About
Driven Cybersecurity and IT Governance, Risk, and Compliance (GRC) professional with 9 years of progressive experience across IT operations, cybersecurity governance, ITGC audits, and enterprise risk management and innovative projects. Proven expertise in leading end-to-end audits, implementing information security frameworks, strengthening internal controls, and aligning security programs with business and regulatory requirements. Strong stakeholder management skills with a track record of improving compliance posture, reducing risk exposure, and driving continuous improvement.
Skills & Expertise (37)
Work Experience
Cyber Security Governance Analyst
IVY Comptech (P) Ltd
Oct 2021 - Present
Sound Knowledge on ISO 31000 Risk Management, GDPR, Data protection / privacy, NIST – 800 serial (210, 60, & 53), BSI audits & Risk Assessment/Management. Develop organization policies/ procedures such as Access management/ BRP/ Password policy, etc. & documentation around maintenance of critical assets such as Oracle DB/ Oracle Cloud/ SNOW/ Teradata/ vSphere/ RSA, etc. Understand regulatory requirements for new markets/ locations and perform compliance checks to comply with the requirements and submit reports to respective approval authorities for game launches/ updates/ rereleases. Team up with Application security team to conduct on-demand vulnerability assessments, scans as well as scheduled penetration testing for various locations as per local regulatory requirements and track vulnerabilities to closure as per their severity & defined timelines. Assist KPMG in IT General controls C and IT Applications controls audit for critical scoped systems and implements/enhance the process/ controls. As Part of ISO 27001 IA team, performed internal audits across multiple locations to make sure that org is audit ready and co-ordinate with various stake holders to remediate any nonconformities found as part of Internal Audit’s. I participated in ISO 27001 external audit and helped the auditor with relevant information, various access review evidence, network diagrams, vulnerability assessment reports, penetration testing reports, etc and organize meetings with stake holders to cover necessary controls. As part of gap remediation, conduct meetings with various stakeholders to either remediate/ accept/ transfer the risk as per the recommendations. Enhancing the policy documents for (Access Management, Enterprise Password Policy, and other applications). Implemented a program to grant read access to critical tools such as IDM, vSphere, Teradata, Oracle, production deployment tools, staging environment tools, etc. & also allow our team to run Linux commands on these systems to perform periodic audits and assist external auditors with the required data to the extent possible as a step to decrease audit billing. Created an automated process for the team to verify & validate joiners & leavers with users in critical systems (mostly managed through IDM). Monitoring of IDM logs that comes from elastic tool. Implemented the compensating controls like automation of Customized approval groups alerts, Changes in services, additional task implementations etc. Tailored an approach to perform quarterly privileged user access reviews & activity reviews for all critical systems and actively involved in monitoring team while performing these reviews. Continual improvement in Auditing on DB Audits.
Administration, EUS IT, & Facilities Operation Management
Q TAT BPO Solutions
Jan 2019 - Jan 2021
BMS Audits (CCTV Periodic Reviews, Server & AHU Rooms’ Periodic Access & Activities Review) Physical Security – Visitors / Guests access cards management, Biometric Access & Activities quarterly Review. Employees – Starters Asset Management (Shipment, Delivery Tracking), Leavers Exit Process Review (return of Assets, Access cards, and other Company owned assets, devices for relieving signoff). Policy Management – Company Physical Security & BYOD Policies. BCP, Event management, Statutory Compliances, Vendor Management (vendor operational risk assessments, and contracts management).
Audits Management
The Atlanta Foundation (TAF)
Jan 2016 - Jan 2019
BMS Audits (CCTV Periodic Reviews, Server & AHU Rooms’ Periodic Access & Activities Review) Physical Security – Visitors / Guests access cards management, Biometric Access & Activities quarterly Review. Employees – Starters Asset Management (Shipment, Delivery Tracking), Leavers Exit Process Review (return of Assets, Access cards, and other Company owned assets, devices for relieving signoff). Policy Management – Company Physical Security & BYOD Policies. BCP, Event management, Statutory Compliances, Vendor Management (vendor operational risk assessments, and contracts management). Monitoring the Physical Security Infrastructure, Inventory Management Manage the facilities team and ensure the upkeep of the facility. Daily Review of Critical System Events (Facilities Monitoring Systems) Vendor Risk Management – Participation in Vendor Security Risk Assessments and Contracts Management. Client Data Integrity management (Data / files encryptions – Data shared with vendors & suppliers). Vendor sourcing, vendor evaluation and shortlisting the vendor.
Education
Certified Diploma in Cyber Laws and Intellectual Property Rights
- · Afghanistan
B.Sc. (Computers) - ANDHRA UNIVERSITY
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (37)
Click a skill to find developers with the same skill
