My Professional Vision
I am an experienced cybersecurity analyst using my skills for ethical hacking, penetration testing, and information security compliance implementation, while continually improving my abilities to build a cybersecurity governance & IT compliance-oriented professional path towards corporate consulting. I am especially passionate about IT & cybersecurity compliance & governance managment.
key areas of experience
information security & risk management
IT Compliance Policy Documentation
application & network security
Projects & Work Experience
Senior Consultant - Technology Risk Consulting
Employer – KPMG Canada LLP
Audit and Advisory Engagements: Participate in end-to-end SOC 1, SOC 2, ISMS, GITC, and FSA audits, ensuring meticulous execution and compliance with all relevant standards and regulations.
IT Risk and Control Assessments: Conduct robust assessments of IT risks and controls, support internal and external audit and advisory engagements, and provide actionable insights and recommendations.
Operational Evaluation: Critically evaluate IT operations, maintenance, and database management practices to ensure they are controlled effectively and align with organizational objectives.
Data Governance: Oversee and enhance data governance policies and practices, ensuring data integrity, availability, and regulatory compliance.
Incident and Problem Management: Oversee incident and problem management policies and practices, ensuring swift resolution, minimal business impact, and continuous improvement.
Change and Configuration Management: Evaluate and enhance change, configuration, release, and patch management policies and practices, ensuring stability and security of IT environments.
Business Continuity: Assess and enhance the organization's ability to maintain business operations during and after critical events, ensuring resilience and preparedness.
Asset Lifecycle Management: Oversee and optimize asset lifecycle management policies and practices, ensuring optimal utilization and safeguarding of assets.
Consultant - Technology RisK
Employer – KPMG Canada LLP
Conducting assessments of IT risks and controls in support of internal and external audit and advisory engagements, related to for instance:
IT risk and maturity assessment
IT projects and system implementations Access management
IT governance reviews
IT third party risk management Business continuity and disaster recovery
Cloud security Data governance assessments and reviews
Supporting assessments for broader information security topics (cyber maturity assessments, ISO audits, incident management reviews etc.) as well IT general controls
Monitoring relevant technology risk standards and practices. Developing risk and control matrices and reviewing procedures. The review and provision of advice and assistance on business process controls
Engagement risk management: quality assurance through file review, engagement planning, development and
monitoring, engagement profitability
Service Delivery: conducting research, performing technical testing, writing reports, conducting interviews and communicating regularly with clients and resources.
Information Security Auditor & Analyst
(Freelance Independant Contractor)
Client – Grand View Research (I) Pvt. Ltd.
Designed Phishing Attack Toolkit | Information gathering | The final document with insights on anti-phishing techniques. The toolkit also sufficed as an information security awareness document
Prepared a Situation Report/Risk assessment report
Conducted vulnerability Assessment (VA) – External | External vulnerability assessment |Network scanning | System profiling | Service profiling | Vulnerability identification
Prepared Vulnerability Assessment (VA) Report
Client – Deloitte India (via Scikey.ai)
Conducted an end-to-end information security review for application based ITGC controls internal audit
Audit was conducted for domains including user access management, incident management, log, backup policy, network security, change management, IS policy and procedures, data security and cybersecurity
Prepared a detailed internal audit data assessment and review report for 25 controls
Client – Groupsoft US Inc.
Prepared questionnaires for ISO 27001, GDPR, HIPAA, ITGC, IT & security
Independently held walkthrough meetings with SPOCs/process owners
Derived weighted average percentage splits for compliance preparedness assessment using MS Excel spreadsheet
Conducted closing meetings with stakeholders
Client – Informed Hustle LLC, U.S.
Conducted vulnerability assessment of the website
Designated data protection officer for the client according to GDPR Article 39
Created IT security and ISO 27001/ISMS policies & procedures
Executed gap analysis, risk assessment, and walkthroughs were conducted to understand the implementation of existing control measures
Created questionnaires for ISO/IEC 27001, ITGC, and internal controls implementation
Designed roadmaps for business continuity & disaster recovery
Client – Babul Films Society
Created a detailed business document on how to ensure personal data security of its participants and users.
Designed & developed knowledge base document about GDPR compliance & personal data privacy (as the organization had European attendees/participants as well)
Client – Tata Communications, India
Identified Made-in-India Data Loss Prevention (DLP), Host Intrusion Prevention System (HIPS), Network Access Control (NAC) solution providers
Used self-identified approach to map the solutions for understanding their compliance effectiveness, pricing, and benefits
Provided alternate cost-effective solutions for expensive products
Represented the entire collected data in a BI platform format using Google sheet for effective usage of gathered information and presented the information to the management
Client – ProsperaSoft
Conducted in-depth vulnerability Assessment (VA)
Prepared detailed Vulnerability Assessment (VA) Report
information technology market research analyst
Employer – Grand View Research (I) Pvt. Ltd.
Prepared business analysis reports covering commercial aspects, trending factors, and dollar value for markets
Conducted secondary research & data mining, to develop base market revenue estimates and projections
Trained, lead, and managed interns and new recruits
Independently handled pre-sales & post-sales client interactions
Achieved rising star awards for 3 consecutive quarters
Received positive client feedbacks for multiple reports in a single quarter
information security engineer
Employer - ECI Telecom India Pvt Ltd (Ribbon Communications Inc.,)
Conducted vulnerability assessment & identified anomalies in the product
Conducted log analysis and malware analysis in support of incident response investigations
Reported the identified flaws/bugs in a detailed MS Word format
Conducted presentations on OWASP TOP 10