IT Risk Management, Third Party Risk Management, Vulnerability Management and Governance

• Engaging client’s third-party vendor owner, Data Protection and Security team to determine if there are any known security risks or issues that should be investigated in more depth during the assessment. • Performing third party information security assessments as per the questionnaire provided by client for existing and new in scope third-party vendors. • Carrying out assurance activity on most critical Third Party suppliers, and QA the work of team members • Defining and continuously maintaining target assessment plan for the third-party vendors in scope based on completed tiering workbooks and the Prioritization Workflow provided by client. • Scheduling of in scope existing third-party vendor information security assessments. • Tracking and periodic MI reporting of third-party information security assessments for third-party vendors.• Delivered end-to-end Toxic Combinations process to the agreed toxics methodology framework and operating model. • Identify, detect and remediate toxic combinations. • Identify key applications and entitlements that allow users to execute the identified sensitive business transactions. • Build toxic combination rule sets and analyze access within and across applications to identify potential breaches. • Risk Assessment, Management and Security Patch Compliance. • EHRS - Ethical Hacking and Remediation Services: Reporting and working with infra teams to remediate the identified vulnerabilities and tracking the risks periodically till remediation.• Execution of Information Security Awareness Training and activities. • Management and administration of SLA for the entire Non-Compliance remediation.• Working on SOX Controls related to Access Control and Firefighter Id’s on various SAP Systems.

• Data privacy and access classification reviews. • Identity compliance- To ensure authorised user access and to prevent unauthorised access to systems, services and applications. • Administration of RSA account for the users who are working remotely by using ACE Admin tool. • Security access compliance – Group, shared folders, Secure data transfer. • Project Compliance, Change and Release Management • Request workflow review and assessment. • Security Incident Management review and reporting. • Liaise between other departments (Windows Server, Messaging, Movers, Helpdesk & Application Support Teams) as required for day to day work to support Operations. • Part of weekly ops call, Quality Check & Process update. • Preparing Team reports on Weekly & Monthly basis and sharing new updates. • Handling escalation Call / E-mail and maintain Customer Satisfaction. • Training & Mentoring the new joiners about the process to enhance their performance & productivity. • Creation of the process documents for newly on-boarded Services

• User access management – AD and Messaging • Security access management – group and shared folders. Secure data transfer • Performing DNS entries and IP assignments on server by using our tool Vital QIP • Account attestation for idle, orphan accounts and recertification• Weekly & Monthly reporting to stake holders & Management Client, • Maintaining and monitoring SLA, OLA & KPI (Key Performance Indicators) • Quality analysis & audit report assessment of SLA breached SRs, incidents • Daily Dashboard preparation and Application On-boarding as per compliance standard defined by security team

• User Account Administration and access management. Provide a secure and authentic access to users on different Banking and Finance applications. • To provide access rights on different level by approving the user IDs for various server & domains and modify the access rights as per the requirement of production & operations. • Creation, Modifications & four eye check (secure access & delegation) for applications e.g.: CINQ.NET, Image Solutions, Departmental Internet Trading, Direct Internet Trading, E-Bills Management within Identity Management Services. Management with the classifications of Security Administration in I.T. Infrastructure.• Responsible for implementing and maintaining system security. • Defining users, resources, access levels, and facilities. • Controlling the security environment by using control options and TSS Commands. • Monitoring resource access violations with the auditing, tracking, and Reporting options. • Working on how CA Top Secret works and how to best implement security for your system. • Acts as the liaison between CA Top Secret and the users who need to access the facilities and resources it secures. • Creation of all types of user, batch, and profiles IDs based on the requests requirements. • Generating scripts for annual & semiannual reports for overall Ids• Maintenance of Bloomberg user ID, assigning necessary sales & trading privileges, Creation of Bloomberg Trading Books (based on requirements), Generating SSRT & Trace Reports. Recertification Process, Security Operations and Access Audit: • Maintaining the ID inventory to trace the stale and orphan accounts. • Processing the leavers requests on primary accounts, remote secure devices and Blackberry. • Auditing access levels of users and regular checks between regular intervals as agreed with business and maintaining the proper Access Management system

Maintaining LAN by providing support in sense of troubleshooting and Installation.Hardware installations of switches, modem & routers.System support for windows users by providing support in sense of installation, configuration & troubleshooting.Application support for various web based interface & internet profiles.Daily report generation on the behalf of call logs and completed incidents.