2+ Years of Work Experience

Protiviti.

A global consulting firm headquartered in Menlo Park and San Ramon, California, that provides consulting in internal audit, risk and compliance, technology, business processes, data analytics and finance. It is a subsidiary under Robert Half.
Consultant 2 – IT Internal Audit
June 2023 – Present

Nangia & Co.

A premier professional services, tax and advisory firm, catering to diverse sectors on a wide range of matters relating to Audit and Assurance, Taxation, GST, Entry Level Strategy, Mergers and Acquisition, Corporate Financial Advisory, Sustainability and Development Services, Cyber Security (CERT-in Certified), Forensic & IT Advisory.
Senior Analyst – Cybersecurity
June 2022 – June 2023

Tata Consultancy Services.

Tata Consultancy Services (TCS) is one of the largest multinational IT service and consulting companies. It is headquartered in Mumbai, India, but has offices globally. Other than being a major player in IT, TCS is well known in the e-governance, banking and financial services, telecommunications, education and healthcare markets.
Intern – Advanced Dynamic Application Security Testing
December 2020 – January 2021

PII Assessment based on Indian Digital Personal Data Protection (DPDP) Act, 2023:

  • Reviewed 120+ applications and APIs including their front-end, logs and reports for presence and
    accessibility of 62 different types of Personally Identifiable Information (PII).
  • Plotted the availability of PIIs into a tabular matrix for a quick overview of PIIs in applications.
  • Validated generic accounts for privileged access, ensuring necessary permissions and providing
    recommendations to avoid excessive privileges.
  • Assessed employee endpoint systems for data leakage avenues, safeguarding sensitive PII from
    unauthorized extraction.

 

IT General Controls (ITGC), IT Application Controls (ITAC) and Information Security audit:

  • Reviewed organization’s adherence to IT policies and procedures.
  • Reviewed vendor management and compliance to ensure service level agreements (SLAs) are met.
  • Conducted IT General Controls (ITGC) review to assess information security and ensure compliance
    with industry standards and regulations.
  • Evaluated IT operations, covering aspects like backup management, scalability, patch management,
    change management, antivirus controls, data leak prevention (DLP), and privileged user access
    management.
  • Assessed IT Application Controls (ITAC) for user access management, change management, software
    functionality testing, business continuity plan, disaster recovery plan, closure of past VAPT reports,
    customer data (PII) security, and log management/monitoring.
IT General Controls (ITGC) & Segregation of Duty (SOD) audit:
  • Conducted internal audit review of change management, patch management, incident management, User Access Management (UAM) and Segregation of Duty (SOD) controls for critical business applications.
  • Provided recommendations to enhance the design and effectiveness of existing policies and controls.
  • Identified gaps in user access management to mitigate risks of unauthorized access to internal applications.
Data Security Assessment, Endpoint Review & DLP Testing:
  • Conducted a comprehensive review of 15 internal applications to understand the flow of data and identify potential data leakage points.
  • Identified procedural gaps through interviews with department heads and ground staff to mitigate risks of customer personally identifiable information (PII) leakage.
  • Based on the interviews, designed data flow diagrams of all departments using Microsoft Visio, to visualize the flow of customer PII data across employees, systems and relevant applications.
  • Conducted a physical inspection of the telesales floor to identify social engineering vulnerabilities and other physical data leakage avenues.
  • Assessed endpoint security on employee PCs and identified several gaps in Data Leak Prevention (DLP) Provided recommendations to strengthen the DLP and prevent unauthorized data extraction.
  • Successfully conducted an on-site vendor risk management exercise by visiting the client’s vendor and identifying significant gaps pertaining to the client’s data security.
  • Prepared a comprehensive 110 pages report detailing process gaps and technical findings with the risks, and mitigation strategies for ELT’s perusal. 
Audit Based on NIST Cybersecurity Framework for IRDAI Compliance:
  • Collaborated with the Chief Information Security Officer (CISO) to review and implement controls aligned with IRDAI information security guidelines based on the NIST Cybersecurity Framework.
  • Enhanced the Information Security Management System (ISMS) and policies such as Cyber Crisis Management Policy, Business Continuity Policy, Asset Management and Incident Response to meet IRDAI requirements effectively.
  • Recommended logging, monitoring, and threat mitigation controls throughout the organization’s IT infrastructure.
  • Conducted a review of ISO 27001 implementation and refined the existing ISMS policies to align with ISO 27001 and NIST CSF guidelines.
  • Assisted the IT team in conducting endpoint reviews and incident management tabletop exercises.
  • Worked on various manual Dynamic Application Security Testing (DAST) techniques and automated tools such as Burp Suite, SQL Map & OWASP Zap, to successfully identify and address security vulnerabilities in various web applications.
  • In the final project report, secured 84% marks. [View Project]