Ashish Kumar Mishra

Started as Head - Information Security Operations
• Responsible for IT Compliance and Certifications (ISO 27001:2013, PCI DSS, IFC/ITGC, BCP) across Jubilant FoodWorks (India, Srilanka, Nepal and Bangladesh), and entire Security Operations (SOC).

• Started as Head - Audit, Risk and Compliance and later on given interim responsibility of Information Security Operations
• Responsible for Compliances and Certifications (ISO 27001:2013, PCI DSS, SOC 1 - SSAE 16 Type II, SOX, BCP) across all InterGlobe Enterprise worldwide
group of companies (India, Philippines, Sri Lanka, China and Dubai)
• Responsible for Risk Management, Compliance, Information Security, Internal Audits, Investigations, Training and Awareness,
. Contractual Compliancy from Information Security Perspective
• Responsible for all third party Interactions, RFP Response Reviews, Contracts and Agreements from Information Security
Perspective
• Managing Budget and life cycle of information security policies, standards and procedures.
• Supplying strategic assistance in defining and determining balance between organizational business needs and information security
requirements.

Responsible for the governance of risk management and information security for two business units namely ‘International Banking
& Financial Services’ and ‘Global Technology Services’.
• Information security projects within International Banking & Financial Services and GTS businesses of Societe Generale.
• Reported to Risk Head and VPs of both BUs and established monthly governance within India and onshore Risk & Information
Security counterparts.

Started as Information Security Officer at IGT and later promoted to lead Audit Risk and Compliancy Practice at InterGlobe group
level.
• Responsible for Operational Risk Management - Risk Scorecard, Non Financial Risk Dashboard, High Level Risk Assessment,
Integrated Risk Assessments, coordination with Internal Audit team, Product and Project Risk Assessments, Key Risk Indicators
• Overseeing security posture for InterGlobe's BPO and IT LOBs across the globe.
. Responsible for Information Risk Management - Improved controls in IT Foundation, IT Resilience, Platform Security, Security Monitoring, User Access, Change Management and Vendor Outsourcing
• Responsible for Corporate Security and Investigations - Documenting and testing Disaster Recovery and Business Continuity Plans, Physical Security, Personnel Security and Fraud Investigations • Governed corporate wide Business Continuity and Disaster Recovery and Risk Management.
• Alignment with TSRM strategic targets, Governance through frameworks i.e. - ISO 27002, ISO 27005, ISO 18028, ISO 27011 and PCI
• Practiced IETF, OWASP, NIST, NSA Security Guidelines, SANS references.
• Strategic assistance in defining and determining balance between organizational business needs and information security requirements. Assisted team to understand information security aspect in presales, RFPs, RFQs and all client questionnaires.

Reported to Head - Internal Audits and CISO
• Developed and implemented a risk-based IT audit strategy in compliance with ISMS, HIPAA, UK DPA & QMS Policies/Procedures.
• Guided Internal Audit Teams globally to execute internal audits Design & Review using a control framework and associated controls
for several areas focused on Information Security such as Access Control, User and Privilege Management, Identity Management,
Data Loss Prevention, Multifactor Authentication, Encryption and many other Communications and Operations Management
domains.
• Development of baseline infrastructure and application hardening guides based on industry best practice and provide leadership
and expertise related to current security solutions and configurations.
• Assess business process, technology and information technology architecture at logical, system and component levels to
understand the risk posture, apply critical thinking, and determine the security models to ensure security best practices are
implemented.
• Evaluate vendor and internal products for security capabilities and integration into Innodata computing environments ensuring
enabling of corporate business models and responsiveness to evolving trends.
• Perform Internal & External vulnerability assessment, pen testing and prepare reports.
• Interact with both internal and external teams/ auditors, review documentation/ evidences and proactively working in identifying
and mitigating gaps.
• Designing IT Security, Risk Management & Configuration Management Processes using COBIT 5