I have 25+ years of experience in Information Security & Third Party Risk Management (TPRM) as a leader with expertise in planning and implementation of information security systems, governance risk and compliance, and data security across BFSI domain.
Significant achievements of my career:
1. Successfully defined and Implemented ISO 27001 framework
2. Managed application risk assessments based on documented risk methodology.
3. Defined and implemented framework for Off-shore Development Centers for the organization’s technology vendors.
4. Defined and implemented framework for global third parties for Information Security Assessment
5. Build up a team of 10 people + 30 contract staff to run the third party risk assessment team through hiring and training.
6. Developed Key Performance Indicators (KPI’s) for ensuring the quality
7. Defined and implemented Business Continuity process for Technology department.
8. Managed process audits in order to ensure Information Security controls design and operating effectiveness.
Work Experience in Brief
· Director-TPRM, UBSwww.ubs.com, the largest bank in Switzerland and the largest private bank in the world, co-headquartered in Zurich and Basel. India (2017-2021)
· Program Manager-Risk and security, Royal Bank of Scotlandwww.rbs.co.uk(now Natwest Bank), India (2001-2017)
· Asst. Manager-Quality, HCL Infosystems, India (1995-2001)
· Certified in Risk and Information Systems Control (CRISC) with competency in analyzing IT ecosystems to eliminate risk exposure of the organization bydesigning secure solutions.
· Cyber security and risk management expert expert with over 24 years’ experience in establishing information security controls, addressing end-point information protection, GRC,third party information security risk management, technology risk management and foreseeing emerging risks.
· Subject Matter Expert (SME) in developing and enforcing information security policies, procedures, framework, and standards; ensuring compliance through training programs and periodic security audits. Quantifying price of non-compliance (PONC).
· Expertise in providing consultancy onvulnerabilityfindings by audit team and policy non-compliance remediation.
· Coaching and mentoring the team for shaping and developing to play bigger roles.
· Led a team of 30+ professionals
· Handled more than $2Mannual security budget.