Rohit Srivastava Srivastava

Consulting Manager at WIpro Ltd

• India - Bengaluru
• December 2007 to September 2017

Security Consultant

Senior Consultant at MicroLand Ltd

• India
• June 2007 to December 2007

Risk Management
•Identify and Monitor Potential Risks
•Preparing risk assessment questions, all of which are mapped to authoritative sources, control standards and control procedures
•Generate and Resolve Findings to Reduce Risk
Achievements:
•Client Appreciation certificate for successfully delivering before timeline.

Assistant Manager at Grant Thornton India Pvt Ltd

• September 2006 to June 2007

Control Testing for ITGC, SAS70, and SOX.
•Performed SAS 70 Type I and Type II assessments.
•Performed SOX 404 Audits.
•Conducted tests of Design and Implementation and Operating effectiveness of controls.
• Reviewing and developing clients custom control catalogs to ensure alignment of test procedures and control language to enhance efficiencies in remote execution of test procedures.
•Engagement planning, management, coordination with the team.
•External auditor for large government and business construction firm. Testing included access, program changes and development, operations and application controls. Assisted in implementation of new controls.
•Coordinate vendor assessments
•Process analysis documents and developing audit programs.
•Reviewing SAS70 reports to understand client control considerations and performing testing procedures accordingly.
•Performing IT risk assessments to develop annual audit plans and budgets

at AKS Indi

• March 2002 to September 2006

Coordinating quarterly SAS70 audit engagements. Assessing controls and developing test plans in order to identify at risk areas. Establishing and updating emergency preparedness procedures, designing local security polices and creating, implementing, and testing disaster recovery plans. Served on corporate committees which include work on the planning of DR exercises.
•Interfaced with senior management to establish and update emergency preparedness procedures.
•Design and implement local security polices in regards to the protection of customer data.

Security at Wipro Consulting Services Wipro Technologies Ltd

• December 2007 to

ITGCC/ IT Control Assessments
•SoX Control Testing/sox404
•IT Auditing
•Risk Assessment
•Performing effectiveness testing (DET), document operating effectiveness design test (OET) plans and perform OET testing for IT GCC and IT data interface controls
•Performing deep-dive testing for non-standard/complex IT controls
•Performing Quality Assurance Reviews control documentation and DET and OET of testing performed by the IT Line
•Advising IT appropriate remediation of control matters/issues identified Line on during DET and OET testing
•Perform analysis for, and partner with IT application owners /business to risk identify compensating controls for, control matters/issues identified during DET and OET testing
•Partner with IT application owners to on-board newly scoped applications (e.g. define and document key controls)
•Hands-on experience in design effectiveness testing (DET) and effectiveness operating testing (OET) of IT GCC and IT data interface controls in design and implementation of IT General Computer Experience Controls

Information Security Internal Audit Team at General Electric (GE)

• Australia
• to

Security at Berkeley

• United Arab Emirates
• to

Security Architect at Cresit Suise Bank

• Switzerland
• to

Senior Information Security Managener at AstraZenec

• United Arab Emirates
• to

Information Security Manager at AlAhli Bank

• Saudi Arabia
• to

Security

• to

CCSK (Certificate of Cloud Security Knowledge)
•Audited Cloud Security Controls for PaaS, SaaS & IaaS
•Defined Security Controls of SaaS & IaaS
•Reviewed Cloud BCP and DR Plan for IaaS
•Security Planning in order to Consider cloud service models for IaaS, PaaS, and SaaS
•Evaluated the cloud type to be used such as public, private, community or hybrid for Data Classification & Protection.
•Reviewing and generating the Audit report for Application and Database Integration.
•Cloud Data Protection for
•Access Control
•Auditing
•Authentication
•Authorization
•Compliance and Security Review (High / Low Level Design Document) for Data Privacy and Protection.
•Reviewed WAF rules for protecting the websites and Transactions
Detailed Role:
•To establish and maintain the method of conducting regular reviews of Compliance and Security to ensure its continuing suitability and effectiveness with new improvement and making changes where necessary
•Security Metrics to be presented to Leadership on the basis of frequency of the various activities being performed
•Defining Performance Metrics as part of operating procedures pertaining to the relevant area.
•Reviewing of minutes of Previous Steering Committee Review meetings
•Reviewing of internal / external audit security reports and trends
•Anticipated operational/technology changes
•Recommendations for improvement
•Review of Top Risks and Incidents reported
•Review / Identifying of metric definition & performance
•Responsible for overall Governance of compliance & security within program.
•Responsible for being the primary interface with client and Wipro
•Responsible for ensuring secure handling of information that is being accessed within program.
•Responsible for assessing engagement's requirements to adhere to applicable Data Privacy & protection regulatory requirements and work towards educating the team and implementing additional control measures as required
•Responsible to understand all physical & environment security requirements.
•Interfaces with Wipro’s Facilities Management Group to ensure guidelines & processes being administered in area of physical and environment safety & security
•Responsible of product and process quality of delivery of services to Client.
•Responsible for quality assurance activities within program.
•Responsible for planning, executing & reporting the audits for the program.
•Responsibility also includes reporting the audit report to client along with RCA and remediation plans for defects reported.

• to

Ensuring Governance, Risk and Compliance across business, which involves Policy Management, Risk Management, Compliance Management and Audit Management.
•Responsible for risk profiling, initial assessment, Business Impact Assessment (BIA), Threat and Vulnerability Assessment, Controls Selection, Control Verification Review, Third Party Assessment Results and registering all IT Risk activities in appropriate tools to support reporting function.
•Coordinating Internal / External auditors and local branch office teams which are undergoing audits.
•Providing management comments to the non-conformities raised by Auditors based upon the upcoming projects or commitments from management to close these observations.
•Coordinating with respective issue owners for closure of non-conformities within agreed timelines.
•Acting as an interface between the client and external auditors.

Functional:
•Planning and conducting various quality/process/tools trainings for development, providing production support and maintenance environment.
•Implementing and adhering to client specific Compliance Standards, SAS70, HIPPA, SOX 404 Controls as well as ISO 27001.
•Monitoring and reviewing all the audit controls on weekly basis as defined by Statutory Compliance.
•Conducting self assessment for all the process to ensure compliance in line with internal / external audits.
•Monitoring and evaluating performance and internal controls as per business requirement.
•Providing IT governance and ensuring regulatory compliance.
•Ensuring that compliance checklist adhere to the Change Management Process which includes SAS 70 & SOX 404.
•Audit Evidence Management: Identifying gap, collecting sample for further investigation, analysing sample evidences and preserving them for future reference.