Audit Program Management: Leading technology audits / advisory design, planning and execution ensuring effective identification, assessment, and coverage of key risks across functions, products, and regions.  Lead the audit issues memo and report design for executive management review  Introduced innovative approaches in audit planning, scoping, testing and execution to improve the audit effectiveness  Involved in Annual Audit planning exercise, providing technology insights to audit managementClient Engagement: Maintain excellent relationships technology, cybersecurity, compliance, product development teams and regularly interact to keep audit management aware of latest technology solutions across organization Working with clients, providing guidance on significance of audit findings, assisting in implementing technology controls to achieve effective risk mitigation and closure on audit findingsTeam Engagement: SME for evolving technologies (Cloud, Microservices, Zero Trust Architecture, DevOps, AI/ML), integrated audits and acquired entities audits  Providing technology SME support to other audit teams  Key contributor to developing Audit data analytics, automation programs, training programs for new audit leads Mentoring and guiding team members by understanding their strengths and their aspirations

Reported to: Senior Manager, IT Role: Individual Contributor Internship for CPT REQUIREMENT durin MSc in CSE ♣ Implemented a risk compliance dashboard for end user systems to facilitate real time and 360-degree views of security status.♣ Created a scalable solution for implementation to RPA or predictive analysis using Splunk add-ons. ♣ Established risk calculation methodologies to identify overall risks for IT systems by analyzing logs from various IT monitoring tools.ON JOB PROJECTSProject: Implementation of Risk Compliance Dashboard for End User Computing DevicesDuration: 5 MonthsValue Delivered:Implemented a PoC and pilot for risk compliance dashboard for Information Security that helps Hitachi:• Improve information security risk and compliance posture of the organization by facilitating real time and 360-degree view of user device security status across organization• Take proactive actions to prevent information security incidents using predictive analysis• Facilitate timely executive interventions• Implemented the complete Data pipeline using Splunk reducing the complexities/ interdependencies that plague the other custom solutions• Solution is ready for scaling to implement a RPA or implement a predictive analysis using Splunk Add-ons for Machine Learning

Reported To: GM (Expat), Vice President HR, Role: Team Lead Managed information security projects for policy compliance, controls testing, audits, secure business operations & risk mitigation. Supervised 10-25 people based on the project activity.Security Management:♣ Worked closely with cross functional business project team/ vendors to integrate security across business process lifecycle. ♣ Created a three-year strategic security roadmap that aligned with the business goals & expectations.Security Process Improvement:♣ Boosted awareness to 99%+ by running a focused security awareness project across organization (business, vendor teams).♣ Enhanced the speed and effectiveness of InfoSec risk/controls awareness meetings to stakeholders by setting a team of security coordinators from the business teams.♣ Incorporated KPI security risk status briefings for leaders; integrated security discussions into monthly executive meetings.Security Risk/ Compliance:♣ Minimized security risks/threats by 35%+ annually by setting up malware threat response in IT incident management.Raised security compliance (by 50%+) & implemented subsidiary audit & compliance security certification project.ON JOB PROJECTSProject: Setup of Malware Threat Response ProcessDuration: 3 MonthsValue Delivered:♣ Defined a documented process / setup of infrastructure and tools/conducted training of the teams .♣ Thorough investigation, RCA & controls strengthened to avoid recurrence.Project: Audit and Compliance Certification Program for SubsidiariesDuration: 1 YearValue Delivered:♣ Defined certification program for security compliance across all subsidiaries.♣ Customized audit & remediation plan for each subsidiary.Project: Security Awareness Training for Business teams, Employees, VendorsDuration: 1 YearValue Delivered:♣ Consulted senior business managers to conduct awareness sessions & define coordinators from their team.♣ Customized awareness training for users groups.

Reported To: Vice President Technology, Role: Team Lead ♣ Oversaw InfoSec risk management, infrastructure / software security design, IT audits and external regulatory audits program.♣ Improved business processes and reduced risks from security compliance perspective leading to improved customer audits.♣ Supervised 5-10 reports depending on project activity.

Reported to: GM Consulting, Role: Team Lead / Individual ContributorLed projects in GRC, ITIL frameworks, IT risks, application security audits and business process compliance. Managed 8-10 people based on Project Activity.Customer Engagement: (Project Management, Business Generation)♣ Secured a bid for SOX 404 services in a competition with four major Consulting companies.♣ Generated additional business by increasing the team size by 200% due to improved delivery and raised scope.ON JOB PROJECTSProject: Customer Engagement, IT Audit, Compliance & Application Security management (Genpact)Duration: 2 yearsValue Delivered:♣ Minimized risk through third-party risk assessments for SAS 70 Type II, SOX 404, PCI DSS, ISO 27001, and Client Contract T&Cs for client focused business.♣ Decreased internal IT audit completion time by 50% by redefining audit strategies for security compliance project.♣ Maximized audit scope using infrastructure and network expertise and trained project team.♣ Raised compliance with PCI DSS audits by implementing innovative network and identity access security controls.♣ Achieved single digit non-compliance while dealing with external auditors for PCI DSS, SOX 404, ISAE 3402, and ISO 27001.Project: Harmonization of Information Security at NCPOC (SHELL Project- Kazakhstan)-Duration: 1 YearValue Delivered:♣ Harmonized existing policies, processes, and standards for venture partners; aligned best practices in IT Security and Information risk management. ♣ Reduced the effort and time wasted by venture partners by harmonizing IS policies for the venture.Project: ISO 27001 implementation and 3rd party risk assessmentDuration: 0.5 Year (Team Member)Value Delivered:♣ Design of ISMS & 3rd party security policy based on legal & regulatory requirements.♣ Implementation of risk assessment / mitigation processes.♣ 3rd party compliance audit.

Reporting To: Senior Manager, Director, Partner , Role: Individual Contributor/ SMECustomer Engagement: (Project Management, Business Generation)♣ Enhanced business by setting up a vulnerability assessment testing lab. Assisted the company in obtaining their CERT empanelment. Secured new business in the telecom market through IT/ IS consulting projects. Security Risk/ Compliance:♣ Improved vendor security risk compliance audits. Performed advisory work for customer projects consisting of audit, evaluating control gaps & risk and providing technical, & process guidance for proper control implementation. ON JOB PROJECTSProject: Application Security AssessmentDuration: 2 MonthsValue Delivered:♣ Conducted a blacbox security assessment of client’s internet enabled infrastructure during the lean business time of the client to ensure little or no inconvenience to the business.♣ Client made changes in the network devices configuration to ensure a secure infrastructure for their web applications based on recommendation.Project: Internal Vulnerability Assessment / Penetration Testing Lab setupDuration: 2 MonthsValue Delivered:♣ Successfully setup a lab for the Vulnerability Assessment / Penetration Testing.♣ Organization successfully conducted many assignments for remote web application security assessment, infrastructure vulnerability Assessment, penetration testing.

Reported to: Vice President - IT, Role: Team LeadLead a team of 4-6 based on project activity.IT Infrastructure Management: (Implementation, Architecture, DR)♣ Implemented scalable IT infrastructures & network within the desired budget. Developed a robust and scalable IT risk monitoring mechanism. Utilized open source tools to setup organization helpdesk and IT monitoring. Security Management:♣ Created and implemented IS policies, internal IS risk management & IT infrastructure audits.

Reported to: GM / CGM IT, Role: Team Lead/ Individual Role Oversaw corporate IT infrastructure solutions, information security processes, and DC/DR setup. Managed project teams of size 5-20 depending on project activity.IT Infrastructure Management: (Implementation, Architecture, DR)♣ Achieved 100% availability for business-critical IT processes through a hot site DR site and Tier 3 data center.♣ Skyrocketed cost optimization and IT service delivery improvements by implementing Virtualization, App Load Balancing, and ITSM based HP OpenView tool for ITIL processes.Security Management: (ISO 27001 Implementation, Risk Management, Network/Infra Security)♣ Enhanced the security of data, personnel, and information by obtaining the ISO 27001 Certification for six different business divisions in one year. Maintained compliance by conducting infrastructure and process audits.♣ Designed secure IT architecture & created security baselines for infrastructure components.ON JOB PROJECTSProject: Implementation of ISO 27001Duration: 1 yrValue Delivered:♣ Annual risk assessment of the IT Infrastructure & Implementation of the security controls in business groups.♣ Implementation of secure IT (Network, Server, Software) architecture, baselines, controls & change management.Project: Hot Site Disaster Recovery SolutionDuration: 1 YearValue Delivered:♣ Performed Business Impact Analysis (BIA) of critical business processes.♣ Designed infrastructure & network architecture for DR site based on RTOs & RPOs.♣ Identified, evaluated and tested DR strategies for failure scenarios. Project: Design & Implementation of Virtualization SolutionDuration: 8 MonthsValue Delivered:♣ Design of project requirements. ♣ Performed technology evaluation to ensure cost effectiveness and reduced risk.♣ Ensured smooth transition of production servers to virtualization environment with zero data loss & delay, & with minimum service disruption.