical Oracle Application for State Bank of Hyderabad
Benchmarking of Typical Oracle Application for HMT Bangalore ACADEMIA
B.E, Computer Engineering University of Pune
Diploma Electronics and Radio Engineering Cusrow Wadia Institute of Technology, Pune Certifications
Data Security Council of India Certified Data Privacy Lead Auditor from DSCI, June 2013
Six Sigma Green Belt Certified with ‘A’ grade from Asian Institute of Quality Management, Pune
EXIN Certified ITIL V3 Foundation, 85%
IRCA Certified ISO 9001: 2008 Lead Auditor, BSI India, April 2011
CISA Examination Passed December 2017, cleared in first attempt, conducted by ISACA.
ISO 27K: 2013 Lead Auditor, IRCA Certified, in February 2018.
CCSK Certification Passed in May 2024, conducted by CSA
Contact this candidate