Kushal Kunwar

Experience

• 

  Islington College Kathmandu

  Nov 2022 - Jan 2023

  IT and NOC
• 

  Vairav Technology

  May 2023 - now

  My Primary Responsibilities as DPO include:• Create and implement comprehensive data protection policies, procedures, and guidelines.• Ensure that the organization is in compliance with relevant data privacy laws, such as GDPR, CCPA - SOC2 (as necessary).• Assess the potential impact of new projects or initiatives on data privacy and recommend appropriate measures.• Respond to and manage data breaches, including notification, investigation, and remediation.• Conduct training programs to educate employees about data privacy best practices and responsibilities.• Provide guidance and advice to the organization on data protection matters.• Collaborate with regulators, auditors, and other external parties on data protection issues.• Regularly review and assess the effectiveness of data protection measures.• Keep abreast of emerging data privacy trends and regulations.• Serve as the organization's primary point of contact for data protection inquiries and requests. Show less My Primary Roles as IS Auditor and GRC Analyst are to:• Conduct comprehensive information systems audits to assess clients' compliance with relevant regulations and industry standards.• Provide expert GRC consultations to assist clients in developing effective governance, risk management, and compliance frameworks.• Create, review, and maintain security policies, standards, and procedures.• Perform risk assessments to identify and evaluate potential threats to clients' information systems.• Serve as a virtual Information Security Officer for clients, providing guidance and support on security matters.• Conduct VAPT (Vulnerability Assessment and Penetration Testing) to identify and mitigate security vulnerabilities.• Provide technical support to clients as needed, addressing their information security concerns and information system patches.• Develop and maintain documentation related to audit findings, risk assessments, and security recommendations.• Collaborate with other team members to ensure effective delivery of cybersecurity services.• Stay updated on emerging security threats and best practices through continuous learning and professional development.• Contribute to the development of new cybersecurity services and methodologies.• Develop and implement incident response plans, coordinate investigations, and contain security breaches.• Prepare the organization for internal compliance efforts against relevant cyber security standards as identified by the management.• Conduct security awareness training programs for employees to improve their understanding of security best practices.• Share your expertise and guide the development of less experienced team members. Show less My Primary Roles and Responsibilities were to:• Conduct comprehensive information systems audits to assess clients' compliance with relevant regulations and industry standards.• Provide expert GRC consultations to assist clients in developing effective governance, risk management, and compliance frameworks.• Create, review, and maintain security policies, standards, and procedures.• Perform risk assessments to identify and evaluate potential threats to clients' information systems.• Serve as a virtual Information Security Officer for clients, providing guidance and support on security matters.• Provide technical support to clients as needed, addressing their information security concerns.• Develop and maintain documentation related to audit findings, risk assessments, and security recommendations.• Collaborate with other team members to ensure effective delivery of cybersecurity services.• Stay updated on emerging security threats and best practices through continuous learning and professional development.• Contribute to the development of new cybersecurity services and methodologies.• Prepare the organization for internal compliance efforts against relevant cyber security standards as identified by the management.• Conduct security awareness training programs for employees to improve their understanding of security best practices. Show less

  • Data Protection Officer

    May 2024 - now

  • IS Auditor and GRC Analyst

    May 2024 - now

  • Associate IS Auditor and GRC Analyst

    May 2023 - May 2024