Risk Management Information Security
Resume:
Prateek Kumar Bansal
***************@*****.***
Irving, Texas, US
Professional Summary
ü As a Risk Analyst at The Citco Group Limited, I leverage my expertise in cybersecurity and third-party risk management to identify and mitigate potential threats to the organization's assets. With over 12 years of experience in the field, I have developed a strong understanding of IT audit processes and procedures, ensuring compliance with industry standard and regulations. ü In my previous roles as an Information Security Consultant at eSec Forte® Technologies and an Analyst at Prime HR Consultants, I applied my skills in cybersecurity, third-party risk management, and IT audit to provide valuable insights and recommendations to clients and stakeholders. I am passionate about staying updated on the latest trends and developments in the cybersecurity domain, and I am always eager to learn new skills and technologies that can enhance my professional growth and performance. ü An Information Security professional with overall experience of 12+ years of experience in to various industries such as Third-Party Risk Management, Internal Audit, ISO 27001:2013, PCI DSS, GDPR, NIST CSF, DORA Act. Hands on experience on tool such as ProcessUnity, RSA Archer and JIRA. Work Experience
CITCO Group Services India LLP
Title GRC
Duration Oct 2023 – Dec 2024
Designation Risk Analyst – Third-Party Risk Management Reporting Senior Vice President
Responsibilities • Part of Information Security team (Governance, Risk, Compliance).
• Responsible for delivering a global Third-Party Due Diligence process.
• Review SOC 1 Type II, SOC 2 Type II, Financial, Reputation, BCP, Data Privacy, Legal.
• Work with the team to support in implementing DORA ACT for the applicable vendors.
• Good understanding on ProcessUnity, Jira, EDM, Dun & Bradstreet and Diligent tools.
• Perform Third Part Risk Assessment for new and existing vendors on ProcessUnity Platform.
• Third Party onboarding on ProcessUnity and calculating the inherent risk score to under the scope of third party.
• Led a team to conduct comprehensive risk assessments for third-party vendors, resulting in a 100% reduction in potential security breaches by implementing robust risk management strategies.
• Managed third-party contracts, ensuring compliance with contractual obligations and service level agreements, resulting in a 100% improvement in vendor performance
• Perform Continuous monitoring on annually basis.
• Prepared Artificial Intelligence checklist for AI Vendor assessment
• Prepared and configured the checklist for DORA Readiness on ProcessUnity.
• In continuing Operations: Verify all the third-party records to ensure the accuracy such as Validation of internal/external points of contact, services given, and risk assessment questionnaire response.
• Customize assessment questionnaire basis on the SIG, ISO27001, NIST Cybersecurity Framework.
• Coordination with the team and stakeholders to review the Vulnerability scans and penetration testing reports and discuss the identified vulnerabilities.
• Control Evaluation with respect to risk management, access management and network security management.
• Manage Third-Party vendor Offboarding.
• Develop and implement security controls and mitigation Strategies.
• Customized the reports on ProcessUnity to publish to Senior Management to share the progress.
eSecForte Technologies Pvt. Ltd.
Title Risk Assessment and Management
Duration Mar 2021 – Oct 2023
Designation Associate Information Security
Reporting Vice President
Responsibilities • Customize assessment questionnaire basis on the SIG, ISO27001, NIST, PCI DSS.
• Conduct the annual security risk assessment of the projects and suppliers and support projects in implementing the required controls.
• Control review with respect to Network security, User Access Management and Vulnerability Management.
• Identify inherent risk of the suppliers with the help of inherent risk questionnaire.
• Determine the tiering of the vendor basis on the identified inherent risk.
• Responsible for leading kick-off call to understand the scope of the assessment.
• Submit assessment questionnaire to third party in accordance with the tiering.
• Perform due diligence and conduct workshops if required.
• Proactively work with Third Party Risk Management teams and Business Partners to identify areas of risk and reduce, mitigate or eliminate third party risk.
• Conduct meeting with Business Partner and review the Risk assessment report.
• Publish the risk report with supplier and track the identified gaps for closure.
• Conducting Internal Audits, reporting areas of risks, preparing conclusions and recommendations for appropriate actions with ISMS & GDPR Scoped areas.
• Reviewing the questionnaire with the Project POC to understand the applicability of the controls on their projects.
• Reviewing the Artifacts/evidence provided based on the applicable controls to ensure the compliant status.
• Creation and Review of the Information security policies and procedures in accordance with ISO 27001.
• Coordinate with the project POC to discuss the identified gaps and risks.
• Evaluate the Risks on the basis of their priority.
• Prepare the risk report and review the same with project POC to mitigate the risks on priority basis.
Prime HR Consultant
Duration Nov 2018 – Jan 2021
Designation Analyst – Client Facing Role
Reporting Senior Manager
Responsibilities • Review the Information Gathering form to identify the criticality of the suppliers.
• Performing periodic Risk Assessment, documenting the Risks in the respective Risk Register, communicating the risks and recommendations, with control implementations.
• Monitoring controls and perform control testing on effectiveness of TPRM compliance in accordance to Risk methodology and program.
• Involved in Customer audits and worked on Customer audit findings and taken into compliance/closure.
• End to end coordination with the POC to close the risks identified in the risk report.
• Prepared customized assessment questionnaire for the TPRM program along with the risk and remediation statements.
Human Innovation Services
Duration Aug 2012 – Sep 2018
Designation Specialist
Responsibilities • Creating User ID for new hired associates in Active Directory.
• Troubleshooting and resolving access management and provisioning workflow errors.
• Manage operations within the IAM environment at the client, including application patching and upgrades and certification management.
• Granting access for associates as per requirement.
• Audit access for associates as per requirements.
• Audit privilege applications access and generate weekly report for management. Certifications & Trainings
• Certified for Information Security Management System (ISMS) - Lead Auditor (ISO 27001:2013)
• Cleared CISA Exam in 2024
Accomplishments
• Star performer Award (2024)
• Received recognition and appreciation from senior management for successfully completion of DORA Readiness project
Core Competencies
Application Security Third Party Risk Assessment Compliance Review PCI DSS Identity & Access Management Disaster Recovery GDPR Cloud Security Risk Analysis & Mitigation
Risk Management IT Audit ITGC
Information Security Cybersecurity MS Office Suite NIST CSF DORA Regulation GRC
Education
Bachelor’s degree in commerce (BCOM) (2012) Calorx Teacher University, Secondary/Sr. Secondary Schooling (C.B.S.E Board) Delhi Personal Information
Date of Birth : 31st December 1988
Nationality/Passport : Indian/Active
Marital Status : Married
Father’s Name : Mr. Arun Kumar Bansal
Contact this candidate