Information Security Risk Management
Resume:
Sandeep Pendse Mobile No: +91-830*******
Email ID: *********@*****.***
OBJECTIVE
Seeking a senior role in Information Security, where I can leverage my expertise in Governance, Risk and Compliance (GRC), to assess, strengthen and defend the organization from emerging threat, effectively manage IT security risks, meet compliance requirements and helps improve decision-making to the Senior Executives towards its risks. Drive a risk culture across the organization. CAREER SYNOPSIS
Overall, 20 years of experience that caters 15+ years in Information Security spanning across, Banking Services, Development Centre, & IT Enabled Services (ITES) and 5 years with IT - Operations
Expertise in the field of Information Security, Governance Risk & Compliance (GRC), Consulting, ISO27001 Implementation, IT Risk Management, Third Party Risk Management (TPRM)
GRC Tools: RSA Archer, OneTrust
Knowledge and experience in various Information security standards / regulations / best practices ISO-27001, ISO27017, ISO27018, SOC2, PCI-DSS, NIST CSF etc.
Professional Certifications – CISA, CPISI, ISO27001-LI, CCNA, MCSE, VM– “Qualys Guard” etc.
Key Work areas –Information Security, IT Risk Management, Third Party Risk Management,
(TPRM), ISO 27001 implementation.
CURRENT ORGANIZATION
Organization : Accelya Services India (Pvt) Ltd.
Corporate Title : Senior Manager (Global) - Information Security -GRC Dept : Operations
Duration : 20th June, 2022 till continue
Job Description:
• Leads Risk Management function of the global Accelya group, experience in IT risk management and setup Third Party Risk Management (TPRM) function.
• Design and implement security policies in accordance with global risk and compliance.
• Plan, Design and Implementation of Governance Risk & Compliance (GRC) tool.
• Guiding, enabling, and maintaining policies of security for risk relevance and planning to ensure Risk treatment plan (RTP) of organization’s systems and data.
• Knowledge of security frameworks (SOC 2, PCI-DSS, ISO 27001, NIST)
• Plan, design, implementation and sustenance of ISO27001. Responding to external audits and technical remediation such as ISMS ISO 27001, PCIDSS etc.
• Working on Design and implementation of security policies in accordance with global risk and compliance requirements, while guiding technical standards and standard operating procedures.
• Oversight and managed review of all IT risk management and related functions.
• Assist regional Security leads in reviewing, executing and updating of Security Management Plan and SOPs in close collaboration with global CISO.
• Responding to Customer RFP/RFI requests and address the gaps, if any.
• Responsible for delivering security briefing as part of the induction process for new staff.
• Providing regular updates to executive committee on the IT Risk Management.
• Drive architecture and operations teams to technically support risk assessment and analysis.
• Prepare training program and security awareness policy/ process across Accelya.
• Ensure compliance and other security relevant standards for organization by design. Page 2 3
PAST EXPERIENCE
• Organization : Bank of New York Mellon (BNYM) Technology India (Pvt) Ltd.
• Corporate Title : Corporate Title- VP, Role- Manager- IT Risk Management
• Dept : Technology- Third Party Management (TPM)
• Duration : 08th July 2016 – 17th June 2022
Job Description:
• Work with the first line of defense to identify, assess, document and regularly review risks of all risk types and coach the business to design and implement controls for the Third party
• Provide guidance on identifying and assessing inherent risks and ensure vendor control environments are adequately analyzed.
• Partner with both business leaders and vendors, and advise on business risk. Work with all lines of business and help minimize the security risks.
• Manages, analysis and draws conclusions in order to recommend and direct any resulting change needed to mitigate risk
• Ensuring that information security policies, frameworks, standards and controls are defined, implemented and follows appropriately.
• Revamp processes to strengthen the current Technology Risk Management framework.
• Uses in depth knowledge in Information Technology Risk, control implementation and assessment to determine potential risk to the organization.
• Work on the process improvement and ensures appropriate local SME stakeholder engagement
• Prepares and presents reports that reflect assessment results and document process.
• Working knowledge on GRC tools such as RSA Archer, ServiceNow etc.
• Ensures risk awareness culture by facilitating risk training and awareness activities
• Closing the open findings in risk management
• Manages a team of Risk professionals that includes contractor’s staff as well.
• Organization : Avaya India Private Ltd.
Role : IT Risk Analyst (InfoSec-Senior Management Associates) Dept : Information Security
Duration : 01st October2014 to 24th June 2016
Job Description:
• Perform risk assessment and mitigation plan to ensure that the controls are effective in addressing IT risk.
• Identify and evaluate complex business requirements against IT security threats and vulnerabilities.
• Management of IT Security Policies for internal tracking. 3) Role : Consultant - Freelancer
Duration : From 08th October 2012 to 25th September 2014 Organization : AUDITime Information Systems (India) Ltd. Role : Consultant (liaison with AUDITime Information Systems (I) Ltd. Project - I : HDFC Bank, Mumbai.
Job Description:
• Conduct Information Systems Application Audits as per the COBIT framework.
• Responsibilities include assessment of ITGC controls based upon the COBIT framework.
• Documenting control gaps, developing action plans to address control gaps, and designing and executing test procedures based on the COBIT framework.
• Performed ISMS Audit based on ISO27001:2005, CVC Guidelines for e-procurement, IT Act. Finding out the gaps and ensure appropriate mitigation plan and prepare IS Audit report.
• Organization : Capita IT Services, India.
Role : Manager – Information Security
Duration : 01st December 2011 – 05th October 2012
Page 3 3
Job Description:
• Implementation and Management of ISO27001 Certification for new site.
• Plan & conduct Internal audit programs for various LOBs.
• Design & Implement Business Continuity Management (BCM) framework for new sites.
• Perform Business Impact Analysis for various facets Business Process.
• Management of end-to-end Project Implementation
• Revamping the policies and procedures.
• Organization : Amdocs Development Centre India Private Limited, India Role : Senior Information Security Analyst
Duration : 22nd September 2008 - 30th November 2011 Job Description:
• Plan and conduct periodic Risk Assessment across enterprise and develop mitigation plan.
• Plan and conduct internal IS audits on regular basis and management reporting of weakness
• Perform regular Vulnerability Assessment test and recommends necessary remediation plan.
• Develop, establish and perform regular on- site & off-site ODC audit for validation of Security controls, Gap Analysis & preparation of remediation plan.
• Monitoring internal control systems to ensure that appropriate information access levels and security clearances are maintained.
• Delivery of Information Security awareness training to all employees, contractors & alliances.
• Organization : CMS Computers Limited, India.
Role : Quality Specialist
Duration : 1st April 2008 to 21st September 2008
Job Description:
• Conduct Service delivery Internal Audit at different site/client location.
• Monitoring of Quality objectives of all verticals as per the Business requirement.
• Monitoring Customer review Process.
• Role : Customer Engineer (IT- Operations)
Customer : Citibank N.A., Pune – Team Leader- IT Operations Duration : From 07th July 2004 to 31st March 2008
• Administration Active Directory services for Windows 2000, Cisco switches, Routers,
• Regional coordinator for patch Management.
Organization : Kalyani Sharp India Limited, India
Role : Q.A. Supervisor
Duration : From 08th September 1989 to 28th March 2002 Former experienced in Consumer Electronics in manufacturing domain for more than 12 years. ACADEMICS CREDENTIALS
• Post Graduate Diploma in Management (PGDM-E-Business) from L.N. Welingkar Institute of Management, Mumbai with Distinction.
• Diploma in Electronics & Communication Engineering (Board of Technical Exam, Mumbai) from Government Polytechnic, Pune (DECE)
REWARDS & RECOGNITIONS
• Stood 2nd nationally in the Quiz on Information Security Awareness in Nov2006 by Citigroup.
• Certificate of Appreciation” from Amdocs in the year 2011 for ODC project.
• “Pat on the back award” from Capita IT Services in the year 2012 for ISO27001 Project-Sep 2012
Contact this candidate