Vice President - Group Risk
Standard Chartered GBS
Total des années d'expérience :15 years, 10 Mois
Reporting TNFRC and group operational risk committee like GNFRC for material risk exposures and related issues
•
Spearheading teams to monitor operational risk control parameters across Technology and security Functions including policies,
control standards, risk exposure limits, and other control levers in order to maintain the Functions risk profile in line with the overall
risk appetite set by the Board
•
Analyzing control gaps with remediation to address the risk, regulatory requirements and internal policies/standards (as Operational
Risk Framework, Information Cyber Security Risk Framework) by assessing key risk controls
•
Working continuously towards implementation of RCSA (Risk Control Self Assessment) to effectively monitor control effectiveness
for the identified risks
•
Heading material events (internal and external) end to end (from identification till RCR)
•
Ensuring that the integrity of operational risk return decisions are upheld by challenging business and control function heads to
demonstrate that risk origination and control decisions are properly informed and consistent with strategy and risk appetite
•
Administering operational risk control parameters across Technology and security Functions including policies, control standards,
risk exposure limits, and other control levers in order to maintain the functions risk profile in line with the overall risk appetite set by
the Board
•
Steering the Project Change Risk for Technology projects from 2 LoD
March
2018 April 2020 Assistant Vice President
•
Acted as 1 st line of defense for all risk and control activities for the Cyber Security Services team
•
Monitored the operations and conducted audit management to support NESA Compliance for UAE
•
Steered audit remediation lifecycle to resolve the root cause, quality ICPs and support GIA in issue validation activities
•
Utilized thematic as well as accurate risk profile reporting to support the consolidation of insightful risk posture
•
Directed domain operational risk profile including risk acceptances and associated actions implemented Information, Cyber Security
Risk Framework (
•
Coordinated with Group 1 st and 2 nd Lines on ICS controls
•
Navigated bank wide SWIFT attestation work and deliverables and managed the finalization of Control and Implementation
description, monthly reporting of metrics, completing QA on the RFIs for final attestation
•
Rolled out Risk Assessment Papers, templates, risk committee write ups, and reporting by defining standards for STS as RACI
•Spearheaded operations for information security including security related certifications and attestations at an enterprise level; worked towards improvisation of overall maturity of ISMS by managing enterprise level programs and initiatives
•Successfully managed PCI DSS certification of major HCL clients; assisted privacy team in completing Privacy Impact Assessment to comply with GDPR
•Played important role in creation of roadmap for improving maturity of Information Security; led key projects as:
•Expanding scope of certification and attestation
•Implementing Risk Vision GRC tool for audit function
•Consolidation of certification cycle
•Developing Monthly ISMS Metrics
•Creating Internal Audit Dashboard
•Running Information Security Awareness Improvement Plan
•Instrumental in end-to-end development of:
•Enterprise level Information Security Framework that included restructuring Policies, Processes and Guidelines
•Service based Risk Assessment Methodology after collaborating with other Risk and Compliance functions
•Internal Audit Calendar to execute and monitor internal audits
•Audit Methodologies & Programs for managing enterprise information security internal audits
•Led Information security certification and attestation function for HCL worldwide; acquired certifications and attestations including ISO 27001, SSAE 16/ISAE 3402 Type II, SOC 2 (AT101) and PCI DSS
•Significantly contributed towards integration of:
•ISO 27001 certification cycle for 77 sites globally. Extended the scope of certification by including 6 new locations
•SOC 1 and SOC 2 attestation cycle thereby reducing 30% of overall cost and 45% of overall effort. Have identified 25 new sites in addition to 54 existing sites for SOC 1 Type II attestation (SSAE 16/ISAE 3402 Type II)
•Risk Assessment developed contributed in optimizing resources.
•Drove Information Security Risk Management and Compliance for BFS sector across geography; performed Information Security and Privacy assessments and compliance audits for various clients across Europe and USA
•Pivotal in executing information security standards & regulatory compliance projects as:
•Payment Card Industry Data Security standard (PCIDSS)
•ISO27001 (Information Security) Standard
•SoX (Sarbanes Oxley Act)
•SSAE16 and Data Security and Privacy requirements
•Conducted client and external audits being the SPOC for Third Party Risk Management/Vendor Management audits
•Led SSAE 16 SOC 2 Security audit for numerous clients; defined information security KPIs and KRIs for projects in BFS sector
•Distinction of being awarded with the Performance Cash Award in Jan 2016.
• Pivotal in managing Information Security Program for various geographies in IBM including the India, ASEAN, Central & Eastern Europe & Middle East Africa
• Successfully drove IBM customized Data Security & Privacy frameworks and initiatives for multi-sites and multiple locations of IBM GBS across India, ASEAN, and Central & Eastern Europe & Middle East Africa
• Significantly worked towards improvisation of information security management system consistent with the best practices as outlined in the IBM Information Security Methodology
• Managed ISMS framework at 8 locations and 22 sites across Bangalore, Pune, Chennai, Hyderabad, NOIDA, Gurgaon, Mumbai and Kolkata for effective implementation of ISO 27001; managed business continuity for IBM projects
• Steered transition of ISO 27001:2005 to ISO 27001:2013 across 8 locations and 22 sites in IBM India; conducted ISO 27001 Internal Audit of IBM India Global Business Services activities include Planning, Execution and Remediation
• Stellar role in conducting information security risk assessments and compliance audits for information security process; coordinated with Information Technology and Operations areas to assess security policy compliance and monitor risk
• Led and executed regulatory compliance projects as Payment Card Industry Data Security standard (PCIDSS), ISO27001 (Information Security) Standard, SoX (Sarbanes Oxley Act) and SSAE16 requirements
• Involved in managing the array of functions as Asset Management, Vulnerability Assessment and Penetration Testing, Security Health Check, Risk & Issue Management, Patch Management and Anti-Virus Management
• Conducted Gap Analysis on Customer Policy Document; customized the Information Security Policy and Security Process
• Participated in Internal, Customer and External audits including ISO 27001, SOX and SAS 70; compiled data for preparation of Master IT Security Calendar and tracking its execution.
• Holds the distinction of being awarded with:
o Manager Thanks Award 2009
o Annual Eminence and Excellence Award 2012
o Annual Eminence and Excellence Award 2013
o Annual Eminence and Excellence Award 2014
PREVIOUS WORK EXPERIENCE
Mar’2006 - Jul’2008 | Patni Computer Systems, Noida | Assistant Manager
Awarded with the Annual Best Team Award 2007
Jun’2005 - Mar’2006 | Accenture Services India Pvt. Ltd., Bangalore | Process Analyst
Awarded with the Numero Uno Award in Oct’2005
Apr’2003 - May’2004 | Standard Chartered Scope International, Chennai | Officer
Awarded with Team Award in FY 2003 & Star Award in FY 2004.
• CISM from ISACA, United States – Certificate No. 1426123 • CRISC from ISACA, United States – Certificate No. 1619936 • AMBCI from Business Continuity Institute, UK; No. 031831 • ISO 27001 Lead Auditor from STQC, India • ISO 27001 LA 2013 Transition Course at DNV, India. • CoBIT 5 Foundation from APMG • CPISI - Certified Payment Card Industry Security Implementer at SISA India • ISO 27001 Lead Implementer from BSI, India • ISO 22301 Lead Implementer from BSI, India