Summary
Overview
Work History
Education
Skills
Timeline
Generic

Abhijeet Mali

Information Security Risk and Compliance
Pune

Summary

Accomplished Security Manager with 16 years of experience. Committed to strategic planning and delivery of large-scale objectives while maintaining highest levels of integrity and respect. Applies advanced technical, business and logistics acumen to streamline processes. Adept at driving cross-functional teams within high-pressure and deadline-driven environments.

Overview

15
15
years of professional experience

Work History

Solution Lead GRC

Principal Global Services
9 2020 - Current
  • Create, maintain and distribute timely and relevant information/cyber security KPIs and metrics
  • Develop and maintain an information/cyber security dashboard and metrics which provide an accurate representation of the company cyber risk profile, and relevant cyber threats
  • Performing Risk assessment for various solution on underline NIST 800-53 control
  • On Prem and Cloud based solution evaluation
  • Performing reviewing Vendor review based on Company Security standard
  • Participate in security compliance assessments performed by internal and external teams
  • Oversight of remediation of any security non-compliances and Redesigned Exception Process
  • Manage Governance, Risk and Compliance across internal and external stakeholders
  • Ensure compliance across the organization
  • Develop and oversee control systems to prevent, highlight, or deal with any exceptions, and revise processes and reports on a continuous improvement basis to identify hidden risks or exceptions
  • Identification and impact/risk assessment of exceptions and non-conformances
  • Proactive management and regular reviews of exceptions
  • Liaising with stakeholders across IT and the wider business to establish any risks and exceptions as a result of policy or process gaps, and taking steps to document and address issues
  • Ensuring adherence to all compliance, governance, quality and security standards, delivering a safe, secure and reliable service to the business.
  • Improved team performance and productivity by providing consistent guidance, mentorship, and professional development opportunities.
  • Identified areas for improvement in existing processes and implemented necessary changes for increased efficiency and effectiveness.
  • Motivated team members towards achieving shared goals through open communication channels and a positive work environment culture shift strategy implementation process enhancement plan engagement initiative success visibility effort realization drive moti

Cyber Security Compliance Analyst

Studio Retail UK
06.2019 - 01.2020
  • Conduct internal compliance audits of security controls, and compliance with policies and frameworks
  • Gathering and evaluating evidence, collating and preparing evidence for 2nd line review
  • Ensuring audit preparation and audit activities are conducted in accordance with timelines and schedules
  • Create, maintain and distribute timely and relevant information/cyber security KPIs and metrics
  • Develop and maintain an information/cyber security dashboard and metrics which provide an accurate representation of the company cyber risk profile, and relevant cyber threats
  • Develop and oversee control systems to prevent, highlight, or deal with any exceptions, and revise processes and reports on a continuous improvement basis to identify hidden risks or exceptions
  • Identification and impact/risk assessment of exceptions and non-conformances
  • Proactive management and regular reviews of exceptions
  • Liaising with stakeholders across IT and the wider business to establish any risks and exceptions as a result of policy or process gaps, and taking steps to document and address issues
  • Ensuring adherence to all compliance, governance, quality and security standards, delivering a safe, secure and reliable service to the business
  • Adhering to regulatory, legislative, quality and security standards and expectations.

Senior Associate

Cognizant Technology Solution
03.2016 - 01.2019
  • Design & Develop ISMS control framework, based ISO 27001 & ISO 31000 standard
  • Conducted the review of security design corresponding to ISO 27001 standard
  • IT security policy and procedures review, Business continuity framework review, Risk Assessment Framework
  • Reviewing the Policies & procedure based on ISO 27001 standard
  • Support client audits based on ISO27001, SSA16/18, HIPPA, and PCIDSS etc
  • Technical risk assessment for new applications and the corresponding Information Security Assets
  • Perform vendor risk assessments
  • Support line of Business, Processes by identifying and managing technology & information risk
  • Performed Vulnerability Assessment & Penetration Testing for internal (Application, Network & Servers etc.) Perform Network Architecture Review & Configuration Review (Network, Database & Systems etc.)

IT Security Consultant

Triogensys PVT LTD
  • Perform vendor risk assessments
  • Assess the adequacy of control, standards, policies & procedures to ensure compliance to regulatory requirements
  • Support line of Business, Processes by identifying and managing technology & information risk
  • Performed operational risk assessment based on operational controls such as (Change management, Incident management, Security Monitoring, Patch Management, IAM etc
  • IT security policy and procedures review, Business continuity framework review, Risk Assessment Framework
  • ISMS framework (ISO 27001), Data centre and DR site review, Network architecture review, Security operations centre review, Network monitoring software review
  • Process management audit including incident and helpdesk management, change management, SLA management, backup procedures, patch management etc
  • IT security policy and procedures review, Business continuity framework review, Risk Assessment Framework
  • Configurations review of network, operating system & database
  • Risk Management
  • Network Security Review
  • Review of network design based on network diagram network segregation, checking for redundancy of devices, placement of firewalls, DMZs, web application firewalls, traffic flow analysis, security measures at entry and exit points of the network etc.

Senior Administration

Decos Software Pvt. Ltd
01.2013 - 09.2014
  • Management of ISMS
  • Information Security Audit based on ISO 27001 standard
  • Assess the adequacy of control, standards, policies & procedures to ensure compliance to regulatory requirements
  • Technical risk assessment for new applications and the corresponding Information Security Assets
  • Performed Vulnerability Assessment & Penetration Testing for internal (Application, Network & Servers etc.)

IT Lab Administrator

Courion IT Pvt. Ltd
09.2011 - 09.2012
  • Information Security Audit/Network Audit
  • ISMS framework (ISO 27001)
  • Process management audit including incident and helpdesk management, change management, SLA management, backup procedures, patch management etc
  • IT security policy and procedures review, Business continuity framework review, Risk Assessment Framework
  • Performed SAS 70 Type I & II audit
  • Conducted comprehensive ITGC review for various departments, processes, data centre.

Senior Network Administration

Tata Communication Pvt. Ltd
03.2009 - 09.2011
  • Information Security Audit/Network Audit
  • ISMS (ISO 27001) Implementations, As-Is Assessment, Gap assessment
  • Process management audit including incident and helpdesk management, change management, SLA management, software licensing management, accounts management, backup procedures, patch management and so on
  • IT security policy and procedures review, Business continuity framework review, Risk Assessment Framework
  • Risk Management & Compliance regulations.

Education

undefined

Skills

    Endpoint Security

    Network Security

    Security Auditing

    NIST Frameworks

    Privacy regulations

    Data protection

    Virtualization Security

    Mobile Security

    Disaster Recovery

    Encryption Technologies

Timeline

Cyber Security Compliance Analyst

Studio Retail UK
06.2019 - 01.2020

Senior Associate

Cognizant Technology Solution
03.2016 - 01.2019

Senior Administration

Decos Software Pvt. Ltd
01.2013 - 09.2014

IT Lab Administrator

Courion IT Pvt. Ltd
09.2011 - 09.2012

Senior Network Administration

Tata Communication Pvt. Ltd
03.2009 - 09.2011

Solution Lead GRC

Principal Global Services
9 2020 - Current

IT Security Consultant

Triogensys PVT LTD

undefined

Similar Profiles

CREATE PROFILE
Abhijeet MaliInformation Security Risk and Compliance