Assistant Manager
KPMG
Total years of experience :9 years, 0 Months
I have acquired team management skills by leading a team as part of Internal/External Audit evaluations for multiple listed as well as non-listed clients across industries and geographies including oil and gas, manufacturing, IT, Hospitality and Banking/Finance domain. Responsibilities included testing design and operation efectiveness of the IT general controls across applications and infrastructure such as cloud platforms like AWS, Azure etc. Managed stakeholders in meeting their technology, audit, risk management,
identification of technology risk profiles and guiding them to mitigate risk. I have performed SOC1/SOC 2 attestation audits (ISAE 3402/ SSAE18) for business process and technology service providers across India, Australia, US, UK. Responsibilities included testing and documentation of general it controls pertaining to physical access, environmental security, application change management/SDLC, incident management, backup and restoration, vulnerability management and trust service criteria like security, availability etc.
I have actively contributed to the implementation of the Information Security Management System (ISMS). My responsibilities encompassed guiding stakeholders in creating asset inventories, conducting risk assessments, and formulating the Risk Control Matrix. I played a key role in preparing Audit Charters and Plans, conducting risk-based audits against standards such as ISO 27001, IT General Controls and conducting Audit committee. Additionally, I provided valuable assistance in regulatory and compliance audits.
I got an opportunity to implement Information Security Management System (ISMS) implementation from scratch. My duties involved creating asset inventory, conducting asset-based risk assessments, preparing Risk Control Matrix (RCM), BCP/DR building policies and procedures as per ISO 27001 standards.
Involved in conducting workshop on Cyber Security, Web Application Security and Desktop Security for making general awareness among the public in association with Mirox India, CERT-K And KSITM. Improved research skills around OWASP Top 10 vulnerabilities and Virtual labs are being set up for practicing vulnerabilities like SQL injection and Cross site scripting and have excellent knowledge in this area.
MG University: Computer Science and Engineering
Master of Science: Computer Security and Resilience