Shaswat.

A cyber security and IT risk management expert.

22/11/2000

Introduction

Career objective

I’m seeking to leverage my interpersonal, management & technical skills to make a meaningful and high quality contribution to the organization’s success. I aspire to work in a vibrant and supportive work environment, where positivity thrives, challenges are embraced, and growth is a constant priority. 

I firmly believe, my quick learning ability and consistent curiosity makes a flawless combination, which propels me forward in the field of computer science and information security. 

Professional Synopsis

I am a Certified Ethical Hacker (CEH) and an experienced cybersecurity professional with expertise in IT Governance, Risk and Compliance GRC audits. I have successfully executed several projects involving ITGC, segregation of duty (SOD) controls, Data Leak Prevention (DLP) and regulatory compliance based on cybersecurity frameworks such as NIST 800-53 Cyber Security Framework and ISO 27001. Other than these, I have closely studied standards and frameworks such as PCI-DSS, ISO 22301, ISO 31000, BASEL III, CRD IV and COPPA.

Proactive and detail-oriented, I am a dedicated problem solver with a strong focus on strengthening security measures and protecting critical assets, contributing to an organization’s security objectives. My expertise lies in conducting audits, identifying risks and vulnerabilities, and providing actionable recommendations to ensure compliance with regulatory and industry standards.

Driven by a commitment to continuous improvement, I have a good understanding of client needs and preferences, which has enabled me to tailor my services and maintain good client satisfaction.

With a strong background in Information Security Management Systems (ISMS) and Dynamic Application Security Testing (DAST), I also have proficiency in configuring and maintaining SIEM tools such as Splunk for prompt incident management. Additionally, I bring skills in Database Management System (DBMS), SQL, data science, and programming languages like PHP, Python, C, and C++.

2022 - 2024
MBA from Swami Vivekananda Subharti University, Meerut

Masters of Business Administration (MBA) in Information Technology and Financial Management via distance mode from Swami Vivekananda Subharti University.

IIT_Madras_Logo
Any 3yrs between 2020 - 2028
BSc (Pursuing) from Indian Institute of Technology Madras, Chennai

Bachelor of Science (BSc.) in Programming and Data Science (Online Degree).

This course includes complete tools and resources needed for a student to become a good Data Scientist. The curriculum includes ML, AI, Stats, CT, English, Maths, Python, Computer Vision, Business Management, Data Structures and Algorithms, DBMS, Web App Development.

madhyanchal professional university logo
2018 - 2022
B.Tech from Madhyanchal Professional University, Bhopal

Passed Bachelor of Technology (B.Tech) in Computer Science Engineering with 81% marks.

This 4yr course integrates the field of Computer Science and Computer Engineering. All the subjects and topics that are covered under B.Tech in Computer Science Engineering are related to algorithms, computation, programming languages, programme design, computer hardware, computer software, compiler design, the implementation as well as management of computer software and hardware, etc. It is a comprehensive course in computer systems and applications.

andhra association english school logo
2016 - 2018
Intermediate from Andhra Association English School, Jamshedpur

Completed the Senior Secondary XIIth grade education in the Science Stream.  This is an intermediate-level course with subjects like Physics, Chemistry, Maths, Computers, English and Hindi.

sdsm school jamshedpur logo
2015 - 2016
Matriculation from SDSM School for Excellence, Jamshedpur

Completed secondary (Xth) grade studies with English as a medium of study. 

The course includes matriculation level subjects and fundamental Maths, Science, Computers, and Biology with Hindi and English languages.

1.5+ Years of Work Experience

Protiviti.

A global consulting firm headquartered in Menlo Park and San Ramon, California, that provides consulting in internal audit, risk and compliance, technology, business processes, data analytics and finance. It is a subsidiary under Robert Half.
Consultant 2 – IT Internal Audit
June 2023 – Present

PII Assessment based on Indian Digital Personal Data Protection (DPDP) Act, 2023:

  • Reviewed 120+ applications and APIs including their front-end, logs and reports for presence and
    accessibility of 62 different types of Personally Identifiable Information (PII).
  • Plotted the availability of PIIs into a tabular matrix for a quick overview of PIIs in applications.
  • Validated generic accounts for privileged access, ensuring necessary permissions and providing
    recommendations to avoid excessive privileges.
  • Assessed employee endpoint systems for data leakage avenues, safeguarding sensitive PII from
    unauthorized extraction.

 

IT General Controls (ITGC), IT Application Controls (ITAC) and Information Security audit:

  • Reviewed organization’s adherence to IT policies and procedures.
  • Reviewed vendor management and compliance to ensure service level agreements (SLAs) are met.
  • Conducted IT General Controls (ITGC) review to assess information security and ensure compliance
    with industry standards and regulations.
  • Evaluated IT operations, covering aspects like backup management, scalability, patch management,
    change management, antivirus controls, data leak prevention (DLP), and privileged user access
    management.
  • Assessed IT Application Controls (ITAC) for user access management, change management, software
    functionality testing, business continuity plan, disaster recovery plan, closure of past VAPT reports,
    customer data (PII) security, and log management/monitoring.

Nangia & Co.

A premier professional services, tax and advisory firm, catering to diverse sectors on a wide range of matters relating to Audit and Assurance, Taxation, GST, Entry Level Strategy, Mergers and Acquisition, Corporate Financial Advisory, Sustainability and Development Services, Cyber Security (CERT-in Certified), Forensic & IT Advisory.
Senior Analyst – Cybersecurity
June 2022 – June 2023
IT General Controls (ITGC) & Segregation of Duty (SOD) audit:
  • Conducted internal audit review of change management, patch management, incident management, User Access Management (UAM) and Segregation of Duty (SOD) controls for critical business applications.
  • Provided recommendations to enhance the design and effectiveness of existing policies and controls.
  • Identified gaps in user access management to mitigate risks of unauthorized access to internal applications.
Data Security Assessment, Endpoint Review & DLP Testing:
  • Conducted a comprehensive review of 15 internal applications to understand the flow of data and identify potential data leakage points.
  • Identified procedural gaps through interviews with department heads and ground staff to mitigate risks of customer personally identifiable information (PII) leakage.
  • Based on the interviews, designed data flow diagrams of all departments using Microsoft Visio, to visualize the flow of customer PII data across employees, systems and relevant applications.
  • Conducted a physical inspection of the telesales floor to identify social engineering vulnerabilities and other physical data leakage avenues.
  • Assessed endpoint security on employee PCs and identified several gaps in Data Leak Prevention (DLP) Provided recommendations to strengthen the DLP and prevent unauthorized data extraction.
  • Successfully conducted an on-site vendor risk management exercise by visiting the client’s vendor and identifying significant gaps pertaining to the client’s data security.
  • Prepared a comprehensive 110 pages report detailing process gaps and technical findings with the risks, and mitigation strategies for ELT’s perusal. 
Audit Based on NIST Cybersecurity Framework for IRDAI Compliance:
  • Collaborated with the Chief Information Security Officer (CISO) to review and implement controls aligned with IRDAI information security guidelines based on the NIST Cybersecurity Framework.
  • Enhanced the Information Security Management System (ISMS) and policies such as Cyber Crisis Management Policy, Business Continuity Policy, Asset Management and Incident Response to meet IRDAI requirements effectively.
  • Recommended logging, monitoring, and threat mitigation controls throughout the organization’s IT infrastructure.
  • Conducted a review of ISO 27001 implementation and refined the existing ISMS policies to align with ISO 27001 and NIST CSF guidelines.
  • Assisted the IT team in conducting endpoint reviews and incident management tabletop exercises.

Tata Consultancy Services.

Tata Consultancy Services (TCS) is one of the largest multinational IT service and consulting companies. It is headquartered in Mumbai, India, but has offices globally. Other than being a major player in IT, TCS is well known in the e-governance, banking and financial services, telecommunications, education and healthcare markets.
Intern – Advanced Dynamic Application Security Testing
December 2020 – January 2021
  • Worked on various manual Dynamic Application Security Testing (DAST) techniques and automated tools such as Burp Suite, SQL Map & OWASP Zap, to successfully identify and address security vulnerabilities in various web applications.
  • In the final project report, secured 84% marks. [View Project]

Contact

Lower Parel, Mumbai
400013
Maharashtra, India

mail [-at-] shaswatmanojjha.com

Let's jump on to a conversation.
Send a Mail.