Experience

• 

  Air india limited

  Jun 2015 - Jul 2015

  Intern at department of information technology

  Sentiment Analysis on Live Data: Developed a project on ‘Sentiment Analysis for Facebook posts by Air India using the ‘R’ language’ for categorizing posts into 3 broad segments – Positive, Negative, or Neutral and 6 segments based on emotions.

• 

  Larsen & toubro infotech ltd

  Oct 2016 - Apr 2019

  • Implemented governance, risk analysis, and control processes in Microsoft SharePoint environments, web applications, ensuring compliance with operational risk management frameworks.• Conducted risk and control self-assessments (RCSA) for clients, ensuring proper governance mechanisms and internal controls were in place.• Reviewed remediation plans for significant risk events, achieving a higher success rate in control implementation.• Developed and implemented governance policies, enhancing decision-making for operational risk management.• Supported market mode adoption strategy of IT applications to ensure seamless scalability enhancements and security controls validation across the application development and integration pipeline.• Provided innovative solutions for secure data handling through SharePoint Online and on-premises platforms.• Implemented real-time analytical dashboards for problem-solving and monitoring enterprise IT systems.• Evaluated business requirements and provided risk classification and mitigation strategies for clients, enhancing service delivery through IT operations. Show less

  • Software Engineer

    Oct 2017 - Apr 2019

  • Graduate Engineer Trainee

    Oct 2016 - Sept 2017
• 

  Ey

  May 2020 - Jun 2020

  Summer intern - risk advisory (cybersecurity)

  Worked as a part of the Cyber Risk Advisory Consulting Practice responsible for the implementation and enhancement of an existing KPI measurement framework as per ISO 27001:2013 clauses aimed at measuring the effectiveness of ISMS. ❑ Contributed to enhancing Key Performance Indicators (KPI) metrics frameworks for ISO 27001:2013, improving the execution of cybersecurity performance assessments.❑ Analyzed cybersecurity risks and provided recommendations for Media & Entertainment consumers undergoing digital transformation, providing solutions for risk mitigation.❑ Supported the design of e-learning cybersecurity courses for educational institutions, promoting continuous learning growth and continuous improvement of cybersecurity awareness as per industry best practices.❑ Recommended alternative tools such as RSA Archer and PowerBI for better representation of KPIs. Show less

• 

  Axis bank

  Jul 2021 - May 2022

  Deputy manager (information technology)

  ❑ Led the implementation of Information & Cybersecurity controls in line with PCI DSS and other regulatory requirements related to the banking and finance industry, reducing issues and potential security vulnerabilities.❑ Performed qualitative and quantitative risk assessments and management activities for multiple fintech products, ensuring compliance with the flow of sensitive data protection and encryption standards.❑ Collaborated with cross-functional teams by providing feedback while implementing agile methodologies and validating cybersecurity controls for process improvement in a fast paced regulatory environment.❑ Assisted in the root cause analysis, research, review, and design of internal controls for emerging IT-related processes, ensuring compliance with standards related to customer data protection and financial transactions. Show less

• 

  Deloitte

  May 2022 - Jul 2024

  Assistant manager - cyber strategy & transformation - technology & transformation

  In a client-facing role, conducted multiple IT Audits, Information System Reviews, Readiness Assessments, and Cybersecurity Reviews for leading Banking & Financial Services Companies: ❑ Performed complete ITGC evaluation across IT platforms including operating systems, databases, and network components as per IT governance, policies and procedures (TOD), and effectiveness of controls (TOE). ❑ Performed system evaluation and audit IT and business process as a part of SOX 404, SSAE 18 and ICFR assessments in accordance with PCAOB/AICPA guidance. ❑ Performed third-party vendor risk assessments, SOC 2 Type II readiness assessments, and IT procurement process reviews. ❑ Performed Technology Risk Assessments in various Internal Audit and IT-themed engagements. ❑ Conducted compliance reviews in alignment with Regulatory guidelines related to System Audit, Cloud Adoption, Cybersecurity, and Cyber Resilience Frameworks. ❑ Performed IT infrastructure assessments for Data Centers and Backup sites. ❑ Reviewed network security posture of client’s intranet and internet-facing applications including firewall rule and security architecture reviews based on NIST Cybersecurity Framework. ❑ Conducted Application Security and Configuration Reviews including Security Operation Center (SOC) and Security Information and Event Management (SIEM). ❑ Facilitated strategic planning for regulatory compliance by developing real-time risk metrics, conducting trend analysis based on statistics, and implementing detail-oriented remediation plans.❑ Experienced in policy development, maintenance of standards, procedures, and governance frameworks tailored to ad-hoc projects and innovation initiatives as per client needs.❑ Developed over 30 project proposals (RFPs), audit work programs, project plans, documentation, and engagement deliverables, achieving measurable revenue growth and success in client acquisition & relationship management. Show less

• 

  Athenahealth

  Jul 2024 - now

  Information security associate

  ❑ Compliance: Worked with new & existing vendors to ensure initial and continued compliance with Information Security requirements related to PHI. Reviewed technical controls with vendors, developed risk mitigation & remediation plans, documented compliance, exceptions, & reported findings to leadership. ❑ Project planning and facilitation: Reviewed Information Security-related project plans that outlined deliverables, responsible parties, timelines, and other details for both athenahealth and third-party vendors. Conducted check-ins with stakeholders and SMEs to ensure that key security controls are monitored to prevent unauthorized access and protect against data damage or disclosure. ❑ Process reviews: Ensured that business stakeholders conducted periodic reviews of internal and vendor practices to maintain athenahealth's compliance with all regulatory requirements, including HIPAA and HITRUST. ❑ Reporting: Supported audits and tracked exceptions to athenahealth Information Security policies by vendors. Show less