Lead – IT Risk Management
Bank of New York Mellon
Total years of experience :10 years, 7 Months
#End-to-end management of third-party risk assessment:
▪ Assessing inherent risk for new engagements
▪ Performing Due Diligence on Vendor for new engagements and as part of
reassessment
▪ Risk Assessment using Shared Assessment Framework - SIG 2020
Questionnaire
▪ Assess the level of inherent technology risks in the context of business
objectives & risk appetite and establish residual risk
▪ Provides guidance to the lines of business, stakeholders related to thirdparty risk, Global Procurement and Operational Risk teams.
#Subject Matter Expert for following control domains:
▪ Cyber Security
▪ Data Privacy
▪ Compliance
▪ HR Security
▪ Risk Management & 4th Party Controls
# Leading Information Security Team with following processes owned and managed for all locations across the globe:
- Information Security Risk Management (ISO 27005, ISO 31000, FAIR)
- Third Party (Vendor) Risk Management
- Formulating information security policies, Gap Analysis, Planning & Implementing Security Controls, ISO 27001-2013 Implementation/Continual Improvement
- ISO 27001:2013 Internal Audits, Supporting ITGC & Third-Party Audits
- Information Security Advisory to business like risk assessment for their projects, GDPR, Encryption Services etc. This helps in smooth functioning of business activities and fulfill their client requirements.
- McAfee Endpoint Threat Defense & Response Solution (McAfee EPO)
- Patch Management
- Software Compliance Life Cycle Management
- Information Security Awareness Activities
- Periodic IT Systems configuration review (Firewall, Proxy, AD etc.)
# Part of Transition Project Team (Acquisition by new organization)
- Data plays a vital role in any acquisition, it need to be complete and to be shared in controlled manner because of involvement of so many third
parties
- IT Systems (Services/Data Centre/Network/Licenses etc.) Transition planning, budgeting and management
# R&D Projects-Initiated inhouse development of Security Tools
#Subjects undertaken like PCI DSS, Data Security, Application Security, Information Security Audit (ISO 27001, COBIT, GRC etc.), Digital Forensics, Introduction to BFSI, Open Source and Open Standards, DBMS, Software Engineering, Security in Cloud etc.
#Designed and developed curriculum for B.Tech program for the subjects Data Security, Application Security, Information Security Audit, IT Systems Security and Digital Forensics.
#Designed & Implemented Labs for 4 years B.Tech CSE + Cyber Security Program like Attack Practice Labs on Vulnerable Virtual Machines, VAPT using Nessus, OpenVAS and OWTF, Digital Forensics, GRC & Audit Case Study Labs etc.
#Placement & Internship Coordinator & Course Coordinator
#Performed IT Application Audit (SAP Audit + ITGC) for couple of clients.
#Consulting Services (Advisory & Project Management) for one of the largest private Indian airlines for Security Information & Event Management.
#Risk Assessment Advisory as per ISO 27001:2013 for an automobile company.
#Proposals for new clients like Application Audit, ISO 27001, PCI-DSS etc.
# Designed a Log Management Framework Guideline for all In-house applications after a detailed study of all critical applications and their existing log management scenario.
# A proper gap analysis was done and documented.
# Technology: OSSEC and Splunk were used for Proof of Concept.
# Handle trouble shooting of development production issues, customer interaction on daily basis; provide support to Middle East countries on Sunday, involved in knowledge transfer sessions.
# Technology: Mainframe with COBOL as programming language and DB2 as database.