Assistant Manager Internal Audit
Factset Research Systems
Total des années d'expérience :8 years, 9 Mois
Key Responsibilities:
o Implemented, designed, and automated workflow of Global Third-Party Vendor Risk Management Program from scratch using of RSAM GRC module
o Implemented CIS Top 20, NIST 800-53, NIST CSF, ISO 27001 controls (collective control Framework)from SANS and IANS under the guidance of CISO to establish a Global Risk and Control office in FactSet
o Building out automated Unified Risk Register workflow using Galvanize controls Bond portal.
o On-boarded and introduced Proofpoint Wombat module in the organization as a part of security culture transformation, Strategized and ran multiple monthly Phishing Simulation.
o Helping in formulation strategy on Cybersecurity transformation, Audits, Security champion, Business Information Risk Officer.
o Working on the formulation of security policy, procedure encompassing best practices like ISO 27001, NIST, PCI DSS, SANS etc.
o Manage relationship with Gartner and Synopsys for policy reviews and
o Working as project manager between control owner and PWC, EY, Protiviti for annual SOC 2 Type 2 and SOX Audit.
o Helped Director of GRC in building out the CISO risk Dashboard
o Conduct weekly Security Awareness training for all new hires in Factset in association with Director of GRC
o Helping CISO to build out the Risk Remediation Lifecycle in Factset
o Actively participating in Optiv Risk review Process in Factset
o Implemented and created SOP for Rsam, HighBond (Diligent)and wombat/Proofpoint Phishing platform workflows in the organization
o Currently manage 8 Cybersecurity analysts and advisors from India and reporting to the CISO.
Major Achievements :
• Received Blue Ribbon Award for H2-FY’20.
• Member of Factset Information Security Risk committee and Policy life cycle management committee in Factset
• Member of Security Product Vendor Evaluation Team of Factset, onboarded Galvanize and Proofpoint Wombat tool
o Managing Third-party audits(security assessments) process and activity for India (Regulated Entity -RBI).
o Conducted remote and onsite (questionnaire based) risk assessment for very high, high and medium risk vendors against HSBC Security Requirements Standard, NIST, PCI DSS, ISO 27001 requirements by using control assessment workbook
o Conduct risk assessments for vendors, identify and document control gaps, and present results to support management action, escalation and risk acceptance processes.
o Conducted review of security controls implemented by vendors covering domains such as BCP, Record management, Cloud, SDLC, encryption, backup, physical security, logical security, network management, change management, incident management, human resource, remote access, mobile access etc.
o Articulate and explain information security assessment results to business
Key Responsibilities:
o Single handedly managed end to end implementation and management of ISO/ IEC 27001 :2013 standard related activities in the organization.
o Planning and Conducting Security Education / User Awareness training across all the department of the organization .
o Planning, Formulation, Maintenance and Enforcement of in-house security polices for organization .
o Assess compliance of company’s IT related policies, regulatory guidelines and international best practices.
o Perform Biannual Internal Audits across all Business Process and Systems
o Prepare Bi-Annual audit reports and discuss with Auditee to close the identified
GAPs.
o Conduct MRM with CISO, Lead project manager and discuss Improvement Plans and Nonconformity .
o Conducting Business Continuity, DR activities, Incident management activity
o Implemented 3rd party Third party Risk Management program
o Conducted Annual Asset and Access Management review.
o Conducted VAPT for networks and application in the organization.
o Conduct architecture reviews for applications and networks in the organization.
Major Achievements :
• Promoted to Olive Core Team /Leadership Team advisory committee by CTO of the organization
• Planned and coordinated with External Auditors DNV to conduct certification audit, periodic audit and successfully helped implementation of ISO/IEC 27001:2013 standard and got the organization ISO/IEC 27001:2013 certified.
• Migration form Enterprise McAfee Anti malware solution to Machine Leaning and cloud-based Webroot Secure Anywhere solution
• Played a pivotal role in augmenting NAS storage device with AWS Glacier service and amazon S3 buckets increasing backup efficiency, Business continuity capabilities and resiliency.
• Successfully introduced and implemented process like Third party risk management program on a small scale in the organization.
• Introduced automated application security testing tool OWASP ZAP, in CI/CD environment and minimized manual testing efforts and time thus saving around yearly INR 85000 in the organization.
o Coordinating with NER and CAB person on implementing or building new production Microsoft windows server 2012 in the virtual environment infrastructure.
o Performing IRT Test once the server is Built.
o Proactive Monitoring, Reporting, RCA of critical infrastructure server alerts of over 4000+ servers in Toyota network namely from Windows, Unix, VMware ESX, Backup, Storage, Database Server through HP Open view monitoring tool and Service Now Event management console (SNOW)
o Review and verification of Health check reports from critical nodes.
o Escalate any inconsistencies in the monitoring environment with respect to the monitoring tool configuration, alert thresholds, alert message enrichment & false alerts.
o Act as a trigger for the critical incident management process by involving the technical & incident management and change management team.
o Handling various functional areas under transportation, maintaining various transportation schedule, communicating with stakeholders (FC, Transport, amazon delivery center, Customer service) for Amazon North America Operation.
o Management of all daily Freight movement for all North America flowing in and out of FC.
o Handling various network exception, network monitoring and network contingency planning by coordinating with multiple stakeholders.
o Proactively working in procurement portal tool set, tendering activities to ensure value for money in maximized.
o Monitor and Track Order Acknowledgement, communicate shortage, damage, returns, warranty, replacement, invoice discrepancy, consolidation.
Le lien a été supprimé pour non-respect des conditions d'utilisation. Veuillez contacter l’équipe d'assistance pour plus d'informations.