top of page
Vision
Live Cybersecurity Threats

My Professional Vision

Ruda ISO 27001 IRCA Auditor

I am an experienced cybersecurity analyst using my skills for ethical hacking, penetration testing, and information security compliance implementation, while continually improving my abilities to build a cybersecurity governance & IT compliance-oriented professional path towards corporate consulting. I am especially passionate about IT & cybersecurity compliance & governance managment.

key areas of experience

information security & risk management

IT Compliance Policy Documentation

vulnerability assessment

application & network security

penetration testing

Projects

Projects & Work Experience

Senior Consultant - Technology Risk Consulting
(Full-time employment)

Employer – KPMG Canada LLP

  • Audit and Advisory Engagements: Participate in end-to-end SOC 1, SOC 2, ISMS, GITC, and FSA audits, ensuring meticulous execution and compliance with all relevant standards and regulations.

  • IT Risk and Control Assessments: Conduct robust assessments of IT risks and controls, support internal and external audit and advisory engagements, and provide actionable insights and recommendations.

  • Operational Evaluation: Critically evaluate IT operations, maintenance, and database management practices to ensure they are controlled effectively and align with organizational objectives.

  • Data Governance: Oversee and enhance data governance policies and practices, ensuring data integrity, availability, and regulatory compliance.

  • Incident and Problem Management: Oversee incident and problem management policies and practices, ensuring swift resolution, minimal business impact, and continuous improvement.

  • Change and Configuration Management: Evaluate and enhance change, configuration, release, and patch management policies and practices, ensuring stability and security of IT environments.

  • Business Continuity: Assess and enhance the organization's ability to maintain business operations during and after critical events, ensuring resilience and preparedness.

  • Asset Lifecycle Management: Oversee and optimize asset lifecycle management policies and practices, ensuring optimal utilization and safeguarding of assets.

Consultant - Technology RisK
(Full-time employment)

Employer – KPMG Canada LLP

  • Conducting assessments of IT risks and controls in support of internal and external audit and advisory engagements, related to for instance:

  • IT risk and maturity assessment

  • IT projects and system implementations Access management

  • IT governance reviews

  • IT third party risk management Business continuity and disaster recovery

  • Cloud security Data governance assessments and reviews

  • Supporting assessments for broader information security topics (cyber maturity assessments, ISO audits, incident management reviews etc.) as well IT general controls

  • Monitoring relevant technology risk standards and practices. Developing risk and control matrices and reviewing procedures. The review and provision of advice and assistance on business process controls

  • Engagement risk management: quality assurance through file review, engagement planning, development and

  • monitoring, engagement profitability

  • Service Delivery: conducting research, performing technical testing, writing reports, conducting interviews and communicating regularly with clients and resources.

Information Security Auditor & Analyst
(Freelance Independant Contractor)

IT document toolkit

Client – Grand View Research (I) Pvt. Ltd.

  • Designed Phishing Attack Toolkit | Information gathering | The final document with insights on anti-phishing techniques. The toolkit also sufficed as an information security awareness document

  • Prepared a Situation Report/Risk assessment report

  • Conducted vulnerability Assessment (VA) – External | External vulnerability assessment |Network scanning | System profiling | Service profiling | Vulnerability identification

  • Prepared Vulnerability Assessment (VA) Report

IT security review

Client – Deloitte India (via Scikey.ai)

  • Conducted an end-to-end information security review for application based ITGC controls internal audit

  • Audit was conducted for domains including user access management, incident management, log, backup policy, network security, change management, IS policy and procedures, data security and cybersecurity

  • Prepared a detailed internal audit data assessment and review report for 25 controls

IT policy questionnaires

Client – Groupsoft US Inc.

  • Prepared questionnaires for ISO 27001, GDPR, HIPAA, ITGC, IT & security

  • Independently held walkthrough meetings with SPOCs/process owners

  • Derived weighted average percentage splits for compliance preparedness assessment using MS Excel spreadsheet

  • Conducted closing meetings with stakeholders

IT risk assessments

Client – Informed Hustle LLC, U.S.

  • Conducted vulnerability assessment of the website

  • Designated data protection officer for the client according to GDPR Article 39

  • Created IT security and ISO 27001/ISMS policies & procedures

  • Executed gap analysis, risk assessment, and walkthroughs were conducted to understand the implementation of existing control measures

  • Created questionnaires for ISO/IEC 27001, ITGC, and internal controls implementation

  • Designed roadmaps for business continuity & disaster recovery

IT policy

Client – Babul Films Society

  • Created a detailed business document on how to ensure personal data security of its participants and users.

  • Designed & developed information security acceptable use policy, terms & conditions policy, and GDPR inclusive privacy policy.

  • Designed & developed knowledge base document about GDPR compliance & personal data privacy (as the organization had European attendees/participants as well)

IT product analysis

Client – Tata Communications, India

  • Identified Made-in-India Data Loss Prevention (DLP), Host Intrusion Prevention System (HIPS), Network Access Control (NAC) solution providers

  • Used self-identified approach to map the solutions for understanding their compliance effectiveness, pricing, and benefits

  • Provided alternate cost-effective solutions for expensive products

  • Represented the entire collected data in a BI platform format using Google sheet for effective usage of gathered information and presented the information to the management

Vulnerability assesment

Client – ProsperaSoft

  • Conducted in-depth vulnerability Assessment (VA)

  • Prepared detailed Vulnerability Assessment (VA) Report

information technology market research analyst
(Full-time employment)

Employer – Grand View Research (I) Pvt. Ltd.

  • Prepared business analysis reports covering commercial aspects, trending factors, and dollar value for markets

  • Conducted secondary research & data mining, to develop base market revenue estimates and projections

  • Trained, lead, and managed interns and new recruits

  • Independently handled pre-sales & post-sales client interactions

  • Achieved rising star awards for 3 consecutive quarters

  • Received positive client feedbacks for multiple reports in a single quarter

information security engineer
(Full-time employment)

Employer - ECI Telecom India Pvt Ltd (Ribbon Communications Inc.,)

  • Conducted vulnerability assessment & identified anomalies in the product

  • Conducted log analysis and malware analysis in support of incident response investigations

  • Reported the identified flaws/bugs in a detailed MS Word format

  • Conducted presentations on OWASP TOP 10

bottom of page