Information Security and Technology Risk Specialist
ANZ Operations and Technology Private Limited (ANZ)
Total des années d'expérience :14 years, 0 Mois
Currently managing a4 member team on which the team is assessing information security and technology risks for diverse number of projects in retail portfolio during design/implementation phase specifically as to
•Understand the scope of project and identify security requirements
•Segregate all assets into Information asset and Technology asset to assess the Confidentiality, Integrity and Availability (CIA) ratings associated with each.
•Assess the inherent risk based on the consequences derived from CIA rating for all information technology systems that have been incorporated by the project.
•Review, analyse and revise preliminary assessment of control effectiveness in information and technology risk assessment, identifies and escalates significant risks to the stakeholders for review and sign-off.
•Identify and allocate resourcing needs and ensure deliverables are completed as expected.
•Drive continuous process improvement activities
Projects:
•Information Technology Risk Assessment for a leading bank:Have done IT exposure assessment for the bank’s initiatives and new projects in Retail portfolio.
•IT Internal Audit and Business Process Review for Telecom domain market leader in India: Assessed the design of internal controls and their operating effectiveness for a new retail venture rolled out by the Telecom player.
•Forensic Assessment for Non Compliances to FCPA Regulations for a Retail giant: Performed hard copy and mail reviews to identify instances of potential irregularities leading to fraud and kickbacks.
•IT Security Review for an Africa single instance Oracle system for a major Telecom Client: Reviewed the security posture of critical modules and servers to identify perceived risks.
•Configuration Review and Vulnerability Assessment for a leading software services firm: Done external Vulnerability assessmentfor different platforms including operating systems, databases and network elements.
•Web Application Security Assessment for a cloud based HRLMS product: Determined security vulnerabilities in the application by running automated scans followed by manual testing to remove false positives
Projects - ACS Vector - The scope of the project involved automating toll collection process for the government agencies in EZPASS and FASTRACK consortium by processing high volume of transactions and posting into the customer accounts
in
in
