Global Technology Risk Leader for Information Technology where I am responsible for:• • Create a comprehensive IT Risk Organization including staffing, risk mitigation strategies, standards & frameworks for the entire global CIO organization.• Frequent interactions with C-level, personnel• Manage global team across India, US and Philippines• Define vision and strategy for technology risk assessment program• Formulating risk management process to assess the risk across technology verticals including Infrastructure, Application Development, Data Management and Project Management• Providing guidance to the team for assessing/testing internal controls to identify key control weakness, and to ensure that the underlying risks are mitigated adequately and effectively• Support Technology Delivery Teams in developing, implementing and strengthening the Control Environment• Conduct deep dive reviews of all infrastructure as member of Enterprise Architecture Review Board IT Security controls for the work conducted and delivered by the Process Delivery teams; identify gaps/risks if any, provide remediation solution and ensure implementation of the same through Risk Issue Management Process through GRC tool• Support day to day management of relationships and communications with business partners at various levels of the organization, including internal and external stakeholders• Prepare Risk Scorecard on a periodic basis for the Senior Management which indicate the risk direction (increasing, Stable/ Decreasing) with rating (Satisfactory, Needs improvement, Significant risk) of the processes on various Risk categories such as People, Process, System, Compliance and External Risks

Manager - Managed the overall Disaster Recovery and Business Continuity function for Technology Division of the bank. The scope of the work `included: • Engaged with client closely to understand their business operations, corporate goals and their operating environment.• As part of the transition a thorough study of the banks strategies, governance model and impact analysis was conducted• Wipro leveraged its existing DR/ BCM implementation in various BFSI clients to provide the required consultation for streamline and process improvement• The key activities included DR consulting for all existing and new applications, live DR testing, uniform reporting from compliance/ audit perspective and required training on DR to relevant stakeholders• Developing and managing Business Continuity plans for Technology Bangalore• Conducted risk assessment and identify single point of failure• Develop business continuity plan & emergency response plan • Prepared the business unit and coordinated various audits on BCP/ DR on behalf of the bank against Business Continuity and Disaster Recovery policies and procedures• Manage planned and unplanned events for Technology India • Provide extensive Pre sales support to Business Development team on providing response to queries on Business Continuity Client – One of the Largest Telecom Company – Doha, Qatar. The scope of work included:• Define scope, Establish Business Continuity Management Program framework and BCM policy and Objectives• Understanding Client critical business operations via Business Impact Analyst ; and carrying out Risk Assessment• Determining and defining Business Continuity strategy options• Developing and implementing an effective BCMS, Crisis Management and Business Continuity plan framework for response and recovery.• Developing testing strategies and training program for the organizationLead – Presales for International Market (UK & US).

• Managed the overall project of creation and implementation of Business Control/ Compliance Framework for ITD GD Business Unit of IBMo Provide ITD-GD, Management with comprehensive information regarding the Control Posture of the organization, on ongoing basis. Enable ITD-GD India maintain a positive/satisfactory controls posture for the clients served by ITD Indiao Define Key Controls over Operations (KCO).Define/Create KCO Testing Frameworko Define/Create Reporting based upon Geo and Competencies. Define/Create Mitigation Framework• Managed the overall Business Continuity for ITD Business Unit of IBM o Managing team dedicated for Business Continuity and performing people manager responsibilities for themo Study of business processes and carried out process mappingo Carried out Business Impact Analysis for each accounts serviced from ITD to define criticality of the processes and interdependencies and arrive on Recovery plano Conducted risk assessment and identify single point of failureo Devise business continuity strategies for the clients served by IBM

Performed consulting and auditing engagement across India and UK• Successfully implemented ISO 27001 for many clients across India and UK locations o Facilitating the development of the scope of ISMS through sensitization workshop and focused group discussions; Conducting a gap analysis of the present status vis-à-vis the desired state of ISO 27001 readiness;o Facilitate the risk assessment process (at information asset class level) to prioritize the risk areas and identifying the relevant control objectives and the controls to be implemented;o Conducted internal assessment on various controls of ISMS to prepare for external certification. The controls included change management, asset management, configuration management, incident management, system reviews, access control etc.• Performed SOX testing for multiple clients for KPMG UK the scope of which included auditing controls to fulfill the requirement of SOX. The scope included responsible in conducting detailed audit on controls around change management, access management , business continuity , disaster recovery and incident management• Performed multiple audit reviewing controls around access to data, business continuity, problem & incident management, change management, data security & privacy etc.

• Responsible for design, implementation and auditing of IT Security at L&T InfoTech• Technical consultancy and support to all operating divisions and subsidiaries of LARSEN & TOUBRO LIMITED in IT security• Part of the implementation of BS7799 standard across locations of L&T Infotech• Assisted in evaluating existing Risk Assessment tools and devised proprietary risk assessment methodology. Also identified threats and associated risks to assets to carry out extensive risk assessment