SHALINI AGARRWAL

Mobile: +91-94-12-890*** / +91-72-76-023***

Email: findshalini [at] yahoo [dot] com

Professional Profile and Objective

An Information Security professional into Compliance and Information Risk Management with nearly seven years’ total experience; ITIL v3 Foundation certified and having an MS in Cyber Law and Information Security, looking for a position in an Information Security Compliance role.

Relevant Experience

• Worked towards ISMS of and ISO/IEC 27001:2013 certification for multiple India locations of the employer

GAP Assessment

Prepared Asset Register

Performed RA and RTP

Ensured Antivirus Compliance

Drafted / Revised Policies and Procedures, as required

• Complete Mapping of HIPAA requirements to ISO 27001/2 clauses

• Defined Vendor Compliance Risk Assessments Procedure using HITRUST CSF for a healthcare company, against

ISO/IEC 27001:2013

HIPAA (with HITRUST common security framework)

Organizational Minimum Control Standards

• Performed Compliance Risk Management for SOX ITGC Controls with KPIT Ltd., Pune

Adequacy analysis for improvement

Effectiveness reviews

QA review for control risks submitted by team members

• Performed Asset Identification and Profiling for Risk re-assessment (ISO 27001:2005 to ISO 27001:2013 migration) with KPIT Ltd., Pune

• Worked on physical and environmental security of IIIT Allahabad’s Academic infrastructure

Gap Analysis against the requirements of ISO /IEC 27001:2005

Risk Assessment as per ISO/IEC 27005

• Study on phishing trends with CERT India, New Delhi

Performed analysis on recent trends based on data available with the organization

Wrote a white-paper on URL based phishing methods, and evidence collection for rising phishing trends, their Forensic detection, and, countermeasures

Skill Areas

• ISMS – ISO/IEC 27001:2013

Gap Assessment

Asset Identification and Profiling

Risk Assessment

Adequacy and Operational Effectiveness

Requirement Mapping with other requirements

• ITIL

• HITRUST Common Security Framework

• HIPAA

• Sarbanes-Oxley Act (USA)

• Further Knowledge Areas

BCMS - BS25999 (Lead Auditor Trained)

Data Protection Act (UK)

SSAE-16

Certifications

• ITIL Foundation

• ISMS Lead Auditor – planned for this year

• CISA – planned for this year

Relevant Pre-Qualification Internships and Other Projects

• Project – “Gap Analysis and Risk Assessment against ISO 27001 requirements, for the Academic buildings”

At IIIT Allahabad – MS CLIS,, July-December 2012

• Project – “A Paper on URL Based Phishing Methods, Forensic detection, Countermeasures, and evidence collection for rising phishing trends”

At CERT-In (Indian Computer Emergency Response Team) – Internship, June-July 2011 Employment Summary

• Associate Consultant – Information Security, November 2015 - Now

ISYX Solutions India Pvt. Ltd., Pune

• Independent consulting, July 2014 – October, 2015

• Executive – IT Consulting, April 2013-June 2014

Worked into Internal SOX Audit process for a major engine manufacturer - KPIT Technologies Pvt. Ltd.

• Assistant Professor (Environmental Science), July 2012 – March 2013

Accurate Institute of Management and Technology, Greater Noida

• Assistant Professor (Environmental Science), July 2007 – June 2010

Accurate Institute of Management and Technology, Greater Noida Academic Achievements

• UGC NET Qualified (Forensic Sciences, 2008)

• Silver Medal (M.Sc. Forensic Sciences, 2007, at Bundelkhand University) Academic Background

• Completed Masters’ – Indian Institute of Information Technology, Allahabad; 2012

MS-CLIS (Master of Science in Cyber Laws and Information Security),

• Undertook Research – Dr. Bhim Rao Ambedkar University, Agra; 2008-10

Thesis topic (UGC approved) “Ear Biometrics: A method of new era individual identification system”

• Masters’ – Bundelkhand University, Jhansi; 2007

Master of Science (M.Sc.) in Forensic Sciences

• Bachelors’ – CCS University, Meerut; 2005

Bachelor of Science (B.Sc.) in Life Sciences (ZBC) Papers presented / Seminars / Conferences attended

• Conducted an analysis of, and submitted a report on “URL Based Phishing Methods, Forensic Detection, countermeasures, and Collection of Digital Evidence” to CERT India as a part of summer internship project.

• Presented a paper on topic “Individual Identification using Ear Biometrics” in the National Conference on

“Recent trends in forensic science under the Department of Forensic Medicine and Toxicology, Sarojini Naidu Medical College, Agra University, Agra.

• Participated in Training Program and workshop for Police and Judicial Officers on “Recent Advances in Forensic Science” at Bundelkhand University, Jhansi

• Participated in the Workshop on Forensic Science in GTB Khalsa University, New Delhi.

Contact this candidate