Raj S Sen Email and Phone Number

Collaborated closely with the client's Governance, Risk, and Compliance (GRC), Privacy, and Data Protection teams to drive a best-in-class risk management culture, ensuring alignment with industry benchmarks and regulatory requirements.Directed global risk operations for a prominent sports and athleisure manufacturer, leading a distributed team of experts across 5 international offices. Spearheaded a comprehensive risk management framework, encompassing:- Strategic vendor risk management- Internal review and audit programs- Enterprise-wide risk remediation and mitigation- Proactive vulnerability management- Risk rationalization for manufacturing and supply chain partnersArchitected and led a comprehensive Privacy Impact Assessment (PIA) program for a major telecom services provider, ensuring GDPR compliance and aligning their ISO 27001 framework with EU-GDPR requirements. Developed a strategic roadmap, identifying and addressing critical gaps in Business Continuity Planning (BCP) and GDPR compliance. Designed and implemented policies for Data Integrity and De-Identification, ensuring the highest standards of data protection. Leveraged the existing ISO program to drive EU-GDPR alignment, achieving significant resource and time savings.

Managed a project to develop a cybersecurity policy architecture and processes in alignment with NIST Cybersecurity Framework (CSF) and NIST SP 800-53 requirements. Facilitated execution at C-suite level across 6 Operating Companies and interaction with 50 VPs and Directors. Managed the effort for high priority remediation projects including vulnerability, patch, and identity and access management. For a consumer products company, led a project in improving the efficiency and effectiveness of client's information security capabilities and processes by leveraging EY’s Cyber Program Management framework to assess and analyze their information security program. Led and participated in various interviews with information security program stakeholders to gain an understanding of the current state of their information security program. Developed benchmarking assessment results against industry peers. Helped develop a 3-phase roadmap of governance, security, and technology initiatives to address current and emerging risks.

Advisory | Cybersecurity Practice• Conducted cyber security assessment using NIST CSF and 800-53 framework, in supporting a power & utility client to develop and implement a security project management office. • Worked on restructuring and designing of information security policy and procedures for a California based software firm to prepare them for federal and industrial regulatory certifications (PCI, ISO27001 and SOC2).• Worked with the client team to help establish a PCI program in place across all major areas. Redefined exception management processes, risk assessment process alongwith strengthening the overall governance, risk and compliance practice at the client.• Led an assessment project for an ISO 27000 Series assessment of the Data Center of Emerson Electric. Helping the organization align their IT governance, Information Security and Disaster Recovery Area in accordance to the ISO requirements.

IT&PA, IT Risk & Security·Worked on a client, Internal Audit project concentrating on the areas like Information Security, Business Continuity and Disaster Recovery, VPN, Mobile, Network and Patch Management.·The main objective was to conduct an Audit that looks into the control and management of the above mentioned areas relating them with FFIEC regulations.·Created a firewall and router implementation strategy to align them with PCI-DSS for a retail firm in SoCal.·Worked on building controls that help in the analysis of Network Security of a healthcare client in Houston.·Created questionnaire set for an Enterprise Risk Management project to assess the ERM readiness of the client (especially geared towards the C-Suite)·Created a RACI Matrix in terms of information security for retail client based in CA. Currently creating a benchmarking data document geared towards the retail industry for the same client to develop the blueprints for a security strategy for them from scratch.