PROFILE:

• Qualified and experienced risk advisory leader with progressive experience utilizing business and technology to solve Business Transformation, Governance, Risk, IT and Compliance challenges across organizations.
• Partners effectively with stakeholder, provides leadership to achieve departmental objectives and committed to team success.
• Accomplished control and compliance leader with extensive experience in the areas of Risk Management / Cyber Security/ Internet Of Things / IT Audit / SOX compliance / SAP / Security / Business controls / SAE16 /
• Detailed analytical and problem solving experience in complex, multinational corporations
• Functioned as a practice and thought leader and managed all departmental activities in the APAC region

TECHNICAL EXPERTICE:

Operating Systems: Windows, Windows NT Workstation, UNIX, Novell, MS - DOS, IBM MQ, VAX/VMS, VMWare

Tools: Trend Micro Deep Security, BMC blade logic, Siteminder, Securant, Qualysguard, Symantec AV and Live Office, CISCO PARI, Firemon, Zscaler, TeamMate, ACL, R/3 Toolkit, SAP 4.6C /ECC, FireEye

Prog Languages: PowerScript, C, COBOL, JCL, DCL, Java Script, HTML, Visual Basic, SAP-ABAP

Databases: Oracle, Sybase, MS SQL Server 6.5, MS Access, Dbase, DB2, VSAM.

Methodologies: C&L Summit, Agile - Water fall, Virtualization, COBIT, COSO, NIST, SOX, ISO27001, PCI, ITIL, BCP.

CAREER HISTORY:

Confidential

Security Leader - Security, Risk and Compliance

Responsibilities:

• Manage a team of 22 professionals to deliver End to End security, Audit Compliance, Cyber security and Business Continuity Planning.
• Instrumental in rolling out Single Sign On, Internet Of Things project, Encryption, Access and Identity Management Solution, GRC and other major initiatives across Confidential
• Provide strategic and operational leadership to the Information Security and Compliance Teams, which establishes, supports, and continuously improves enterprise Information Security technology, policies, practices, and standards; performs vulnerability assessments and penetration testing; performs incident response and security analysis; provides forensic investigation; assists with internal and external audits; and supports Legal and HR with regard to eDiscovery matters
• Responsible for building an accountable, Information Security-conscious culture and a security infrastructure built on policies and procedures that are compliant with applicable regulations, ordinances, and guidelines.
• Oversee the creation and maintenance of Information Security policies, identify and secure funding/support for funding initiatives, and is a crucial component of on-going enterprise-wide security risk assessments and mitigations.
• Serve as an internal Information Security consultant to the organization - provided inputs to the next generation of products which are more connected and impact consumers in a positive way.
• Facilitate and promote activities to create Information Security awareness within the organization and provides direct training and oversight to all employees ensuring adherence Information Security policies and procedures
• Oversee the business continuity efforts from IT side, ensure proper coordination with business to support during crisis management.

Confidential

Director - Security, Risk and Compliance

Responsibilities:

• Executed company wide IT Risk and controls self assessment including OS compliance assessment, patch assessment, host intrusion detection and prevention, and PII in the file systems. The effort included both the legacy environment and the Next Generation Data centre that serves all business lines at Confidential .
• Managed and supervised audit of VMWare installation, reviewed configuration controls for Trend Micro Deep Security, BMC blade logic.
• Manage the IT governance process, act as POC for all audit activities to ensure IAD receives appropriate support, review yearly plans to determine resource requirement, confirm factual accuracy of the audit reports, audit conclusions and risk ranking while developing the action plans for identified issues. Track report on in-progress audits and audit results.
• Participate in the Fed Readiness and PCI activities for Confidential .

Confidential

Group Manager

Responsibilities:

• Managed and supervised the regional teams for integrated audits for all ASIA subsidiaries. Interacted with senior leadership to articulate high-level audit approach, relevant risks, key business objectives and findings for the audits.
• Executed multiple IT audits to cover IT general controls (ITGC), Automated Controls, N/W security, IDS, OS, DB, Incident response, Privacy, PCI, BCP, SAP, R&D centres, Data Centres, Network and Infrastructure audits.
• Audits of the IT development systems in the research and development (R&D) centres in India and China to cover application system development life cycle, code reviews, vendor access, system testing and change management.
• Planned and executed the IT SOX program for MS Corporate and regional operating centres.
• Developed audit methodology, framework, KPI’s, templates and guidelines for the audit staff. Provided consulting services to internal clients to help improve process efficiencies and identify control gaps.
• Advisory services to regional IT establishments on Testing Methodology and the integration of new business like Skype and Fast into MS environment. Provided control enhancement suggestions for emerging technologies such as MS Dynamics and cloud computing.
• Helped in advancement of InfoSec polices relating to data classification and privacy, incident response, user provisioning, and naming standards for profiles.
• Pre/Post implementation reviews of the SWIFT, SAP Upgrade, Financial report consolidation, Supply chain for compliance with the MS IT policies and guidelines.
• Performed Risk Assessments for the subsidiaries and planned the entire year. Prepared audit committee materials for the ASIA updates these included trends and significant issues, staff statistics and matters to be addressed by the Audit Committee (AC). Collaborated with the forensic teams and office of legal compliance to identify, escalate and investigate issues of business relevance.
• Helped create queries for Technology Enabled auditing tool to identify variance trends, duplicate invoicing and expenses, sales deal execution, ATF PO’s and T&E keyword search. Some of these tools were then implemented within the business to help them move over to continuous monitoring.
• Organized and conducted trainings sessions and workshops to promote risk and compliance awareness in the region.
• Improved stakeholder relationship, satisfaction scores on engagements and stature of the department
• Reduced regional travel by 40% by utilizing better planning, remote procedures and introducing more technology enabled audits in the region
• Better integrated IT audits covering IT general controls, SDLC, DB, OS, N/W and process controls.

Confidential, San Francisco, CA

Director

Responsibilities:

• Managed and sold multiple IT, SOX and SAS70 engagements to provide assistance with planning, coordinating and executing various (compliance / regulatory) advisory and IT audits projects. Provided services in area of SAP GRC/security and process controls, IT general controls, SAS70, IT governance, Software Asset Management (SAM), Business Continuity Planning, Disaster Recovery, SOX, and Infrastructure audits.
• Tasks included proposal development, project management, and client relationship management.
• Promoted knowledge sharing with-in teams, consultation and providing feedback and status to the management.
• Helped grow firms business by developing leads and created winning business proposals.
• Educated and Trained the Confidential personnel on SOX and SAP as a national instructor
• Managed 20000+ man-hours of audit and advisory work
• Managed and Achieved a sales target of USD 1M in new advisory work.

Confidential, Boston, MA

Senior Associate

Responsibilities:

• Performed IT general controls and SAP functional and technical reviews.
• Reviews covered HR, MM, PS, FI/CO, BASIS modules, N/W, Operating systems, IDS, interfaces and conversions.
• Used the ACE (automated controls Evaluator) and SAP GRC tools.
• Security controls review included transaction-based identification of access by functional user profiles.
• Worked as a team member to migrate a legacy student aid system .
• SAP practice leader on IT Security and SOD tools; experience with FI/MM/PP/PS/SD/HR