Cybersecurity & Compliance
PwC
Total years of experience :23 years, 11 Months
• Formulated a strategy for the Cloud Compliance Team to ensure alignment with the SOC 2 framework with overall design and operational effectiveness of controls.
• Performed Azure & AWS readiness assessments for the Cloud Platform Security Assessment (CPSA) team. Identified findings and initiated steps towards remediation for specific controls.
• Assessed compliance controls (preventive, detective, corrective), identified control gaps, drove gaps to closure, defined/updated necessary policies, prepared for certification, and coordinated audits with auditors.
• Ensured information security compliance across multiple PwC cloud platforms using Safe Agile methodology. Led weekly ADO Backlog meetings to perform backlog refinement, sprint planning and review, and retrospectives to ensure target dates are met for features and user stories.
• Collaborated with the Secrets Management (using Vault) and Shared Image Gallery work streams by leading weekly scrum calls to confirm Vault instances are uploaded to and scanned using Tenable (Nessus), and to improve quality, reduce risk, and increase focus on value delivery.
• Assessed Privileged Access Management (PAM) for non-personal accounts. Confirmed the use of CyberArk for PAM, SailPoint for Recertification & Revocation as part of the SOC2 audit requirement.
Leadership:
- As a Virtual CISO, worked with the Senior Executives to review their individual organizational threat landscape, enhance their respective organizational security posture by recommending and implementing appropriate security controls.
- Created and supervised a SOC team responsible for security activities such as monitoring response using SIEM (Splunk & ELK), Trend Micro (Apex One) EDR, vulnerability management (Nessus, Qualys), Cisco NIDS (Firepower), firewall ruleset reviews, port-specific risk analysis, periodic entitlements reviews for multiple clients.
- Established a team consisting of Cybersecurity, Information Technology, Audit & Compliance, and Data Privacy across North America & India. These teams reviewed controls related to IAM, Data Security, Network Design, Logging & Monitoring and Privacy within provisioned cloud infrastructure.
Security Operations:
· Packaged Managed Security Services solutions for multiple clients on IaaS/PaaS/SaaS models using different CSPs.
· Directed a team of IT & Security resources to conduct AWS Security Assessment for a Healthcare organization.
· Planned implementation of GRC, SecOps controls for multiple clients based on NIST 800-53, CIS, ISO 27001, SOC2 frameworks significantly shrinking the organizations’ threat exposure while improving compliance.
· Spearheaded information security programs for multiple clients in areas such as policy and procedure development, employee awareness using simulated phishing campaigns; security awareness training program.
· Expertise in directing Cloud Compliance, Vulnerability Management, SOC Team, Incidence response, Penetration Testing programs, DR, BCP, IAM, Change Management, Cyber policies, and standards development.
· Collaborated with cross-functional teams - Sales, Legal, and Sales Support teams on SOW, proposals, RFP responses.
· Facilitated vendor selection, contract review & finalization, and penetration testing activities between clients, pen-testers and CSP. Reviewed the findings and developed remediation plans to lower risk exposure to the client.
GRC (Governance, Risk & Compliance):
· Created, implemented, and maintained new information security policies, standards and guidelines for multiple clients based on industry standards.
· Formulated IT audit activities for internal organizations via control self-assessments (CSA). Supervised annual SOC 2 Type II audits for internal organizations and clients.
· Established a privacy program around EU GDPR CCPA. Administered all ongoing activities related to the develop-ment, implementation, maintenance of and adherence to the Organization’s privacy policies and procedures.
· ERP Project Management: Delivered IT Projects for multiple clients.
o Delivered complex integrated solutions using PeopleSoft & 3rd Party Tools including: PeopleTools, Integra-tion Broker, Enterprise Service Bus.
o Supervised development team building, testing, delivery & support of RICE objects.
o Managed the process and teams in applying Maintenance Packs & Tools Patches to PeopleSoft environments.
· IT Security Operations: Upgraded existing security/network infrastructure. Created an Information Security roadmap for the organization.
· HIPAA Compliance: Coordinated HIPAA Compliance for the Organization using 3rd Party Auditor.
· Established an offshore Global Delivery Center (ground up) for the PeopleSoft/Oracle Practice.
· Lead Multiple ERP IT Projects for clients in Automotive, Financial Services, Entertainment, Environmental Services In-dustries. Key areas include:
o PeopleSoft Implementations
o PeopleSoft Upgrades
o PeopleSoft Infrastructure Implementations
o Oracle EBS Implementations