Experience

• 

  Sisa

  Sept 2007 - Sept 2008

  Associate consultant

  • Responsible for coordinating on Audit conducted over “Payment Card Industry Data Security Standard” – PCI DSS • Responsible for creating audit agenda and initiating formal communication with the clients to perform audit.• Perform Gap Analysis against the control specifications as per the standard and provide Interim Report on Compliance.• Coordinate on recommended controls to close the identified control gaps during the initial engagement with the client.• Responsible for preparing the Final Report on Compliance based on the audit engagements completed by ensuring appropriate controls are implemented to be in complaint against the specified controls as per the PCI DSS standard.• Responsible for carrying out the Vulnerability assessments and have good hands on experience on the security scanners namely Nmap and Nessus.• Key member in testing and evaluating the Security Management application functional and security requirements. Show less

• 

  Paramount dataware pvt. ltd.

  Sept 2008 - Jun 2009

  Sr. executive

  • Responsible for Performing Gap Analysis and Implementation of ISO 27001 Security Standard.• Responsible for formulating and implementing Asset Valuation (CIA), Information Security Risk Assessment and Risk Mitigation Methodologies on mutual agreement with the client risk acceptance criteria.• Formulating security awareness sessions and conduct tests.• Coordinating on performing Vulnerability Assessment scans on client’s network.• Creation/Consulting process flow diagrams on ITIL support functions Service Helpdesk, Change, Service Operation process with respect to Client operations.• Create and implement Policies and Procedure documents as per the Client’s Security Operations based on business processing. Show less

• 

  Ibm

  Dec 2009 - Apr 2011

  Itil service coordinator

  • Responsible for Service Delivery functions, Service Activation and Deactivation process for Jaguar & Land Rover and Carphone Ware House accounts. • Ensure the primary control checks have been performed and that evidence has been maintain to meet the Global IT Delivery security standards (ISEC).• Act as primary interface between the Delivery Project Executive and the Organisational units (End to End Coordination).• Provide first level support for process, governance and the SA&D Tool.• Carried out the following tasks as part of IBM Global IT Delivery's implementation of Security (ISEC) Verification on the Server / Device builds implemented as per the compliance requirements and account settings. Ensure the Asset Base lines are current and update reflecting the current environment & tracking updates on Server Data Repository Perform User Access Management as per the defined Continued Business Need and Quarterly Employment Verification process Responsible for ensuring appropriate Backups and Monitoring are enabled as per the defined account settings. Coordination on ITT risks raised against the Retrospective Security controls Implementation. Provide QA report on Server / Device builds• Provided training on Account specific Security Process and Tool Education. Show less

• 

  Altisource

  Apr 2011 - Apr 2013

  Internal controls analyst - it

  • Responsible for driving compliance within the IT Organization by performing user access management reviews and testing of controls pertaining to SOX and SSAE16 on a pre-determined timelines.• Responsible for testing and audit of controls relating to Information Technology to be in compliance with SOX and SSAE16 Audits • Sarbanes Oxley and SSAE16 audits performed covers the following areas: General IT Controls Application Controls Database Management Controls Active Directory Controls Change Control Management User Access Management Controls• Review & perform testing of the IT Internal controls related to Applications, Databases, Servers & IT Operations Management which impact financial reporting throughout the global organization• Providing recommendations for improvements to process / control owners. Follow up on the remedial activity to ensure recommendations were implemented timely & appropriately• Conduct Internal Audit over Business processing applications and databases within the organization to ensure compliance over the enforced security policies and regulatory standards.• Completing supporting working papers to evidence the operational effectiveness• Generate Six Sigma reports for Timeliness and Accuracy over Product Support functions and Product Development as per Waterfall methodology.• Responsible for Reviewing, Analyzing and Reporting on Downtime/Outage reports for Infrastructure and Application entities.• Coordinating on ISMS implementation within the Business Unit as an Information Security Representative (ISR). Show less

• 

  Wipro

  Apr 2013 - Oct 2014

  Module lead

  Supplier Assessments – Assess vendor based on the services being offered (Application Support, Application Development, Cloud Security Assessment, Data Privacy)Findings Management – Ensure all the findings identified out of security assessments, supplier assessments, security testing services (infrastructure and application scans) are appropriately addressed.Risk Management consulting and Risk operations support for PMs and ensure security deliverables are met and provide guidance to the project.Quality Assurance – Ensure completed projects had all security deliverables exercised.Provided suggestions and implemented Process improvement plans. Show less

• 

  Altisource

  Oct 2014 - Feb 2017

  Senior analyst, it audit
• 

  Northern trust

  Feb 2017 - now

  IT Audit Services

  • Vice President - Senior IT Audit Manager

    Mar 2023 - now

  • Second Vice President - Senior IT Audit Manager

    May 2022 - Mar 2023

  • Second Vice President - IT Audit Manager I

    Sept 2021 - May 2022

  • Second Vice President - Senior IT Auditor II

    Nov 2019 - Sept 2021

  • Officer - Senior IT Auditor

    Feb 2017 - Oct 2019