Post Job Free
Sign in

Information Security Regulatory Compliance

Location:
Piscataway, NJ
Posted:
March 16, 2025

Contact this candidate

Resume:

Dhruti Sanjay Luhar

Contact: +1-908-***-****

Email: *************@*****.***

PROFESSIONAL EXPERIENCE

JDL Group Inc., New Jersey, USA (Information Security Intern, Sep 2024 – Nov 2024)

• Conducted security assessments using automated GRC tool - Apptega, leveraging frameworks such as NIST CSF v2.0, PCI- DSS and ISO 27001 to ensure regulatory compliance and strengthen security governance.

• Assessed risk levels based on evaluation results, developed mitigation strategies, and created compliance dashboards and reports to support audit readiness. Monitored risk mitigation efforts, recommended improvements, and facilitated the process through control implementation and closure.

• Performed PCI scan using Qualys for a leading U.S. fitness enterprise, generating detailed vulnerability reports, conducting risk-based categorization, and formulating remediation strategies. Collaborated with customers and security teams through review sessions to drive control implementation and ensure regulatory compliance.

• Implemented and managed SIEM solutions on Ubuntu, leveraging native Linux tools and scripting to integrate data from multiple sources, monitor security events, analyzing threats, and automating incident response while ensuring compliance with audit requirements.

Saint Peter’s University, New Jersey, USA (Teaching Assistant, Disaster Recovery, Feb 2024 – May 2024)

• Assisted in the development and delivery of course materials, including lectures, assignments, exams, and utilized Learning Management System to manage content and track student progress.

• Guided students through hands-on projects, strengthening their understanding of recovery solutions and IT control frameworks.

Ernst & Young LLP, Pune, India (Senior, Business Consulting - Technology Risk, June 2021 – Dec 2022) Third Party Risk Management

• Conducted comprehensive third-party risk assessments for Financial Service client in US, ensuring compliance with company policies and regulations, leveraging NIST and COSO frameworks using GRC tool - RSA Archer.

• Executed thorough due diligence for financial stability, operational security, physical security, cloud security, business practices by validating information security policies, procedures, business practices, several third party and regulatory/compliance audit reports of potential vendors.

• Conducted risk-based analysis, such as identifying control gaps and weakness, organizing and documenting remediation action plans, tracking and monitoring identified third party risks to closure.

• Established continuous monitoring mechanisms, conducting regular reviews, presenting comprehensive reports to stakeholders and highlighting risks and recommended actions. Service Organization Controls Reporting (SOCR)

• Conducted SOC audits for Financial Service client in US, including detailed planning, walkthroughs, narrative updates, control testing, and compliance gap analysis to strengthen financial and IT compliance frameworks.

• Assisted in project planning, documenting audit walkthroughs, testing results, issuance and finalizing client deliverables.

• Reviewed key controls, systems and testing approaches to ensure alignment across the SOC and SOX Portfolio.

• Analyzed and compiled document request lists, documenting audit evidence obtained during the testing process.

• Applied professional judgment to evaluate evidence for compliance with established auditing standards and documented the issuance report.

• Contributed to the enhancement of internal processes through the identification and resolution of control deficiencies to strengthen the operational effectiveness and reduce the relevant risks. PricewaterhouseCoopers SDC, Kolkata, India (Associate II, Cybersecurity & Privacy, Jan 2020 – June 2021) Third Party Risk Management

• Led and supported businesses in executing requirements across the Third-Party Risk Management (TPRM) lifecycle, from onboarding to termination using GRC tool - Coupa for a prominent commercial insurance provider in US.

• Analyzed inherent risk questionnaires and categorized third parties according to the inherent risk tier criticality.

• Conducted remote audits and performed thorough due diligence using the SIG framework, assessing financial stability, security controls, and business practices.

• Based on quantitative and qualitative analyses of identified control gaps, documented recommendations, outlined action plans to address risks and risk mitigation strategies.

• Managed stakeholder communications by coordinating with internal and external parties, providing regular progress updates. Collaborated with Subject Matter Experts (SMEs) and Third-Party Business Owners to support risk assessments, due diligence, and compliance efforts throughout the TPRM lifecycle. Valency Networks, Pune, India (Security Analyst, April 2019 – June 2019)

• Led ISO 27001 certification projects, conducting risk assessments and control implementations aligned with global IT compliance standards.

• Conducted preliminary analysis of the current security posture of organization, gathered evidence and documented the control gaps.

• Identified, evaluated, and reported security weaknesses in systems and applications while participating in risk management processes, including regular documentation, system reviews, and preparation of internal risk reports.

• Developed, reviewed and maintained comprehensive Information Security policies, Standard Operating Procedures (SOPs) aligning with both ISO 27001 and NIST Cybersecurity frameworks.

• Participated in information security audits and reviews to ensure ongoing compliance with regulatory requirements and industry standards.

• Collaborated with cross-functional teams to drive awareness, training, and adherence to ISO 27001 standards across the organization.

EDUCATION

• Master of Science in Cyber Security – Saint Peter’s University, USA (Feb 2023 – Nov 2024) – 4.00/4.00 GPA

• Master of Business Administration in Information Technology Business Management - Symbiosis Centre for Information Technology, India (June 2018 – March 2020) – 7.42/10.00 CGPA

• Bachelor of Engineering in Information Technology - Sardar Vallabhbhai Patel Institute of Technology, India (August 2014 – May 18) – 8.37/10.00 CGPA

SKILLS

• Tool Exposure: GRC Risk tool, Apptega, Securonix, Sophos, RSA Archer, Coupa, Burp Suite, Microsoft Office Suite, MS Word, MS Excel, MS Power Point, MS Visio, Coupa Risk Assess, Google Suite (Docs, Sheets, and Slides), Qualys.

• Methodology, Standards and Frameworks: ISO 27001:2013, ISO 27001:2022, PCI DSS, COSO, COBIT, NIST CSF, NIST 800-53, Standard Information Gathering (SIG), KY3P, PCI-DSS, SOC1, SOC2, SOX 404, TPA SOC Audit, FFIEC, GDPR, NYSDFS.

• Core Competencies: Information Security, Enterprise Risk Management, IT Audit, Risk Assessment, Operational Control Testing, Security Incident Response, Threat Intelligence, Data Protection, Cloud Security, Governance, Risk & Compliance (GRC), Identity and Access Management, Strategic Technology Risk Advisory, Maturity and Risk Assessment, IT Risk Management, Third Party Risk Management, Information Technology, Project Management, Audit, Risk Assurance, Business Risk Assessment. ACADEMIC PROJECTS

• Cybersecurity Capstone Project, Saint Peter’s University, 2023-24: Led a cybersecurity capstone project representing Cybershield Provisions, a fictional consulting firm specializing in network security and risk assessment. Designed and implemented network security, risk assessment, and risk mitigation frameworks to address industry-relevant challenges. Developed comprehensive strategies to identify vulnerabilities, manage operational risks, and strengthen client data protection. Ensured project alignment with industry standards while mentoring team members on technical and strategic risk mitigation approaches.

• Risk Analysis, PSEG, Saint Peter’s University, 2023-24: Discovered officially released threats by PSEG and performed risk planning and assessments conducted by company and performed Product Risk Analysis of PSEG company. ACHIEVEMENTS

• Received Spot Award for the period of June ’20 for delivering impactful audit insights that streamlined compliance processes during client engagements at PwC.

• Earned Digital Acumen badge for advanced understanding of data-driven audit methodologies at PwC. CERTIFICATIONS AND LICENSES

• Certified PHP Laravel training from TechNet Consultancy, India, 2018.

• CQI and IRCA Certified ISO 27001:2013 Information Security Management Systems Lead Auditor. EXTRA-CURRICULAR ACTIVITIES

• Event Volunteer, in Sprout IT, Organized by iTELF Core Committee in Symbiosis Center for Information Technology, Pune, India, 2018.

• Member as blogger, Web and Media core committee, Symbiosis Center for Information Technology, Pune, India, 2018.

• Social media Handler, Web and Media core committee, Symbiosis Center for Information Technology, Pune, India, 2018.

• Head and Event Coordinator for Non-Technical Events, National Level Technical Symposium Prakarsh organized by Sardar Vallabhbhai Institute of Technology, India, 2016 and 2017.



Contact this candidate