Director
Novartis
Total years of experience :13 years, 1 Months
• Led enterprise-wide risk assessment programs, along with other risk and control initiatives
o Performed review of the internal risk and control framework and defined the implementation roadmap for various LOBs
o Led the program for the development and implementation of standard, as well as LOB-specific controls, which include people, process, and technology controls
o Implemented controls across LOBs in line with the overall Group’s standards
o Assisted the LOBs in prioritizing, and addressing the risks. Performed periodic monitoring of risk based on the priority and the impact to the organization
o Identified systemic issues and implemented controls to address the root cause
o Setup a risk and control governance CoE to identify trends to anticipate future developments in the internal control environment
Provided centralized oversight and implementation guidance
Challenged poor, and ineffective controls to improve the security posture
Validated and suggested removal of excessive controls
Performed periodic review of risks and controls to identify potential improvement opportunities
o Led the migration of offline assessment tools (MS Excel), and repositories (SharePoint) to ServiceNow enabling a consistent approach across various risk functions (e.g., Operational Risk, Anti-Bribery, HSE, Information Security etc.)
o Developed a fully automated dashboard to monitor compliance across LOBs to identify areas that require immediate attention of Management
o Provided technology leadership with updates on relevant changes to policy or projects related to data controls that have an impact on their function/ LOB
• Led a large-scale transformation program to revamp the information security and control governance model in the organization
o Developed a top-down approach to have a unified and consistent approach towards organization’s control environment, which includes development of policies, control standards, and procedures/guidelines
o Streamlined the ‘Second Line of Defense’ roles and responsibilities for improved visibility and governance around individual LOBs risks, control deficiencies, and reporting
o Built a risk culture that identifies and provides oversight and escalation of existing and emerging risk issues and common themes across business groups/ LOBs
o Enhanced the security control testing model across teams/functions to align with “Test Once - Satisfy Many” approach leading to increased turn-around, and reduced redundancy
• Led vendor/third-party assessments to review the Information Security and IT processes and controls associated with third-party vendors and determine gaps through in-depth analysis, across various information security domains
• Managed consulting staff (externals), and budget to support control implementation and testing activities
• Led process improvement initiatives that include testing optimization, automated reporting, resource efficiency, and methodology restructuring
Ashish designed and implemented an enhanced Risk and Control framework for one of the largest U.S multinational banking and financial services holding company
o Developed a centralized Risk & Controls Self Assessment (RCSA) governance framework
o Developed strategic priorities for the central control organization
o Developed a harmonized/integrated requirements library to identify controls spanning various applicable laws, and regulations
Developed a process to evaluate the changes to laws and regulations to assess the impact on the organization
Developed remediation plans for applicable gaps to address the changes to the legal and regulatory landscape, including changes to the internal control environment
o Identified controls that can be centralized as per the revised framework
o Performed the risk and control assessments in line with the revised framework
o Drafted the roles and responsibilities of key stakeholders for the three lines of defense, in alignment with the new risk management framework
o Implemented new/revised controls in line with the enhanced control framework
o Conducted training and awareness sessions for the functional departments to familiarize the stakeholders with the revised control assessment framework
Ashish revamped the information security and Control Management program of a large U.S based bank
o Developed a framework to assess the effectiveness of the as-is security model of the organization
o Performed an assessment of the internal control program against the developed framework
o Developed a model that provides a top-down view of information security risks across the organization which includes development of policies, control standards, and procedures
o Assisted in implementing a CoE for centrally managing the control organization
o Assessed the exception management processes and enhanced the process to have a unified view of issues, gaps, and exceptions across the organization
o Led the control implementation initiative to address the people, process, and technology gaps across various LOBs
Ashish analyzed the risk and control posture of a large financial services company
o Developed an automated tool to assist in risk and control assessments, and report on the Key Risk Indicators of the client’s third parties
o Analyzed the compliance of the third parties against security domains and identified areas which require immediate management attention
o Developed an automated tool to consolidate, aggregate, and report assessments across multiple third parties, and LOBs
Ashish assisted a large Canada based Financial Services organization in enhancing their Findings and Issues management solution
o Assisted the enterprise in developing the target state processes for findings and issues management, remediation and exception management
o Developed roles/ functional groups aligned with various LOBs for the company for managing the issues across the enterprise
o Developed the reporting framework for providing the Management insight into key issues that pose significant risk to the organization
o Centralized the issue management capability to have a unified view of organization’s issues and implement controls to address the system issues
o Led the program to implement an automated tool for managing issues across the organization
Education
. Education