Highlights:1. Developed a Risk based IT Audit calendar approved by the Board of Directors 2. Helped one of the oldest stock exchanges BSE- Bombay Stock Exchange, to improve their cyber maturity index and reducing risks by 20% 3. Developed a Third Party Information Security Framework for one of the Indian private banks, implemented it at the enterprise level and automated it into Service Now to help reduce the overhead cost by almost 40% 4. Helped reduce information security risks of WNS (South Africa) region by 30% 5. Helped of the largest asset management companies in the world (ARES Management) to manage their enterprise level risks

Skills:Information Security, Cyber Security, IT Audit, GRC

Goal:Cyber Security is an ever-growing industry, and since every coin has two sides, every progress in this domain comes with a new vulnerability, a new risk and a challenge to the world. Hence, I want to be a part of this solvers' group who work towards making life simpler for the organizations when it comes to being cyber secured. USA being the biggest economy and the most developed nation, I want to gather some experience with the highly qualified people, leaders and the organizations to bring back the experience to India. This will help me contribute to Indian cyber security domain and for its betterment.

Membership:ISACA ISC2

Certification:ITIL V3 ISO 27001 Lead Auditor CISA (Certified Information Systems Auditor) CCSK (Certification in Cloud Security Knowledge)

Honor:Best manager Award Dazzling Debut Award

Manager 08/2020 - current
Pricewaterhouse Coopers (PwC), Mumbai, Maharashtra India
Industry: Consulting
Helping organization improve their cyber security posture
Handling the various Internal Audits at the engagement level including compliance to SEBI (Securities and Exchange Board of India) and CERT-In regulatory bodies, SWIFT internal assessment, responding to SEBI and CERT-In queries and reviewing the ISMS policies and procedures. It includes: • Evaluate the overall setup and identify the main areas of risk by assessing client’s business process controls, application controls and IT controls and benchmark them according to regulation, standards and industry standards. • Evaluate process, risk controls and Perform audit on client’s existing processes and IT systems • Identifying opportunities to improve key controls across business and technology processes to clients. • Preparing IT Audit written reports covering the audit findings (control issue/ gap) and propose corrective action plans to the management. Achievements: Assisted BSE in developing tactical and strategical directions to improve the security posture and optimizing the use of technologies already implemented to enhance the systems’ security. Thus, the cyber maturity of the systems reached the optimized level as approved by SEBI. This also helped accelerate the overall BitSight score of BSE Leading Indian Private Bank Developed a robust Third-Party Risk Management (TPRM) framework enterprise wide for a leading Indian private bank. This was followed by developing policy and procedures to be implemented at the enterprise level. Achievements: Built workflow automation, optimized out of the box features and governance in GRC tool. This helped the Bank with overall risks reduction by 30% and increased efficiency by 50% in: • Effective validation of security controls across new and existing vendors • Continuous monitoring of controls to mitigate risk from 3rd and 4th parties • Delivery of evidence-based assurance to all stakeholders--
Senior Manager 10/2018 - 02/2019
Nayara Energy, Mumbai, Maharashtra India
Industry: Energy (Oil & Gas)
Conducting IT and process audits
• Creating audit plan (IT): o Understanding ‘As is’ state and defining an audit universe. • Identifying key focus areas within IT to optimize controls and strengthen process layers. • Execution of key audits as per the audit schedule defined ? Disaster Recovery, Data Backup ? Cyber Security ? Physical & Environmental Security Review ? Identity & Access Management ? Planning and executing Continuous Testing for IT General Controls ? Reviewing various Automation Projects in implementation stage- Retail Outlet Automation, Credit Management etc. • Providing key recommendations and follow up till closure • Non-IT audit- Retail Operations Review--
Group Manager 02/2014 - 10/2018
WNS Global Services, Mumbai, Maharashtra India
Industry: BPO
Service Delivery and IT audits
• Conduct and assist with Security audits related to ISO 27001 ISMS, SOC1, SOC2 and SOX audits for IT related controls. • Participate and lead internal IT audits to assess gaps and verify compliance with internal policies and standards. • Conduct internal audit activities, assess the design and operational effectiveness of internal controls including the validation of corrective action • As part of the IT internal audit team, assisted with testing of IT general controls. These activities primarily relate to the following cycles / domains: ? Change management, Program development - Logical access (i.e., user administration, access management) - Computer operations (i.e., problem management, back-ups) - Design effectiveness/Operating effectiveness - Business Process cycles ? Control checks on SOC 1 & SOC 2 reporting, and SOX 404 • Document work-papers and audit findings according to methodology and quality standards • Discuss findings and recommendations with senior management • Lead as an internal auditor at WNS South Africa site to assess if all processes are in line with the standard WNS protocols. • Performed contract compliance reviews to ensure adherence to client’s security controls--
GRC Consultant 01/11 - 07/2020
Axis Bank, Mumbai, Maharashtra India
Industry: Banking & Finance
Managing risks at the enterprise level
• Review the conformance of established IT Policies against the applicable industry guidelines, rules & regulations, laws and accepted operating standards • Conduct gap-analysis of existing procedural documents vis-à-vis latest implemented policies • Review of process flows to check conformance with policies and procedures • Create and manage work papers of all compliance testing • Create and present the report to management along with relevant supporting, after getting an acceptance on gaps and observations from auditee • Obtain remedial management actions and timelines for closure of gaps identified • Track and follow up with stakeholders until closure of AMAs (Approved Management Actions) as per given timelines--

Mody Institute of Technology & Science 04/2002 - 05/2006
Jaipur, Rajasthan, India
Degree: Bachelor's Degree
Major:Computer Science
Computer Science

Richa Resume Information and Cyber Security, IT Audit, GRC