Conducted Security Audits to RHYM clients on various internation security standards such as; NIST2, CIS, NIS2, GDPR, PCI-DSS, GRC, ISO 27001, ISO 9001, HIPAA, CEA - Utilities & Energies, FAA-Aviation, DPDPA. Also conducted commercial trainings to RHYM clients for above mentioned security standards and other general IT security awareness campaigns having more than 50 participants for each session. No. of GRC implementations experienced using RHYM’s own software platform to its clients Defined humongous policies, SOPs, SODs, IDAM, ITIL, business operations risk registers, RTPs, Risk Controls Self Assessments models, dashboards Continuous research and continuous knowledge building on industry’s best practices, industry’s malpractices Continuous upgradation and application of top 5 threats in each and every business department and present its status to top mgmt. Risk postures on various IT infrastructures i.e. on-premise and cloud architectures. Apply zero architecture models, close eyes in security operations center for incidents and events within organizations. Continuous recommendations on process improvements versus budget managements. Monitoring internal frauds and ensure to have 4 or 6 eyes principles for large amount transactions. Effective additional layers of MFA for large amount transactions and dual MFA for tiny transactions and system access etc.

• Ensuring application security standards are well integrated into systems by incorporating SOD testing into the security process,• Monitoring and maintaining GRC application security policies, standards, guidelines, and procedures that are in alignment with the corporate strategic plan and supports the project team during the implementation• Experience in service delivery or internal audit or related services. Responsible for Designing Concept of Roles and Authorization• Ensured walkthroughs and test of operating effectiveness for GRC General Controls, GRC Security and application controls• Worked with the department heads to effectively document the audit reports, findings and recommendations• Analysing SOD violations through GRC’s Access Control (AC) module• Highlight and discuss violations with department owners / business users and apply RTP & remediations, tracked and reported• Identify and assign mitigating controls to violations that cannot be remediated and verify mitigating controls effectiveness• Report findings and make recommendations for the correction of noted violations and improvements in operations as per industry standards and best practices• Maintain strong client focus by building strong relationships with clients, scheduling and conducting key client meetings• Led SAP GRC implementation & rollout projects as well as support & maintenance activities across multiple functional and business areas. Gather requirements, analyse, prepare the design, configure the system, perform initial testing and deploy the solution• Ensured teams have mapped and design authorization concepts for changes and projects, in line with legal requirements and security standards• Developed good governance procedure and deploy a Global Template ARM (Access Request Management) to support a self service provisioning process

GRC role in Bank wide and its subsidiaries Forex Trading• Ensure planned security risk assessments, third-party security risk assessments are executed• Supported the teams in designing & implementation of third-party risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks.• Presented third party risks to key senior stakeholders across technology, business, and global security and proposed RTPs for approvals• Evaluated vendor controls that address business continuity and disaster recovery risk and reviews preparedness tests conducted by vendor• Conducted onsite and virtual-onsite risk assessments to continuously determine the security posture at various sites.• Ensured smooth kick-off meetings held with various stakeholders or security team before assessments are triggered• Ensure that the process walk throughs are vital while applying risk treatments & technical controls.• Conduct third party security risk assessments for all new vendor relationships & annually for existing vendor relationships.• Presenting various reports like vendor assessments, various internal sub-IT unit’s assessments, customer facing and back office operational risk performance reports.• Review supporting documentation, perform continuous research on the business front/back-office operations and other relevant supporting functions ensuring that the zero tolerance on the risk appetite• Managing Third party Security Team and tier vendors based on Data classification, Data Elements and Risk Rating.• Ensure third party relationship adhere to company’s policies and compliant with regulatory guidelines and industry best practices.• Interface with business units, vendors to discuss findings and remediation process as part of findings • Conduct Information Security and Privacy awareness and training programs for the employees across the organization.

• Implemented collections recovery enterprise solutions in across 7 different countries• Ensured my team performance is constant while providing application support to all 7 countries• Perform teams assessments based on KPI & KRI on monthly basis to have an affective support to internal stakeholders• Ensure that the weekly and monthly reports are published on new developments and ongoing BAU issues.• Conduct weekly meetings with my teams and monthly meetings with stakeholders ensuring zero gaps in the system usage.• Ensure testing teams are continuously groomed with new regulatory policies• Track the change implementations vs regulatory change implementations

• As development lead ensured the water drip irrigation solution is developed as per business requirements along with the developers• Supervised the local and central development teams to see that the final integrations of all developed modules are tested and deployed on premise servers• Ensure that the post go live is properly handed over• Support IT audits to meet metrics and ensure that the project is developed as per security standards to avoid risks• Developed various MIS reports in Microsoft’s crystal reports