Senior Executive-Governance Risk and Compliance
NetMagic Pvt Ltd
مجموع سنوات الخبرة :11 years, 7 أشهر
Identifying client needs and formulating solution to address those security with regards to ISO 27001, PCI DSS, ITIL and ITGC framework
• Maintain and provide advice to clients on information security governance, policy and technological aspects of IT security. Responsible for providing weekly/monthly compliance report to US Service Delivery Head.
• Conduct ISMS security awareness and data privacy training program for US project
• Ensuring InfoSec documentation (polices/procedure/risk register) is complete, up-to-date and accessible through client SharePoint document management tool.
• Perform process and asset based risk assessment on the framework of ISO 27001/IT General Control and other client requirement
• Perform end to end ISO 27001:2013 control audit for US and Japan project. Communicates audit progress and findings to Service Delivery Head-US.
• Conduct data center audit and responsible for BCP testing for US project
• Handling and manage US statutory external audit (program change control, access control OS&DB, backup process, interview with key personal to understand process, risk assessment)
• Helping project manager and US delivery head to review and develop security and give recommendation from ISO 27001:2013, PCI DSS, ITIL and ITGC framework
• Perform MSA and SOW audit once a year and on the requirement of US delivery head.
•Handling end to end PCI DSS yearly audit for US and Japan client. Responsible for handling on-site external audit/client requirement and facilitate data for audit
Coordinate and manage statutory external audit for SOX (ITGC). Responsible for facilitating the data to external auditors
•Provides management reports by collecting, analyzing, and summarizing audit information
•Conduct ISMS security awareness training program within organization
•Support management to manage & mitigate risk assessment and implement ISO 27001 control across organization
•Conduct risk assessment on the framework of ISO 27001/IT General Control and also conduct gap analysis for ISO 27001/ITGC
•Conduct internal audits for various business functions within the organization at defined frequency. Communicates audit progress and findings to respective business head
•Conduct data center audit as per ISO 2700/PCI standard
•Develop and review all information security polices/procedure as per the business requirement, any change in emerging IT law or legal requirement
•Handling end to end ITGC statutory audit requirement (program change control, access control OS&DB, backup process, interview with key personal to understand process, risk assessment)
•Assist and consult organization with the implementation of ISO 27001:2013 and managing the ISMS
•Assist organization in implementing the business continuity for critical function
•Implemented and consulted organization for PCI DSS compliance for e-commerce business.