Post Job Free
Sign in

Information Security It

Location:
Dublin, CA, 94568
Salary:
AS per market standard
Posted:
August 02, 2024

Contact this candidate

Resume:

Sunita(Suni)Bhardwaj

925-***-**** ***********@*****.***

Dublin,CA94568

linkedin.com/in/sunita-suni-bhardwaj

PROFESSIONALSUMMARY

Driven and experienced IT Professional with over 20+years of experience including 13+years in IT InfrastructureManagementspecializingaroundInformationSecurity.Effectiveteamplayerwithanalyticalskills and readytobringmyexpertiseandskillstoanewrole;keycompetenciesandproficiencyinclude–Audit& Compliance,VulnerabilityProgramManagement,RiskManagement,ThirdPartyRiskmanagement,TestingIT controls,Internal &External (3rdParty)Audits,IssueManagement,EndUserServicesandSupport,Service ManagementProcesses&Reporting.

TOOLS

SNOW,ServiceNow,HPSM,CIRTAS,JIRA,Qualys,Nessus,SharePoint,vGRC. EXPERIENCE

InfoSecGovernanceAnalyst VMwareInc.March2021-Nov2023

● Playedakeyroleindocumentation,implementationandmaintenanceofsecuritypolicies&standards.

● Served as lead for Policy exception process;identifying and documentingthesecuritypolicyexceptions, with the business justification,remediation plan,apply mitigating controls,managing approval of policy exceptions,distributionofquarterlyexceptionreportstoExecutivemanagement,escalatingidentifiedrisks tomanagementandmanagingtheriskregister.

● Supported the initiative on expanding and standardizing Security Awareness Program regardingexisting andchangingrulesandrequirementsacrosstheVMwareGlobaloffices.

● Workedcollaborativelyacrosstheorganizationandservedasaliaisonbetweenbusiness,functionalareas, andthetechnologyteamstoensurethatsecuritypolicy-relatedbusinessrequirementsareclearlydefined, communicated,andwellunderstoodandconsideredaspartofoperationalprioritizationandplanning.

● In collaboration with Security Compliance and Assurance teams performed forsecuritygapidentification andanalysis.

● Managed Annual Security PoliciesandProceduresrenewal,organized(write/edit)supportingdocuments. Reviseddocumentsasnewissuesariseoranychangesinthesecurityframeworkandregulations.

● Ensured business andtechnicalrequirementsarealignedtosecuritypoliciesandareimplementedwithin anallottedtimeframetomeetcompliance.

AccountSecurityOfficer DXCTechnology(FormerHPE)Sept2015-June2019

● ProvidedsubjectmatterexpertiseindevelopingtheITAccountSecurityplantoreduceriskinthebusiness process.

● ConductedtheVendorandThirdPartyRiskAssessment,checkingtheircomplianceposture(complyingas perthecontract)andauditdocumentation,identifyingcurrentandfuturesecurityissues/vulnerabilities,and recommendingremediationstrategies.

● Performed IT security reviews and audits to assess organizational business and technology risks in the current operating mode preventing security incidents and compliance failure,recommend information securityimprovementstotimelymitigatetheorganization’sRisks.

● Usingriskmanagementframeworkbestpractices,empoweredthedeliveryteamstoidentifytheirperceived RiskstotheConfidentiality,Integrity,Availability,andoftheirinformationassets.

● Performed 3rd party audits ensuring delivery of information security services comply with the contract, abidingtothepoliciesandaremaintainedaspertheISMS&ISO27001:2013requirements.

● Supportedexternalauditsfortheorganizationandtheclient.

● Supported the Identity and Access Management (IAM)Service Line in performing UAMR (User Access ManagementReview),validationofaccessapproval,on-boarding&off-boardingofusers.

● Played akeyroleinleadingGlobalVulnerabilityManagementprogramsbyanalyzingthescannedreport, identifying the vulnerabilities and business risks,effectively communicating the vulnerability gaps to the respective stakeholders to remediate and close the gaps on a prioritized basis in a timely manner suggestingapplicablechangecontrols,andsecurityexceptions.

● Managed and drove remediation efforts related to information security;from incidents,penetration tests, vulnerability scans,internal/external audits,and Critical Practice assessments.Worked closely with differentstakeholderstowardstheclosureofthegaps.

● ReportingonMonthlyRegulatoryupdates&VulnerabilityclosurestatustotheLeadership.

● Maintained the Risk Register database for registering the Client's Organizational Risk and ensuring accurateRiskdata&reporting.

● Conductedriskidentificationandassessmentworkshopswhenneeded.

● Significantly assisted in maintaining PCI-DSS and SOX compliance.Identified the applicable audit requirements,advised on the evidence needed,curated walkthroughs for the QSA (Qualified Security Assessor),andactedasaprogrammanagertoresolvethefindings. RiskandComplianceLead IBM(GlobalTechnicalServices)Aug2008-Sept2015

● Managementofsecurityoperations,supportingauditandgovernancetodeliverthecontractualobligations of international clients;worked on various domains in IT Sector -Telecom,Banking,Core IT,Software development;UnderComplianceAssurance,performedtestingoncustomeragreedprocesses,inclusiveof IT General Controls (ITGC),for any time Customer Audits and Reviews preparedness;Cyber Security testingoftheUserslaptops/desktopssupportingtheclient.LeadthecorporateauditsofIBMIndia.

● Highlighted the deviations to the stakeholders and management with notice for appropriate action/ remediation;createdRisk&ComplianceManagementFramework;reviewedtheRiskwiththeCustomeror IBM Environment.Ensured clients IT infrastructure,processes and procedures meet the defined requirements,policies &regulations.Published regulatory reports,Audit reports &findings to a large audienceofclient&internalteams.

● Third Party Risk Management.Performed Third Party Risk assessment and ensured due diligence exerciseswhereinformationsecuritypracticesofthe3rdpartymeettheorganization'ssecuritystandards. EDUCATION

TotalEducation:15Years(10+2+3)yearsAssociatesDegreeinElectronic&RadioEngineering) CERTIFICATIONS

● 1yearAdvancedDiplomainNetworkComputing&ProgrammingfromNIIT,Delhi,India.

● ITILFoundationV3.

● ISO/IEC27001:2005-InfoSecurityManagementSystemsAuditor/LeadAuditorfromBSI.

● ISO3100:2009-RiskManagementPrinciples&GuidelinesImplementationfromBSI.

● CertifiedEthicalHackingV10fromEC-Council.

● Onlinetraining-SOX,BusinessContinuityManagementServices.

● Functional understanding of HIPAA,PCI-DSS,SOX compliance,SOC Compliance,GDPR,NIST framework.

● CompletedthecertificationtrainingforCISSPcertificationandnowpreparingforthecertification.



Contact this candidate