1+ Years of Work Experience

Protiviti.

A global consulting firm headquartered in Menlo Park and San Ramon, California, that provides consulting in internal audit, risk and compliance, technology, business processes, data analytics and finance. It is a subsidiary under Robert Half.
Consultant 2 – IT Internal Audit
June 2023 – Present
IT General Controls (ITGC), IT Application Controls (ITAC) and Information Security audit:
  • Conducted IT policy and procedure reviews, ensured IT assurance and conducted internal audits to achieve compliance with relevant industry regulations, risk standards and security guidelines such as ISO 27001, ISO 22301, PCI DSS, and NIST CSF.
  • Executed IT General Controls (ITGC) audits to assess and ensure compliance with industry standards and regulatory requirements.
  • Evaluated IT operations, including backup management, patch management, change management, antivirus controls, data leak prevention (DLP) and privileged user access management.
  • Assessed IT application controls (ITAC) for user access management, change management, software functionality testing, business continuity plan, disaster recovery plan, VAPT scope and frequency, customer data (PII) security and log management/monitoring.

Nangia & Co.

A premier professional services, tax and advisory firm, catering to diverse sectors on a wide range of matters relating to Audit and Assurance, Taxation, GST, Entry Level Strategy, Mergers and Acquisition, Corporate Financial Advisory, Sustainability and Development Services, Cyber Security (CERT-in Certified), Forensic & IT Advisory.
Senior Analyst – Cybersecurity
June 2022 – June 2023
IT General Controls (ITGC) & Segregation of Duty (SOD) audit:
  • Conducted internal audit review of change management, patch management, incident management, User Access Management (UAM) and Segregation of Duty (SOD) controls for critical business applications.
  • Provided recommendations to enhance the design and effectiveness of existing policies and controls.
  • Identified gaps in user access management to mitigate risks of unauthorized access to internal applications.
Data Security Assessment, Endpoint Review & DLP Testing:
  • Conducted a comprehensive review of 15 internal applications to understand the flow of data and identify potential data leakage points.
  • Identified procedural gaps through interviews with department heads and ground staff to mitigate risks of customer personally identifiable information (PII) leakage.
  • Based on the interviews, designed data flow diagrams of all departments using Microsoft Visio, to visualize the flow of customer PII data across employees, systems and relevant applications.
  • Conducted a physical inspection of the telesales floor to identify social engineering vulnerabilities and other physical data leakage avenues.
  • Assessed endpoint security on employee PCs and identified several gaps in Data Leak Prevention (DLP) Provided recommendations to strengthen the DLP and prevent unauthorized data extraction.
  • Successfully conducted an on-site vendor risk management exercise by visiting the client’s vendor and identifying significant gaps pertaining to the client’s data security.
  • Prepared a comprehensive 110 pages report detailing process gaps and technical findings with the risks, and mitigation strategies for ELT’s perusal. 
Audit Based on NIST Cybersecurity Framework for IRDAI Compliance:
  • Collaborated with the Chief Information Security Officer (CISO) to review and implement controls aligned with IRDAI information security guidelines based on the NIST Cybersecurity Framework.
  • Enhanced the Information Security Management System (ISMS) and policies such as Cyber Crisis Management Policy, Business Continuity Policy, Asset Management and Incident Response to meet IRDAI requirements effectively.
  • Recommended logging, monitoring, and threat mitigation controls throughout the organization’s IT infrastructure.
  • Conducted a review of ISO 27001 implementation and refined the existing ISMS policies to align with ISO 27001 and NIST CSF guidelines.
  • Assisted the IT team in conducting endpoint reviews and incident management tabletop exercises.

Tata Consultancy Services.

Tata Consultancy Services (TCS) is one of the largest multinational IT service and consulting companies. It is headquartered in Mumbai, India, but has offices globally. Other than being a major player in IT, TCS is well known in the e-governance, banking and financial services, telecommunications, education and healthcare markets.
Intern – Advanced Dynamic Application Security Testing
December 2020 – January 2021
  • Worked on various manual Dynamic Application Security Testing (DAST) techniques and automated tools such as Burp Suite, SQL Map & OWASP Zap, to successfully identify and address security vulnerabilities in various web applications.
  • In the final project report, secured 84% marks. [View Project]