
My Professional Vision

I am an experienced cybersecurity analyst using my skills for ethical hacking, penetration testing, and information security compliance implementation, while continually improving my abilities to build a cybersecurity governance & IT compliance-oriented professional path towards corporate consulting. I am especially passionate about IT & cybersecurity compliance & governance managment.
key areas of experience
information security & risk management
IT Compliance Policy Documentation
vulnerability assessment
application & network security
penetration testing
Projects & Work Experience
Consultant - Technology Risk Advisory
(Full-time employment)
Employer – KPMG Canada LLP
-
Conducting assessments of IT risks and controls in support of internal and external audit and advisory engagements, related to for instance:
-
IT risk and maturity assessment
-
IT projects and system implementations Access management
-
IT governance reviews
-
IT third party risk management Business continuity and disaster recovery
-
Cloud security Data governance assessments and reviews
-
Supporting assessments for broader information security topics (cyber maturity assessments, ISO audits, incident management reviews etc.) as well IT general controls
-
Monitoring relevant technology risk standards and practices. Developing risk and control matrices and reviewing procedures. The review and provision of advice and assistance on business process controls
-
Engagement risk management: quality assurance through file review, engagement planning, development and
-
monitoring, engagement profitability
-
Service Delivery: conducting research, performing technical testing, writing reports, conducting interviews and communicating regularly with clients and resources.
Information Security Auditor & Analyst
(Freelance Independant Contractor)

Client – Grand View Research (I) Pvt. Ltd.
Designed Phishing Attack Toolkit | Information gathering | The final document with insights on anti-phishing techniques. The toolkit also sufficed as an information security awareness document
Prepared a Situation Report/Risk assessment report
Conducted vulnerability Assessment (VA) – External | External vulnerability assessment |Network scanning | System profiling | Service profiling | Vulnerability identification
Prepared Vulnerability Assessment (VA) Report

Client – Deloitte India (via Scikey.ai)
Conducted an end-to-end information security review for application based ITGC controls internal audit
Audit was conducted for domains including user access management, incident management, log, backup policy, network security, change management, IS policy and procedures, data security and cybersecurity
Prepared a detailed internal audit data assessment and review report for 25 controls

Client – Groupsoft US Inc.
Prepared questionnaires for ISO 27001, GDPR, HIPAA, ITGC, IT & security
Independently held walkthrough meetings with SPOCs/process owners
Derived weighted average percentage splits for compliance preparedness assessment using MS Excel spreadsheet
Conducted closing meetings with stakeholders

Client – Informed Hustle LLC, U.S.
Conducted vulnerability assessment of the website
Designated data protection officer for the client according to GDPR Article 39
Created IT security and ISO 27001/ISMS policies & procedures
Executed gap analysis, risk assessment, and walkthroughs were conducted to understand the implementation of existing control measures
Created questionnaires for ISO/IEC 27001, ITGC, and internal controls implementation
Designed roadmaps for business continuity & disaster recovery

Client – Babul Films Society
Created a detailed business document on how to ensure personal data security of its participants and users.
Designed & developed information security acceptable use policy, terms & conditions policy, and GDPR inclusive privacy policy.
Designed & developed knowledge base document about GDPR compliance & personal data privacy (as the organization had European attendees/participants as well)

Client – Tata Communications, India
Identified Made-in-India Data Loss Prevention (DLP), Host Intrusion Prevention System (HIPS), Network Access Control (NAC) solution providers
Used self-identified approach to map the solutions for understanding their compliance effectiveness, pricing, and benefits
Provided alternate cost-effective solutions for expensive products
Represented the entire collected data in a BI platform format using Google sheet for effective usage of gathered information and presented the information to the management

Client – ProsperaSoft
Conducted in-depth vulnerability Assessment (VA)
Prepared detailed Vulnerability Assessment (VA) Report
information technology market research analyst
(Full-time employment)
Employer – Grand View Research (I) Pvt. Ltd.
-
Prepared business analysis reports covering commercial aspects, trending factors, and dollar value for markets
-
Conducted secondary research & data mining, to develop base market revenue estimates and projections
-
Trained, lead, and managed interns and new recruits
-
Independently handled pre-sales & post-sales client interactions
-
Achieved rising star awards for 3 consecutive quarters
-
Received positive client feedbacks for multiple reports in a single quarter
information security engineer
(Full-time employment)
Employer - ECI Telecom India Pvt Ltd (Ribbon Communications Inc.,)
-
Conducted vulnerability assessment & identified anomalies in the product
-
Conducted log analysis and malware analysis in support of incident response investigations
-
Reported the identified flaws/bugs in a detailed MS Word format
-
Conducted presentations on OWASP TOP 10