Professional Experience

IT General Control Testing, Business Application Control Testing, Control Advisory, Process Improvements, Business Process Design, and spearheading Digital Transformation initiatives through emerging technologies. SAP/ORACLE Security Control Testing, SOX Compliance, Collaboration and Stakeholder Engagement, Risk Mitigation, Audit like SOX, SAP ITGC Testing, ISO 27001, SOC2, PCI DSS, NIST CSF, HIPAA/HITRUST etc. Cloud Security: Leading the implementation and assessment of cloud security frameworks such as AWS Well-Architected Framework, Azure Security Center, and Google Cloud Security Command Center, ensuring robust security postures for cloud environments. IT GRC: Managing IT GRC programs, including the development and enforcement of policies, procedures, and controls to mitigate risks and ensure regulatory compliance. Risk Assessments: Conducting comprehensive risk assessments and vulnerability assessments for cloud infrastructures, identifying potential threats, and developing mitigation strategies. Compliance Audits: Leading internal and external audits to ensure compliance with industry standards and regulations such as ISO 27001, SOC 2, and NIST CSF. Incident Response: Coordinating incident response efforts for cloud environments, conducting thorough post-incident analyses to improve future response strategies and minimize business impact. SIGNATURE ACHIEVEMENTS in Other Cybersecurity Projects: • Improved cybersecurity policy compliance by 31% through NIST/ISO‑aligned policy overhaul. • Reduced audit preparation time by 45% via automated compliance dashboards. • Achieved CMMC Level 2 readiness six months early, supporting $250M DoD contracts. • Led ISO 27001 certification across 12+ global sites with zero audit findings. • Reduced MTTD by 50% through NIST‑aligned SIEM/SOAR integration. • Identified $2M in risk exposure during M&A cyber due diligence.

o SAP Application Security: Access Management, User and Role Maintenance, User Administration and Monitoring, Maintenance of programs and tables authorizations o Development and execution of Information Technology compliance program o Conduct risk assessments for existing and new IT infrastructures, initiatives and projects o Responsible for IT control analysis and control process improvements o Periodic evaluation and report on IT performance and Compliance status o Ensuring compliance to Policies, Standards, Procedures, and regulations o Collect, analyze, and disseminate relevant cyber threat intelligence o Document attacks, work with investigators, and document post incident attack lessons learnt o Provide control advisory services on new rule sets to security tools – FireWalls, Imperva, SIEM etc o Responsible for managing access rules on whitelists and blacklists o Ensuring IT policies and procedures are well documented and up to date o Conducts and facilitate Control Self-Assessment and perform gap assessment and audits o Implementation and Maintenance of Information Security Management System(ISMS) – ISO 27002 o Champions Security Awareness Training initiatives o Engages in third party risk assessment and vendor relationship management

o Responsible for conducting IS and security control reviews o Ensured compliance to policies and regulatory authority standards that affect information security & processes o Assisted in the planning, execution and delivery of IT audits. o Assisted IT professionals and auditor in preparation for engagement risk assessment, planning and audit scope development o Worked with audit project team to achieve departmental goals o Documentation of audit activities and preparation of audit work papers o Analysis and implementation of the NIST Cybersecurity Framework o Reviewed Security Control Operation Center services and capabilities

A supervisory role responsible for managing IS Audit projects and tasks. o Reviewed the information security policies and procedures of the Bank o Developed annual audit plan & Project management of audit assignments using risk-based audit approach o Monitored compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties o Responsible for IT Regulatory Compliance, IT Audit Governance and providing IT Governance support o Managing professional relationship with regulatory agencies and providing guidance on dealing with IT regulatory developments, preparing reports for various Steering and strategy Committees, and monitoring compliance with IT regulations and strategic objectives o Performed information security risk assessments and serving as the internal auditor for information security processes o Conducted effective risk management of E-business products & Bank applications o Periodic evaluation of organization security controls, intrusion & penetration testing reports o Assisted in Fraud forensic investigations o Prepared monthly dashboard IT reports including KPIs, KRIs, SLAs, project portfolio etc. with drill down milestones o Reviewed technology action plans to ensure reported finding and associated risks are addressed o Ensured compliance to legislation and regulatory authority standards that affect information security & processes o Partnered with IT management on Project Management control advisory functions o Reviewed the alerts from the SIEM and advise on appropriate response strategy o Evaluated and advised on new technology and security architectures o Involved in security awareness training and control advisory functions

o Review of IT Security policies & IT organization. o Review and accredit newly developed e-banking systems before deployment o Conduct effective risk identification, analysis & management of E-business products o Review of banking applications, & databases o Review of back-up, recovery procedure & contingency plan

o Review of IT Security policies & IT organization. o Review and accredit newly developed e-banking systems before deployment. o Conduct effective risk identification, analysis & management of E-business products o Review of banking applications, revenue assurance and cost controls (ACL & SQL) o Review of back-up, recovery procedure & contingency plan o Review of data center o Review of third party licenses and service agreements o Users’ administration/Identity Access Management o Review of systems development & change control management o Review of network administration, operating systems and databases o Review of electronic products like ATM, Value-card, internet-banking o Systems availability monitoring using network monitoring tools o Network Vulnerability assessment tools like Nessus, Nmap, Wirechalk, Ethereal & Ethercap o OS vulnerability assessment o Periodic review of internet banking, e-cards, ATM & web application security.

o Review of IT Security policies & IT organization. o IT banking applications support o Back-up, recovery procedure & contingency plan o Review of third party licenses and service agreements o System users’ administration o Systems development & change control management o Network administration, operating systems and databases support o Review of electronic products like ATM, Value-card, internet-banking o Systems availability monitoring using network monitoring tools

Teaching, and mentoring IT