- Responsible for managing Risk Management and Compliance tasks in support of management's Global IT Security and Risk Governance Program-Primarily assisting internal global IT and business partners (BISO/TISO) identify and manage information security risks. Execution of risk and compliance assessments and review of application security controls against ISO 27001 standard IS Control Objectives and Controls.  - Identifying Confidentiality, Integrity and Availability ratings and determining the risk profile of IT Assets. Validating Financial, Reputation and Regulatory Impact Analysis.  - Compliance evaluation of regulatory control requirements. Assisting relevant stakeholders understand the regulatory guidelines and relevant IS controls.  - Assisting IT Managers in remediating the IS Non-Compliant gaps or weakness identified in the risk assessment. Management of remediation actions like - Compensating Controls, Non-Remediation Statements, Risk Acceptance.  - Yearly Quality Assurance of evidences provided for SOx IS key controls before submitting to Internal Auditors and external regulators review.  - Governing security vulnerabilities and control deviations in the regulatory and mission critical applications and servers across the bank. Work with relevant stakeholders for gap investigation and proper remediation.  - Developing risk based Information Security standards and procedures. Developing user help guide for IT controls in the risk assessment.

- Develop, Review and update of information security policies, standards and procedures, and communicating the same to the different stakeholders. - Control mapping with various standards and best practices like ISO 27001, GDPR, PCI DSS, CSC - SANS, NIST- Performing Risk Management activities organization wide- Worked in developing Policy Framework which is followed globally across all NTT Data Offices- Managing the entire Application security dashboard for tracking remediation- Coordinating with the internal stakeholders and work with them closely to mitigate all the open checkpoints- Coordinating with External auditors during their visit, providing supporting evidences against controls implemented.

- Developing Risk Management Framework and performing risk assessment.- Implementation and support of ISO 27001:2013 - Drafting,Review and update of information security policies and procedures- Developing information security training and awareness presentation.- Business continuity planning- Performing technical risk assessment for web applications and IT general controls.- Worked with the stakeholders to ensure Compliance with ISO 27001- Recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of organization's processes. - Worked with software developers to develop strategies and plans for improving application security. - Interprets and translates the information security requirements of the business IS program into technical requirements. - Monitors changes in the risk profile of the highly critical systems their group produces or manages. - Worked with the developers and technical team for the remediation of non-compliance.

Web application and Mobile application security assessment:Activities involved assessing security vulnerabilities in the web and mobile applications through a mix of manual and automated testing. All the sites were hosted in either test or production environment. Tools Used: HP WebInspect Tool, Acunetix , HP Web proxy, Burpsuite proxy, Nessus, Nmap, HP Fortify and EclipseResponsibility: - Running automated scan to find out vulnerabilities of a web application, validating the findings reported by the scanner. - Performing manual testing to find out website vulnerabilities with special focus on OWASP top 10:- Documenting all the findings with the details of the vulnerabilities- Updating Client with the observations for websites. Submitting risk details, impact and remediation for each identified vulnerability.

ISO 27001 Certification and Implementation Support for a large Manufacturing Industry:Activities involved implementation support of ISO 27001 certification for Clients IT department. The work included preparation of Information Security Policies and Procedures, conducting gap analysis, risk assessment , preparation of risk treatment plan, and Vulnerability Assessment of the entire network. Web Application security Assessment:Activities involved assessing security vulnerabilities in the web applications through a mix of manual and automated testing. The sites were classified as static and dynamic sites, marketing and non-marketing sites. All the sites were hosted in either test or production environment. Tools Used: HP WebInspect Tool, Acunetix , HP Web proxy, Burpsuite proxy, Nessus and Nmap Responsibility: • Determining scope of assessment for a website• Running automated scan to find out vulnerabilities of a web application, validating the findings reported by the scanner. • Performing manual testing to find out website vulnerabilities with special focus on OWASP top 10:• Documenting all the findings with the details of the vulnerabilities• Updating Client with the observations for websites. Submitting risk details, impact and remediation for each identified vulnerability.