• Performed necessary tasks to protect information systems assets from unauthorized access or destruction by involving in several GRC initiatives such as DBAM Tool implementation, Beauceron Security (SaaS) implementation and Data masking on customer credit & debit card numbers stored on the Database server.• Implemented ISO 27001 to include new enhancements/changes, which required the development and implementation of new Information Security policies and procedures.• Responsible for governance, risk, and compliance activities within the Information Security team utilizing best practice frameworks such as NIST, ISO 27001 and PCI-DSS.• Monitored the results from risk assessments, penetration testing, and vulnerability scans and ensured treatment plans and remedial actions are being progressed.• Tracked developments and changes in the digital business and threat landscape to ensure that they are adequately addressed in security strategy plans and architecture artifacts. • Implemented Beauceron Security (SaaS) platform for all Bell employees to provide Security education focusing on human side of security. Helped in designing awareness programs through surveys, computer-based training, phishing simulations, and risk scoring.• Performed risk assessment for cybersecurity, information security and business continuity.• Facilitated the Audit process within the team in terms of identification of root cause of audit findings, determine and implement appropriate CAPA / Remediation Plan.• Conducted Infrastructure Audits; IT Audits and internal controls testing (design & operating effectiveness) to verify areas of weaknesses requiring remediation before rewriting policies and undergoing mandatory compliance audits.• Set up ISMS policies and standards, fostering security awareness across the Organization.• Participated in Business Continuity Plan and Disaster Recovery policy drafting.• Involved in DR Drills, BCP Notification Testing.

• Responsible for Technology GRC Workshop – maintained and updated GRC deck on weekly basis; to ensure the Leadership Management (CISO) is well informed on the Security Health status; including Vulnerability patching schedules, Major Risks and Audit Findings. • Worked on ISO 27001:2013 for implementing ISMS to ensure resilient Cyber Security Framework.• Worked on Risk Register: Reviewed existing entries, Asset identification, evaluation; Vulnerability assessment, Risk assessment and documented ISMS controls after thorough discussions and reviews with stakeholders.• Performed Control Effectiveness Rating Annual Reviews with the control implementing teams and reported them to the Control owners and CISO.• Developed and maintained Tech security artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations. • Revamped the information security control guidance, including technical documentation, e.g., System access, Network, Cloud computing, Supplier management, Business application management security policies.• Delivery of the information security awareness program and briefings; scheduling, monitoring, and reporting on security awareness and induction training for all staff within the scope of the ISO 27001 schedule.• Cybersecurity maturity assessments against NIST, SOC 2, ISO 27001.• Experience in Performing risk assessment for cybersecurity, information security and business continuity.• Facilitated the Audit process within the team in terms of identification of root cause of audit findings, determine and implement appropriate Audit Remediation.• Conducted Internal IT Audit and follow-up till closure.• Coordinated the development and maintenance of business continuity plans and procedures.• Participated in DR Drills and updated the Leadership Management with the DR Drill report.

• Actively involved in On -Boarding of Privilege Access account in CyberArk Vault and Thycotic Secret server in bulk.• Wrote User stories, Acceptance Criteria and ensured the Story readiness both technically and functionally for the implementation of Privilege Access Management tool – CYBERARK.• Collaborated with Design (UI/UX Team) to come up with mock-ups and wireframes for the CYBERARK implementation.• Collaborated closely with Product Owners and stakeholders to refine and prioritize the product backlog, ensuring alignment with business objectives.• Interacted with Business Stakeholders to gather and finalize Business Requirements for the application. • Developed UML Use Cases using Rational Rose and using Requisite Pro, monitored change requests and documented requirements, integrating them with Use Cases.• Communicated client’s business requirements by constructing easy-to-understand data/process models.• Involved in JAD sessions, which helped synchronize the different stakeholders on their objectives and helped the developers to have a clear-cut picture of the project. • Maintained proper communication with the developers ensuring that the modifications and requirements were addressed and also monitored these revisions. • End to end functional, regression and GUI (look and feel) testing. • Developed manual Test Scripts and Status reports and communicated to stakeholders.