Now you can Instantly Chat with Surabhi!
About Me
Highly motivated professional with 13+ years of experience in Information/Cyber Security, Governance, Risk, Compliance (GRC), Control Assurance, Audits, Application security & Vulnerability management. Proficient in implementation and auditing on var...
Show MoreSkills
Portfolio Projects
Description
- Involved in development of strategy and standardson UAE healthcare sector
- Responsible for conducting the risk and compliance assessments for govt. entities across UAE based on UAE Information Assurance Standard (NESA and ISO 27001)
- Worked on collecting and analysis data for sales pitch.
- Part of cyber education and awareness team and conducted events for various govt entities
- Worked on mapping of various standards(ISO 27001, OT Standards, UAE IA etc)and development of control library
Description
- Responsible for conducting periodic control assurance activities across multiple international locations to ensure all key controls are effectively tested and all bank assets are protected against threats and vulnerabilities.
- Responsible for audit and compliance assessments covering people, process and technology aspects and adhering to banks standards, policies and procedures.
- Responsible for implementing and maintaining ISO 27001 and NESA across organization and ensure readiness for certification/surveillance audits.
- Coordinating the external audit engagements (Financial / Certification Audits etc.) and following up to close the findings raised by internal audit / external audit / ITCA.
- Providing advisory services on reviewing, adding, amending or removing controls in frameworks as per regulatory and compliance requirement including NESA, ISO 27001, Central Bank directives and such other guidelines.
- Responsible for leading and managing and reviewing projects across Information Security Domain.
- Responsible for conducting regular risk assessments and control testing for the units.
- Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, ensuring that key artifacts such as security design documents, risk assessments and data classifications are in place and that risk is effectively managed.
- Responsible for attending regular meetings and reporting to senior management for status of various activities across the unit.
- Responsible for interacting with stakeholders on daily basis on tracking of risks and controls and giving advisory services on remediation of risks and issues.
- Maintaining the audit working paper and evidences in an organized manner to ensure their availability as and when required.
- Conducting the adhoc special investigations, interrogated incidents and security assignments as per higher management requirements on need basis.
- Working with other teams as subject matter expert on IT Projects / IT Security Assessments.
- Responsible for providing regular updates to senior management on current status of controls, risks and audit findings along with recommendations.
- Responsible for monthly reporting of various dashboards and presentations.
- Reporting all critical incidents in GRC tool/management and performing root cause analysis of the same.
Description
Responsible for conducting threat modeling, code review, preparing the report for the securities issues found with severity, impact and likelihood, along with remediation measures suggested.
Responsible for getting the findings remediated within given timelines with proper tracking and verification of defects and hence providing a closure report for the same.
Show More Show LessDescription
- Responsible for managing and handling a team of 4 people for execution of more than 400 projects in a year.
- Responsible for conducting awareness sessions on information security and secure code guidelines across the unit.
- Responsible for reporting to higher management, handling client calls, tracking all the defects to closure and preparing defect closure report.
- Responsible for successful completion of threat modeling, code reviews, manual and Automation security testing and vulnerability assessment of the application within deadlines.
- Responsible for managing the team, setting objectives, career plans, conducting appraisals.