A Venkatesh

Responsible for leading the Information Security Internal Audit: preparing the audit framework, defining scope, executing actual audit and working with stake holders in mitigating the vulnerabilities o Identification of vulnerabilities in information security and submission of reports to Department owners. o Regular Audit on access controls, Privileges, IT infrastructure, Networks and protection of confidential Information. Conducting enterprise-wide Risk assessment & Periodic Audits. o Responsible for conducting Security Awareness program for all employees o Authoring & implementing the Information Security policies according to enterprise Risk Apatite o Conducting internal audits and facilitating and managing external audits.

Implementation of ISMS as per ISO 27001 standard in accordance with business requirements.  Conducting internal audits as per standards of SOX, SOC, ISO 27001 and facilitating and managing external audits.  Security incident, emergency response and business continuity handler at Security control room.  Information security risk management, governance and compliance as per business requirements.  Training and orientation to Associates and contractors working in the Information Technology Department regarding IT Security. Test key security controls for adequacy and effectiveness of E-commerce and financial services Applications of the company.  Perform, participate in Information security reviews, evaluations and risk assessments and raise information security risks to the business owners and other executives as appropriate.  Identifying audit requirements with policy, standard and procedures, also pushing process owners in providing the adequate evidences and managing supporting documents repository for future audits.  Documenting the gaps identified during the audit, recording the issues and assigning action owners, following up with business on regular basis to prioritize the action plans based on the remediation time lines.

Performed risk assessments and gap analysis of the company’s information security program against industry best practices o Conducted internal audits for various business units within the organization using standard methodologies such as walkthroughs, interviews with management and staff members involved in processes under review etc., to determine compliance with policies and procedures related to information security standards o Analyzed results of internal audits performed by Information Security Auditors and prepared reports documenting findings and recommendations for corrective action or further investigation where appropriate. o Provided technical support to other auditors regarding specific technologies used within the organization when performing their own audits. o Establishment & maintenance of Information Security Governance & Strategy to best meet Business objectives by Conducting enterprise-wide Risk assessment & Periodic Audits. o Performing Risk & control assessment for High-risk service provider to evaluate the effectiveness