Nicholas Lawrence

Nicholas Lawrence Email and Phone Number

Cyber Compliance I Cybersecurity I GRC I Audit l Terraform l Kubernetes l Jenkins l AWS l Enterprise Risk Management @ Tata Consultancy Services
bombay, maharashtra, india
Nicholas Lawrence's Location
Midlothian, Texas, United States, United States
About Nicholas Lawrence

A certified Governance, Risk and Compliance professional with experience in various regulations including SOX, GDPR, HIPPA, ISO, NIST, CMMC, NYDFS, CCPA, PCI-DSS and GLBA. He has extensive experience with Security Infrastructure audit and managing incident management and IAM/PAM implementation and processes. He also has strong communication skills and has experience in supporting SOX management testing by conducting ITGC SOX compliance review and working with stakeholders and owners on security policy framework, standards, and procedures.”Additionally - core skills:Experienced Senior Information Technology Specialist with a demonstrated history of working blue chip & global Enterprise. Skilled in IT Auditing, IT InfoSec protocols, Regulatory & Compliance Requirements, Vendor Risk Management, and Business Process Improvement. Strong InfoSec professional. Additional skillsetProfessional competence, Experience, and Skills:Manage the IT SOX program which involves building a sustainable control framework referenced by both the internal and external audit teamsManage successful completion of testing of significant IT general controls in accordance with the Sarbanes-Oxley Act of 2002• Skilled in directing and leading IT Security Audits for each of the following areas;• Operating systems (Windows, UNIX flavors & Mainframe)• Databases including data warehouse appliances • Application Security including ERM systems• Network Security and System Development Life Cycle (SDLC) including AGILE methodology• Auditing IT Service Management (ITIL) for the incident, problem, and change management• Regulatory compliance with SOX, PCI-DSS, GLBA, FFIEC, ISO27001, CIS, CMMC, and NIST SP-800• Working knowledge of Audit and data analytic applications: Teammate, Working knowledge of Audit and data analytic applications: Teammate, MS-office-Word, Excel, PowerPoint, MS-project, SharePoint, Tableau, SIEM- (core logic, Splunk Enterprise, Fidelis Cybersecurity, Qualys, Nexpose, Netspoke, Trustwave, Threat advisor, Anomali, Proofpoint), PIM/PAM tool- Cyberark, ServiceNow, Gaurdium- IBM, Confluence, MetricStream GRC tool, RSA Archer, Infohub GRC tool, SAP – Ariba, One Trust tool. Excellent project management skills include Agile-PM, Effective written and verbal communication.

Nicholas Lawrence's Current Company Details
Tata Consultancy Services

Tata Consultancy Services

View
Cyber Compliance I Cybersecurity I GRC I Audit l Terraform l Kubernetes l Jenkins l AWS l Enterprise Risk Management
bombay, maharashtra, india
Website:
tcs.com
Employees:
408935
Nicholas Lawrence Work Experience Details
  • Tata Consultancy Services
    It Grc Technical Lead
    Tata Consultancy Services Jun 2021 - Present
    United States
    As an IT Security-Risk Systems Compliance Analyst Lead, I played a crucial role in ensuring that the organization’s IT systems and operations comply with security policies, industry regulations, and best practices. I was responsible for assessing, monitoring, and mitigating security risks while maintaining compliance with relevant standards and my responsibilities are as follows - Risk Assessment |Compliance Management | Security Auditing| Security Policies and Procedures|Vulnerability Management | Incident Response| Security Awareness | Documentation| ReportingContinuous Improvement.
    View
  • Interpublic Group (Ipg)
    Senior 3Rd Party Security Analyst
    Interpublic Group (Ipg) Jun 2021 - Apr 2022
    New Jersey, United States
    As a Third-Party Security Risk Analyst, I assist in assessing and managing the security risks associated with third-party vendors, suppliers, or service providers that our organization relies upon. My primary focus is to ensure that these external entities meet our Enterprise security standards and do not pose a risk to our organization's data, systems, or operations. As a Third-Party Security Risk analyst, I play a crucial role in helping my Enterprise to manage and mitigate the security risks associated with our vendor relationships which have to access our sensitive data and systems. My key responsibilities and tasks were: Vendor Risk assessment | Security Questionnaires | Risk Analysis | Risk Mitigation | Contractual Security Requirements| Compliance Monitoring | Security Audits and Assessments | Incident Response Planning | Security Reporting|Continuous Monitoring | Security Awareness and Training|Benchmarking | Emerging Threats and Trends’.
    View
  • Mindteck
    Senior 3Rd Third Party Information Security Analyst
    Mindteck Jul 2020 - Mar 2021
    Dallas, Texas, United States
    As a Third-Party Security Risk Analyst, I assist in assessing and managing the security risks associated with third-party vendors, suppliers, or service providers that our organization relies upon. My primary focus is to ensure that these external entities meet our Enterprise security standards and do not pose a risk to our organization's data, systems, or operations. As a Third-Party Security Risk analyst, I play a crucial role in helping my Enterprise to manage and mitigate the security risks associated with our vendor relationships which have to access our sensitive data and systems. My key responsibilities and tasks were: Vendor Risk assessment | Security Questionnaires | Risk Analysis | Risk Mitigation | Contractual Security Requirements| Compliance Monitoring | Security Audits and Assessments | Incident Response Planning | Security Reporting|Continuous Monitoring | Security Awareness and Training|Benchmarking | Emerging Threats and Trends’.
    View
  • Zensar Technologies
    Information Security Analyst
    Zensar Technologies Oct 2019 - Apr 2020
    San Antonio, Texas Metropolitan Area
    As an IT security risk Systems Compliance Analyst, I play a crucial role in ensuring that the organization’s IT systems and operations comply with security policies, industry regulations, and best practices. I am responsible for assessing, monitoring, and mitigating security risks while maintaining compliance with relevant standards. My responsibilities are as follows - Risk Assessment: Identify and assess security risks associated with IT systems, applications, and processes. Conduct risk analyses to prioritize vulnerabilities and threats. Compliance Management: Ensure that the organization adheres to relevant industry regulations, standards (e.g., ISO 27001, NIST), and internal policies. Security Auditing: Conduct regular security audits and assessments to evaluate compliance with security controls, policies, and procedures. Security Policies and Procedures: Develop, update, and enforce security policies and procedures to align with industry best practices and regulatory requirements. Vulnerability Management: Monitor for vulnerabilities and security weaknesses in IT systems. Coordinate vulnerability assessments and remediation efforts. Incident Response: Participate in incident response activities, including the investigation and reporting of security incidents and breaches. Security Awareness: Promote security awareness among employees and end-users. Deliver training and educational materials to enhance security awareness. Documentation: Maintain detailed records of security assessments, compliance audits, and remediation efforts. Reporting: Prepare and present security and compliance reports to management and relevant stakeholders. Continuous Improvement: Stay up-to-date with emerging security threats, trends, and best practices. Recommend and implement improvements to security controls and processes.
    View
  • Infosys Consulting
    It Security Analyst Us Expert Consultant
    Infosys Consulting Apr 2019 - Sep 2019
    Dallas/Fort Worth Area
    • Security Assessments of end client’s cybersecurity effectiveness attack surfaces -Endpoint Security, IAM security, Perimeter Security Emailing Security, Cloud Security, Applications Security, 3rd parties Risk Management (TPRM), and Security Awareness to report on visibility, hardening, and control across the global enterprise. • Creating metrics and Performing walkthroughs with Domain and Subdomain metrics owners to better understand the various attack surfaces in order to carry out an assessment to identify security gaps in enterprise global infosec policies against general industry best practices.• Work with various domain and subdomain owners implement the Information Security design for cloud usage throughout the enterprise, enforce compliance with security policies, controls, and function as a technical security SME on various projects. Help synthesize radical ideas, define new security strategies and persevere to get the job done Globally.• Drive various due diligence risk and security assessments to quantified and qualified around digital assets transfer within a restricted internal process to determine data leakage and to recommend strict adherence enterprise global process. Give advisory on best DLP application to implement to prevent and forestall continuous leakage as a result of process override.• Assess program and security controls using Organization Information Security Policy, NIST Special Publications, Privacy shields, EU – GDPR, HIPAA. PCI- DSS frameworks to provide information necessary to determine overall cybersecurity effectiveness across the global enterprise.• Conducting Information Security Third Parties Risk Management Assessment and other ad hoc across ends client’s infrastructures to identify gaps in cloud and applications security architecture and documenting key control findings.•
    View
  • The Boston Consulting Group (Bcg)
    Senior 3Rd Third-Party It Security And Risk Analyst
    The Boston Consulting Group (Bcg) Aug 2018 - Jan 2019
    Dallas, Texas
    Global InfoSec Vendor Risk Assessments Team - engaged in Global Enterprise Vendor Risk Assessments from End to End for BCG internal/external onboarding infoSec clients. • Review Security Framework, establish Cloud Governance standards, educate Business / Technology teams. Design and build Cloud Security solutions that balance the need for speed and flexibility of Cloud infrastructure and IaaS/PaaS/SaaS applications with the need to protect Cloud Service Clients against ongoing and potential security threats. • Implement the Information Security design for Cloud usage throughout the enterprise, enforce compliance with Security policies, controls, and function as a technical security SME on various projects. Help synthesize radical ideas, define new security strategies and persevere to get the job done Globally.• Review, assess and analyze infrastructure access request questionnaires business Team/Vendor’s granting of access according to organization policy requirements and procedures in alignment to Vendor needs on targeted platforms.
    View
  • Martin Marietta
    Sr. It Risk & Compliance Specialist
    Martin Marietta Aug 2017 - Jul 2018
    Dallas/Fort Worth Area
    • Work with IS Directors to assist in ensuring their teams are compliant with established compliance practices, standards and IT policies and procedures. • Manage the SOX compliance calendar, control execution schedule, and Technology audit checklists, programs and guidelines.• Work with local IS Directors to ensure all SOX control documentation is up - to – date and accurate for all IT area.• Prepare the IT department for our regular external audit SOX testing.• Support Internal Audit in SOX Management Testing by conducting Semi-annual User Security access audit and quarterly Segregation of Duties - SOD reviews and assessment.• Define, develop, and execute testing of segregation of duties – run and review SOD validation, violations and implement mitigations on violations.• Serve as a member of the change advisory board (CAB) and provide all necessary review of security objects of customized security programs before they are migrated to the production environment by running validation and violations reports. Work with software’s security engineers, Business analyst, Business Process Owner to resolve issues of security violations. • Provide regular status metrics on compliance initiatives and audit activities to Director of Project Management Office.• Assist in the migration of decentralized control documentation across multiple technology groups into a consolidated repository.• Participate in the development and oversight of required management action plans relating to compliance issues.• Monitor and support compliance initiatives for related 3rd parties (e.g. SOC1,2).• Assist with the education of process/control owners so they better understand the controls framework and their responsibilities.• Stay up-to-date on current compliance regulations and changes in policy.• Work closely with functional teams to develop user profiles and levels of access that meet both audit and functional requirements.
    View
  • Experis/Manpower Group
    It Audit Consultant
    Experis/Manpower Group Jun 2017 - Jul 2017
    Dallas, Texas
    • Responsible for the execution and delivery of audit assignments by ensuring that all IT-related business risks are identified and appropriately reviewed in alignment with the departmental audit plan and initiatives. • Support Internal Audit in SOX Management Testing by conducting ITGC SOX Compliance review and testing. Involved in various Semi-annual User Security access audit and quarterly Segregation of Duties - SOD reviews and assessment, change management audit etc. • Reviews of IT and Investments-related integrated processes for compliance with company policy and control standards, regulatory requirements, leading practices, and procedural efficiency and accuracy;• Identification, drafting, and communication of audit issues and audit reports as well as review of management’s proposed mitigation plans for appropriateness.• Recommendations and implementation of changes to the control environment or operating processes.• Support integrated systems pre- & post-implementation audits on major systems transformations.
    View
  • Contextus Global Services
    Sr. It Auditor
    Contextus Global Services Apr 2013 - Jun 2017
    Arlington, Tx
    • Perform monitoring and auditing of IT controls at the application, database, operating system, and process levels. Work with business partners to ensure process documentation, support controls knowledge transfers, program communications are complete and timely. This also includes IT audit full engagements from start to end.• Responsible for determining of audit object, audit scoping, risk assessment, audit planning (logistics, meeting invitation, creation of audit programs, maintaining an open communication channel with the auditee). This also includes kickoff meetings, fieldwork (evidence gathering, walkthroughs, observations, interviewing, testing of controls to determined risk tolerance level and materiality of evidence gathered), closing meeting with auditee and report writing including recommendations. • Engage in SOX compliance audits for clients – conduct walkthroughs, perform testing of Access controls, Change management, Application Interface controls, DRP/Backup and Recovery audit assessment for test of design, and operative effectiveness. Engage in Oracle and SAP audits resulting in remediation of vulnerabilities found. While auditing UNIX/Linus and Windows operating systems, ERP applications e.g. Oracle database, perform tests based on companies’ scope and documented controls objectives in line with COBIT/NIST framework.• Provide subject matter expertise and training to relevant business units relating to regulatory compliance, IT security/controls risk management and IT Audit-related issues respectively. While performing other key audit functions such as SOC 1,2,3 audits for data centers, ERP platforms, DRP offsite facilities for certifications and compliances with regulatory requirements- used various design audit engagements programs and templates.
    View
  • Contextus Global Services
    Sr Fraud & It Risk Mgmt. Analyst;
    Contextus Global Services Apr 2013 - Mar 2017
    Arlington, Tx
    Serve clients onsite and remotely in federal, health, financial and commercial audits of NIST, FISMA, ITAF, COBIT, ITIL and SOX, HIPAA/HITECH frameworks for effective IT governance, security controls and mitigate risks:• Perform monitoring and auditing of IT controls at the application, database, operating system, and process levels. Work with business partners to ensure process documentation, support controls knowledge transfers, program communications are complete and timely.• Involve in IT Audit full engagements from start to end which including determining of audit object, Audit Scoping/out scope, risk assessment, Audit planning( logistics, meeting invitation, creation of Audit programs, creating good communication channel with the auditee), kickoff meeting, Fieldwork- (evidence gathering, Walkthroughs, observations, interviewing, testing of controls to determined risk tolerance level and materiality of evidence gathered), Closing meeting with auditee/report writing, recommendations and follow-up if any. • Engage in SOX compliance audits for clients – conduct walkthroughs, perform testing of Access controls, Change management, Application Interface controls, DRP/Backup and Recovery audit assessment for test of design, and operative effectiveness. Engage in Oracle and SAP audits resulting in remediation of vulnerabilities found.• Audit UNIX/Linus and Windows operating systems, ERP applications e.g. Oracle database, perform tests based on companies’ scope and documented controls objectives in line with COBIT/NIST framework.• Provide subject matter expertise and training to relevant business units relating to regulatory compliance, IT security/controls risk management, and IT Audit-related issues respectively. Performed other key audit functions such as SOC 1,2,3 audits for data centers, ERP platforms, DRP offsite facilities for certifications and compliance with regulatory requirements- used various design audit engagements programs.
    View
  • Cardone Industries
    Quality Assurance Auditor
    Cardone Industries Feb 2012 - Mar 2013
    Arlington, Tx
    • Develop annual IT Audit Plan for the assessment of internal controls to meet Sarbanes-Oxley (SOX) Act compliance; advice following a top-down, risk-based methodology, and recommend appropriate IT mitigation strategies.• Support significant BCP projects in a consultative capacity to ensure regulatory compliance.• Provide expertise on Risk Assessments, Incident Response handling, IT General Controls and reporting requirements.• Establishes system controls by developing framework for controls and levels of access; recommending improvements.• Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.• Audit Data Center’s physical, logical and environmental controls to comply with company policies.• Carry out DRP and Backup/Recovery engagement for businesses ensuring continuity and timely recovery during a disaster.• Use ACL to export, analyze and evaluate evidence of supporting documentation collected to determine deficiencies in controls, fraud or lack of compliance with PCI DSS, government regulations and management policies.• Engage in SOX compliance audits for clients - conduct walkthroughs, perform testing of Access, Change and Interface controls for effectiveness.• Engage in Oracle and SAP audits resulting in remediation of vulnerabilities• Audit UNIX/Linus and Windows operating systems, ERP applications e.g. Oracle database, perform tests based on companies’ scope and documented controls objectives in line with COBIT framework.
    View
  • Joint Admissions And Matriculations Board (Jamb)
    State Accountant/Revenue Officer:
    Joint Admissions And Matriculations Board (Jamb) Aug 2002 - Dec 2011
    Abuja, Nigeria
     Planned, supervised, and conducted the bank reconciliations for over twenty Projects, and maximized working capital and cash flow of bank accounts used by the board for transactions over $500 million.  Designed and implemented internal revenue checks and control system to safeguard the assets of the board, saved $5 million within four years of system implementation. Coordination and management of consulting projects involving financial modeling of business operations, and critical process path analysis. Evaluated internal controls and recommended systems for improvement. Managed fixed assets records. Created and maintained customer/vendor database. Ensured accurate and timely reporting/payments of sales tax. Directed and managed the commercial, investment banking relations, and cash management. Payment of Zonal Staffs’ Payee Taxes to State board of Internal Revenue Services. Developed and maintained revenue generation strategies for the board within the local office, and designed and implemented a system of revenue activities and remittance reporting to National Headquarters through revenue mobilization units. Performed extensive contract review and analysis, financial modeling and budget allocation to promote efficiency and continued profitability.

Nicholas Lawrence Education Details

Frequently Asked Questions about Nicholas Lawrence

What company does Nicholas Lawrence work for?

Nicholas Lawrence works for Tata Consultancy Services

What is Nicholas Lawrence's role at the current company?

Nicholas Lawrence's current role is Cyber Compliance I Cybersecurity I GRC I Audit l Terraform l Kubernetes l Jenkins l AWS l Enterprise Risk Management.

What schools did Nicholas Lawrence attend?

Nicholas Lawrence attended University Of Maryland Global Campus, Dallas College, Rivers State University Of Science And Technology -Https://www.rsu.edu.ng/, Delta State University, Nigeria.

Who are Nicholas Lawrence's colleagues?

Nicholas Lawrence's colleagues are Dipanjan Banchur, Anjani Kumar Pandey, Anushka Bhargava, Vishnupriya Chandran, Sujana R S, Kapildev Prabhakaran, Shiraz Ashraf.

Not the Nicholas Lawrence you were looking for?

View similar profiles

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.