Experience

UZIO

• Brazil
• Plastics Manufacturing
• 1 - 100 Employee

• Manager - Information Security & Privacy

  • Jan 2023 - Present

  Noida, Uttar Pradesh, India •To define, implement and maintain ISMS and PIMS in compliance with frameworks, standards, and regulations such as ISO 27001, 22301, 27701, SOC, SSAE 18, GDPR, NIST, CCPA, HIPAA •Maintain SOC 1 & 2 compliance, monitor and report effectiveness to the management, manage the audit process •To observes changes in national and global regulations affecting information security, data privacy and make recommendations on the need for policy changes and updating the organizational plans to be at… Show more •To define, implement and maintain ISMS and PIMS in compliance with frameworks, standards, and regulations such as ISO 27001, 22301, 27701, SOC, SSAE 18, GDPR, NIST, CCPA, HIPAA •Maintain SOC 1 & 2 compliance, monitor and report effectiveness to the management, manage the audit process •To observes changes in national and global regulations affecting information security, data privacy and make recommendations on the need for policy changes and updating the organizational plans to be at par with the regulatory requirements •Align customer and internal information security and Data Privacy objectives to the ISMS and PIMS •Respond to RFX of prospects and customers of UZIO and support the calls with prospects and clients for security and Privacy related questions •Respond to information security assessments performed by UZIO clients •Monitor and fulfil client contractual (MSA) information security and data privacy obligations •Coordinating and liaising internal functions with vendors for network and application security assessments and penetration tests, security code tests (web, mobile, web service, etc.) •Perform the Third-party Risk Assessment (TPRM) of Critical Vendors •Conduct Information Security and Data Privacy awareness and training programs for the employees as part of their induction and regular awareness •Plan and co-ordinate BCP and DR tests •Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security and privacy •Oversee information security incident management and data privacy breach management process for incident reporting, containment, resolution, and root cause analysis •Work with internal stakeholders such as DevOps, Application product, Finance, HR, Admin, IT, Legal for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls •Work with IT, DevOps, and Application teams on technical implementations.

• Deputy Manager - Information Security & Privacy

  • Jun 2020 - Dec 2022

  Noida, Uttar Pradesh, India •Maintain SOC 1 & 2 compliance, monitor and report effectiveness to the management, manage the audit process. •Align customer and internal information security and Data Privacy objectives to the ISMS and PIMS •Respond to RFX of prospects and customers of UZIO and support the calls with prospects and clients for security and Privacy related questions •Respond to information security assessments performed by UZIO clients •Monitor and fulfil client contractual (MSA) information… Show more •Maintain SOC 1 & 2 compliance, monitor and report effectiveness to the management, manage the audit process. •Align customer and internal information security and Data Privacy objectives to the ISMS and PIMS •Respond to RFX of prospects and customers of UZIO and support the calls with prospects and clients for security and Privacy related questions •Respond to information security assessments performed by UZIO clients •Monitor and fulfil client contractual (MSA) information security and data privacy obligations •Coordinating and liaising internal functions with vendors for network and application security assessments and penetration tests, security code tests (web, mobile, web service, etc.) •Perform the Third-party Risk Assessment (TPRM) of Critical Vendors •Conduct Information Security and Data Privacy awareness and training programs for the employees as part of their induction and regular awareness •Plan and co-ordinate BCP and DR tests •Work with internal stakeholders such as DevOps, Application product, Finance, HR, Admin, IT, Legal for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls •Work with IT, DevOps, and Application teams on technical implementations.



dunnhumby

• United Kingdom
• Advertising Services
• 700 & Above Employee

• Security Operations Analyst

  • Mar 2020 - Jun 2020

  Gurugram, Haryana, India • To manage the information Security Supplier Assurance, ensuring each step is completed within SLA • To manage any risk mitigations associated with suppliers, both internally and with the suppliers themselves. • By Tracking, reporting and managing mitigation of organizational risk • Providing input into the continuous improvement of the Supplier Assurance and risk management processes. • By providing day to day support on security solutions ensuring an environment that meets the… Show more • To manage the information Security Supplier Assurance, ensuring each step is completed within SLA • To manage any risk mitigations associated with suppliers, both internally and with the suppliers themselves. • By Tracking, reporting and managing mitigation of organizational risk • Providing input into the continuous improvement of the Supplier Assurance and risk management processes. • By providing day to day support on security solutions ensuring an environment that meets the defined Corporate Security objectives. • To provide single point of contact for internal security related queries and issues that help with operations, remediation, and audit activities. • Respond to, investigate and resolve security events in line with incident management processes to quickly help mitigate and reduce negative impact to the company. • Support the delivery of key security processes including access and identity management with the objective of implementing industry best practices within the organization. • By providing an advisory role to individuals and project teams on the implications of IT security in day to day operations. • To conduct vulnerability audits and assessments and manage and resolve any issues found. Show less



PRIVACY VIRTUOSO GLOBAL

• India
• Business Consulting and Services
• 1 - 100 Employee

• Cyber Security Consultant

  • Nov 2019 - Feb 2020

  Doha, Qatar • Design audit plans and evidence gathering exercise • Formulate an enterprise level project plan for regulatory audits • Conduct cyber security assessments against SAMA CSF 1.0 • Create final reports for regulator to review • Suggest control changes on non-compliance of sections • Assess the BCM readiness and DR effectiveness (RPO and RTO audits) • Training the staff on best practices of compliance audit planning & strategy In addition to this, I was responsible to… Show more • Design audit plans and evidence gathering exercise • Formulate an enterprise level project plan for regulatory audits • Conduct cyber security assessments against SAMA CSF 1.0 • Create final reports for regulator to review • Suggest control changes on non-compliance of sections • Assess the BCM readiness and DR effectiveness (RPO and RTO audits) • Training the staff on best practices of compliance audit planning & strategy In addition to this, I was responsible to create enterprise level privacy risk management plans and mitigation strategy. This project involved complex stakeholder management between, regulator, auditee and third-party OEM/VENDORS. This covered 4 locations and 12 entities as IN SCOPE institutions. Show less



Planetcast Media Services Limited

• India
• 1 - 100 Employee

• Data Privacy & Information Security Executive

  • Apr 2018 - Nov 2019

  Noida Area, India • Designing, implementing & assisting in auditing controls which sustain Security & Privacy policy framework based on GDPR | CCPA | ePrivacy Directive (European Union) | COSO Framework | SSAE 18 SOC-2 Compliance | ISO 27701:2019 (PIMS) | ISO 45001:2018 (OH&S) | ISO 27001:2013 (ISMS). • To develop and maintain Security & Privacy in the organization through compliance adherence to Policies | Audit checklist | BCP Checklist | Scope Statement | Statement of Applicability | Risk Analysis &… Show more • Designing, implementing & assisting in auditing controls which sustain Security & Privacy policy framework based on GDPR | CCPA | ePrivacy Directive (European Union) | COSO Framework | SSAE 18 SOC-2 Compliance | ISO 27701:2019 (PIMS) | ISO 45001:2018 (OH&S) | ISO 27001:2013 (ISMS). • To develop and maintain Security & Privacy in the organization through compliance adherence to Policies | Audit checklist | BCP Checklist | Scope Statement | Statement of Applicability | Risk Analysis & Assessment. • To work closely with different Team/ departments of the organization to check for adherence of compliance's and to assist in continually improving the level of compliance adhered. • To update the hardening checklist for the organization based on CIS benchmark & NIST standards whichever controls are applicable. • To Perform Risk Assessment | Business Impact Analysis | Data Protection Impact Assessment (DPIA). • To Conduct Security & Privacy training sessions to the leadership & Management which include all the compliance's adhered in the organization like ISO | SSAE 18 SOC-2 | COSO | GDPR | CCPA | PDPA| PIPEDA. • Mapping of various compliance's like ISO 27001:2013 | ISO 27701:2019 | ISO 45001:2018 | SSAE 18 SOC 2 | COSO | GDPR | CCPA | PDPA | PIPEDA. • Assisting the Software team to implement Privacy & Security by formulating checklists to adhere to the Privacy by Design, Privacy by Default & Security in Software Development Life Cycle (SDLC). • To conduct external Audits and assist Certification Bodies, Clients or Third party auditors in conducting an effective audit of the organization by collaborating with internal teams. Show less



Wipro Limited

• India
• IT Services and IT Consulting
• 700 & Above Employee

• Process Risk Champion

  • Oct 2017 - Feb 2018

  Delhi • Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures • Monitor Access Management activities to ensure segregation of duties • Documenting risk analysis and controls and evaluates control design and continuous control improvement. • Monitoring of computing platform compliance with security policies and directives. • Assisting stakeholders with recommendations to address key control… Show more • Information Security Policy Management – Supports the development and maintenance of corporate Information Security related policies and procedures • Monitor Access Management activities to ensure segregation of duties • Documenting risk analysis and controls and evaluates control design and continuous control improvement. • Monitoring of computing platform compliance with security policies and directives. • Assisting stakeholders with recommendations to address key control deficiencies. • Contributing to the teams’ continuous improvement efforts. • Evaluating management responses to ensure remediation tasks adequately address identified gaps. • Conducting information security assessment of information systems as per our methodology

• Senior Quality Specialist

  • May 2016 - Oct 2017

  New Delhi Area, India • Participating in design of quality standards. • Providing trend data to Operations management team & leadership. • Using quality monitoring data management system to compile and track performance at team and individual level. • Participating in client programs to identify customer needs and expectations. • Providing actionable data to various internal support groups as needed. • Providing feedback to team leaders and managers. • Preparing and analyzing internal and… Show more • Participating in design of quality standards. • Providing trend data to Operations management team & leadership. • Using quality monitoring data management system to compile and track performance at team and individual level. • Participating in client programs to identify customer needs and expectations. • Providing actionable data to various internal support groups as needed. • Providing feedback to team leaders and managers. • Preparing and analyzing internal and external quality reports for management review.

• Senior Process Executive

  • Feb 2015 - Oct 2016

  New Delhi Area, India • Responsible for developing superior understanding of client plan provisions, identify opportunities for knowledge enhancement and deliver to high standards of quality and timeliness. • Demonstrating sound understanding of client plan provisions and responding to client needs in a timely fashion. • Ensuring knowledge of current set of policies and supporting documents to the team members. • Conducting daily huddles and status meetings. • Ensuring on-time and accurate delivery of… Show more • Responsible for developing superior understanding of client plan provisions, identify opportunities for knowledge enhancement and deliver to high standards of quality and timeliness. • Demonstrating sound understanding of client plan provisions and responding to client needs in a timely fashion. • Ensuring knowledge of current set of policies and supporting documents to the team members. • Conducting daily huddles and status meetings. • Ensuring on-time and accurate delivery of all tasks as per Service Level Agreements by team members. • Adaptability and Flexibility, Coaching and Recognition, Cross-cultural Competence. • Delivering on new/ adhoc tasks in order to meet client/ internal goals promptly. • Creating/ updating SOP where and when required . Work with other supporting groups to enhance procedures and eliminate wastage. • Efficiently setting goals and work on so as to avoid any escalations and maintain the relevancy and quality while providing service to the clients.

• Process Associate

  • Aug 2014 - Feb 2015

  • Responsible for processing all activities related to client queries, while meeting and exceeding client Service Level Agreements. • Prioritizing work as required in order to effectively respond to client needs. • Ensuring knowledge of current set of policies and supporting documents. • Following all predefined procedures, adheres to all the process guidelines and ensures that performance parameters are met and/ or exceeded against SLA targets. • Participating & contributing in… Show more • Responsible for processing all activities related to client queries, while meeting and exceeding client Service Level Agreements. • Prioritizing work as required in order to effectively respond to client needs. • Ensuring knowledge of current set of policies and supporting documents. • Following all predefined procedures, adheres to all the process guidelines and ensures that performance parameters are met and/ or exceeded against SLA targets. • Participating & contributing in daily huddles and status meetings. • Ensuring on-time and accurate delivery of all tasks as per Service Level Agreements. • Adaptability and Flexibility, Coaching and Recognition, Cross-cultural Competence.



Usha International

• Bangladesh
• Hospitals and Health Care
• 1 - 100 Employee

• Internship Trainee

  • Jun 2012 - Aug 2012

  New Delhi Area, India • Responsible for observing the activities of the fellow employees to learn about various management and administrative techniques. • Responsible for ensuring the standards of the products and making necessary amendments and improvements wherever required. • Required to meet sale targets of the company and ensuring that deadlines are met. • Responsible for solving vendor queries and ensuring that there is no scope for any complaint or mistake. • Required to do the… Show more • Responsible for observing the activities of the fellow employees to learn about various management and administrative techniques. • Responsible for ensuring the standards of the products and making necessary amendments and improvements wherever required. • Required to meet sale targets of the company and ensuring that deadlines are met. • Responsible for solving vendor queries and ensuring that there is no scope for any complaint or mistake. • Required to do the necessary paperwork and understand the trends of sales. • To do research about the company & its vendor in order to prepare a report on a specific topics. • Responsible for visiting sales programs or meets and learning about the management techniques from a wider angle or view. Show less