• Collaborates with Third Party Risk Management (TPRM) and other Risk Partners (including Privacy, Compliance, Disaster Recovery, Country, Fraud, Physical/Environment, HR/Personnel, etc) to ensure end-to-end delivery of Risk Oversight Function.• Assisted in developing and implementing risk management frameworks and control frameworks for vendor/supplier (Third Party) external risk assessment. Have assessed about 40 vendors in the last 12 months.• Evaluates their compliance with contractual and regulatory requirements.• Utilize industry-standard security standards and frameworks such as ISO 27001/2, ISO 27036 and other appropriate ISO Standards, NIST SP 800-53 and 800 Series, NIST STIG, and National Checklist Program, ISACA IT Audit Framework/COBIT, SSAE 18, Cyber Kill Chain/MITRE ATT&CK, and CSA Cloud Control Matrix (CCM) to assess and evaluate security controls and identify vulnerabilities present in partner vendor environments.• Conducts due diligence reviews, risk assessments, and security audits of third-party vendors across On-Prem and Cloud environments.• Evaluates vendor security questionnaires and conduct interviews to gather necessary security information and evidence to validate controls.• Collaborates with vendors to track the remediation of identified vulnerabilities and improve overall security.• Collaborates with procurement, vendor management, and legal teams to ensure contractual obligations related to cybersecurity are met.• Provide end-to-end issue management, monitoring, tracking, and reporting of the status of risk remediation activities to management, including documenting challenges, and following through the workflow for risk treatment procedure – acceptance, remediation, and re-referencing.• Conducts research on emerging security trends and threats leveraging NVD, OWASP Top 10, SANS Top 25, MITRE ATT&CK, and other repositories.

• Assisted in the development and implementation of Governance, Risk, and Compliance (GRC) policies, standards, and procedures associated with information systems, applications, and infrastructure.• Developed risk-based audit plans, and executed audit procedures.• Conducted comprehensive IS/IT audits to assess the effectiveness of internal controls, compliance with regulatory standards, and adherence to best practices.• Collaborated with cross-functional teams to identify and mitigate IT risks and improve overall security posture.• Assessed the security risks associated with cloud-based environments and services.• Advised on the implementation of risk mitigation strategies, controls, and policies.• Monitored and reported on risk mitigation progress to senior management.• Executed IT General Controls (ITGC) and Internal Control Audits in accordance with SOX section 404 requirements, evaluating IT controls, including access controls, change management, program development, and data integrity• Conducted assessments of IT systems to ensure compliance with regulatory standards, mitigate risks impacting financial reporting, and provide recommendations for enhancing IT general controls.• Conducted risk assessments, documented control narratives and process flows, and performed comprehensive testing to identify control deficiencies and recommend remediation plans. • Skilled in leveraging control frameworks and methodologies to assess the adequacy of internal controls and improve the overall control environment.

• Evaluated vendors’ Information Security Controls per Inherent Risks in-scope for client portfolios• Reviewed Governance controls such as SOC reports, Policies & Process documents, Artifacts (like vulnerability scans, Pen-test reports) ISO 27001 Statement of Applicability (SOA), PCI-DSS certification, etc. to validate vendor information security controls• Revised existing Vendor Risk Assessment procedure that improved assessment completion rate and turn-around-time by 35% without compromising quality• Conducted in-depth risk-based security assessments on the supplier environment for various controls relevant to Identity & Authorization Management, Access Control, Operational Resiliency, Privacy, HR/Personnel Security, Cloud Security Controls, Physical Security, Encryption, Data Loss Prevention, Incident Management, and so on• Planned, performed, and managed all aspects of assigned audit engagements • Assessed compliance with regulations and clients’ standards, policies, and procedures • Developed and communicated recommendations for improvement to senior IT leadership

• Part of the IT Audit and Compliance team providing guidance on ITGC, internal controls compliance globally.• Evaluated IT general controls (ITGC) including information security, change management, data center, third-party risk, identity and access management, physical security, IT security operations, and program and project management audit.• Reviewed control descriptions, process narratives, and testing strategies for reasonableness and accuracy.• Work on improvements for provided security services, including the continuous enhancement of existing methodology material, and supporting assets.• Performed scoping and scheduled walkthrough with members of the business and IT regarding the purpose of testing ITGC, provided guidance on the implementation of ITGC, and provided suggestions on how to improve their ITGCs.• Worked with process owners in the creation, updates, and maintenance of Risk and Control Matrices (RCM) for processes in scope during the risk assessment and walkthrough-related activities.• Conducted IT security audits (e.g., Network, Operating System, and Databases), including evaluating whether security vulnerabilities are properly identified and mitigated