• Manage Historical incidents according to the BNP Paribas group procedure• Alert the management and independent control functions on key incidents• Collect and report historical incidents in the Group tool (360HI)• Analyze incidents correctives measures to be implemented;• Initiate and follow up with implementation of the remediation actions• Perform controls on the incident collection process in particular the cross-check with other databases. • Work closely with other site Operational Control teams to ensure all Historical incidents are correctly managed according to group procedure.• Conduct Historical Incident awareness training twice a year• Analyze and report Historical incidents status through dashboards and KPI.• Organize, perform IT control campaign according to control plan required at both the Global and Local level and follow up of the implementation of the remediation plans• Ensure the IT Risk requirement is well integrated into WMIS IT project lifecycle through close follow up of the Group IT Risk into project framework• Promote IT Risk awareness and training• Assist in IT risk & control related tasks assigned by his/her manager

• Serves as key player in the implementation of the Security Governance, Risk, and Compliance (GRC) program across the service delivery in HCL.• Support service delivery in preparation for client audits or industry specific certification and compliance programs, such as ISO27K, SSAE16/ISAE3402 and SOX.• Lead establishment, implementation and maintenance of Information security programs/ITGC across service delivery.• Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, HCL policies and standards.• Monitor and provide assurance that the identified findings and actions are tracked to closure and report to leadership thereon.• Experience of handing external audits and associated activities.• Review of contracts / security annexure• Develop and maintain security metrics dashboards to help senior management take decisions.• Involved in maintaining and improving security awareness programs.• Identifying gaps in current awareness programs and developing metrics to track success of awareness programs.• Working knowledge on review of vulnerability assessment scan results and engage with relevant IT team and business units in order to resolve identified vulnerabilities within SLAs.• Liaise with other HCL risk management functions, such as Legal & Compliance, Internal Audit, and Quality Assurance to ensure the risk management process is efficient and effective.• Support Business units to develop and maintain Security management plans for key engagements.• Maintain business continuity and disaster recovery strategies and solutions, including risk assessments, business impact analyses, strategy selection, and documentation of business continuity and disaster recovery procedures.• Plan, conduct, and debrief regular mock-disaster exercises to test the adequacy of existing plans and strategies, updating procedures and plans regularly.

Operational Risk – Service Provider Review• The Assess the accounts responsible, accountable for the client infrastructure management and services to assures our customers that we have adequate control systems in place to safeguard their data and information• Perform internal Account audits and risk assessments of in scope of all Towers (UNIX, Wintel, Storage, Database, Citrix, and VMWare).• Performing audit on IT general controls to verify based on SOC II - 3 Trust Principles 1. Confidentiality, 2. Availability, 3. Security.• Identification of key risks by performing reviews on MSA, SOP’s, Policies/Procedures related to Information Technology General Controls (ITGC – SAP application & UNIX, Windows, DB servers), performing gap analysis, administration of the execution team.• Ensure ongoing internal controls certification by designing adequate management testing procedures and working with application owners to remediate deficienciesThe assessment approach is as follows:• Meet with the point of contacts from internal account ADH, DM, Technical lead & SME to gather information and identify the appropriate assessment scope.• Conduct interviews with key contacts.• Review documentation and evidence to validate the implementation of controls.• Identify areas of control deficiency and make specific recommendations for improvements

• Perform Internal Audit and Risk Assessments process of in scope Sarbanes Oxley (SOX) applications• Identification of key risks by testing Information Technology General Controls (ITGC) in areas – Access to program and data, Program Changes, Program Development and Computer Operations• Carrying out ITGC testing in various IT Elements such as Windows, SAP, UNIX/LINUX, Oracle DB and HP Internal payroll systems GHRMS and US Payroll.• Responsible to schedule ITGC controls depends on the control frequency, timely validation of evidence, submitting evidence, selecting samples, examining approval evidence, raise red Issue for the ineffective controls and remediation testing.• Act as Subject Matter Expert (SME) on SOX compliance and Internal Control issues.• Apart from ITGC testing, I have been a part of Non-SOX Audit team in scoping applications, issuing engagement audit letter, involving management teams, raising Audit Issue Report (AIR) which contains controls deficiencies, recommendations to management to implement controls, following up with controls owner for remediation testing, uploading evidences after validation and closing engagement.• Assist with developing training materials for Control Owners and Process Owners.• Monitor Internal Audit corrective action plans and Monitor implementation of related SOX control.

Working for Barclays Bank (UK Banking MI Team) to generate Daily audit Reports for Relationship Manager’s based on their requirements by using Unix, SQL, Ms – Access, Ms –Excel, Cognos, VBA & Mainframe Application, Major duties involve Analysis change Management, Users Access Report Generation and send the final report to our Internal audit team.