Nilay Ghosh
Pune
Summary
Technically competent professional with experience of over 14+ years across Information Security, Cyber Security, IT Service Management, Risk Assessment & Management, Security Audit, Operations Management, Process Management, Client Communication and Team management.
Overview
14
14
years of professional experience
4
4
Certifications
Work History
Senior Manager - Compliance
PayU Payments Private Limited
5 2022
- Manage DPSC Audits conducted by ReBIT
- Responsible for responding all Regulatory circulars pertaining to Information Security
- Ensure PayU comply with all Regulatory mandates and conduct RBI Data Localization SAR, BBPS SAR, PAPG SAR Audit by Cert-In Empaneled Auditors Annually and submit the reports to RBI
- Enhance PayU control environment and upgrade PCI DSS 3.2 certification to PCI DSS 4.0
- Manage PCI SSF, ISO 27001-2013 audit annually
- Ensure quarterly VA and ASV scan with Compliance report, half yearly PT and annual source code review done by internal and external team to comply PCI DSS requirements
- Implement robust control environment and first time PayU Payments Pvt ltd received SOC 2 Type2 report with Security, Privacy and Availability Trust Principal
- Front face all the external Third Party Audits conducted by clients like Banks and Merchants
- Support Legal team for information security clauses during final Agreement with Clients
- Annual review of all organization level policies and update them wherever required
- Mentoring internal team members to upgrade their skill set to manage broader responsibility
- Prepare core team (represent from each domain like Cyber, Engineering, Prod Support, IAM etc) to face external Audits by helping walkthrough preparation, stream line evidence collection etc
- Provide Annual Info Sec awareness training to all employees.
Assistant Vice President
Barclays Global Service Centre
2018.11 - 2022.05
- Support multiple ITGC standards as a part of SOX Regulatory Audit
- Tower Lead of Investment banking ABC (Automated Business Control) /ITAC Sox testing
- As a part of Tower Lead responsibilities by managing resources and good collaboration with stakeholders helps on time delivery basis on overall ABC execution plan
- Deliver internal training and cross skilling to new joiners to optimize the use resources in different projects (like ITGC, ABC, Targeted review).
SME Security
Microland Limited
2017.04 - 2018.11
- Part of Risk and Regulatory Compliance Team APAC (Deutsche Bank)
- Primary Responsibilities as follows: Responsible to comply with all the INDIA Regulatory Body (RBI & SEBI) requirements
- INDIA Regulatory Body (RBI & SEBI) requests Information Quarterly, Half yearly, Annually and Adhoc basis related to IT via Circulars and Advisories
- Our team is responsible for interpret and fetch all the relevant information from different Global SME's, consolidate information in requested format and review it before submission to Regulator
- Support different Banking functions (IT) during Annual Regulatory Inspection and IT Exam by providing information basis of multiple IT Indent
- Primary Point of contact from IT for coordinate with external Auditor during Bank Statutory Audit
- As well providing support in SSAE18, ISAE 3402 external Audits
- Along with that we are the front face for Third party and Internal Audit (ITGC).
Information Risk Analyst
JP Morgan
2012.02 - 2017.03
- Currently responsible to perform SOX and SSAE16 Audit for 64 in scope Application which include all 3 layer(Application, Database and OS level)
- Involve in yearly SOX Audit planning, conducting SOX Audit walkthrough to verify design effectiveness and then perform SOX Control testing to verify operational effectiveness
- Working with external Auditor (PWC), provide relevant information to conduct SOX Audit in our Line of Business
- Responsible for ARA (Application Risk Assessment) which is segregated in two parts ARC (Application Risk Classification) and ACA (Application Control Assessment)
- Conducting meeting with ADM (Application Development Manager), IRM (Information Risk manager) and TCO (Technology Control Officer) to understand the business purpose and criticality of the Application and based on that Application Risk rating has been assigned
- Responsible for identity, access management, privilege ID administration and automation, designing security policy and implementing security solutions
- Leading, mentoring & monitoring the performance of team members to ensure efficiency in operations and meeting of individual & group targets; preparing the shift rosters also.
System Administrator
Collabera Technologies
2011.09 - 2012.02
- Responsible for implementing & reviewing incident resolutions related to database like Account unlock and Password reset, DB Access Issue etc, governed Security Compliance, IT Risk Assessments and revised Security Policies
- Efficiently evaluated & implemented access management tools such as addition, modification & deletion of database account and also reset Privilege ID like functional account password reset stored in Enterprise Password Vault(Cyber Arc Product)
- Involved in Privilege ID Automation, a Cyber Arc Product, implementation and operating effectives with focus on areas like Service Management, Data Center Operations, Logical Security, User Access Management, Business Continuity Management, etc.
System Administrator
Clover Infotech
2010.08 - 2011.08
- Analyzed audit report based on Bank Baseline policy which follows COBIT Standard and also worked on DS 5.3(Identity Management), DS 5.4(User Account Management) and DS 9 Reports
- Maintained Dash Board, Open Issue Tracker & MIS on the basis of current Audit report as well as coordinated with Application team to implement baseline policy on application servers for closing Audit Reports
- Implemented Security Projects like Symantec Security Insight Manager (SSIM), Control Compliance Suite (CCS), VAPT Project (Support E&Y Team during Vulnerability Assessment & Penetration Test), Qualys Scan (Penetration Test for Web faced servers) and PUPM (Privilege User Password Management).
YG Graduate
Tata Consultancy Services Ltd.
2008.10 - 2009.01
- I have hands on experience to work under Network Administrator along with resolving the internal calls related to Network.
Education
MBA -
EIILM UNIVERSITY
BCA - undefined
THE UNIVERSITY OF BURDWAN
HIGHER SECONDARY - undefined
WBCHSE
SECONDARY - undefined
WBBSE
Skills
Regulatory Audit Management
Certification
CISA Qualified, 2024
Timeline
Assistant Vice President
Barclays Global Service Centre
2018.11 - 2022.05
SME Security
Microland Limited
2017.04 - 2018.11
Information Risk Analyst
JP Morgan
2012.02 - 2017.03
System Administrator
Collabera Technologies
2011.09 - 2012.02
System Administrator
Clover Infotech
2010.08 - 2011.08
YG Graduate
Tata Consultancy Services Ltd.
2008.10 - 2009.01
Senior Manager - Compliance
PayU Payments Private Limited
5 2022
MBA -
EIILM UNIVERSITY
BCA - undefined
THE UNIVERSITY OF BURDWAN
HIGHER SECONDARY - undefined
WBCHSE
SECONDARY - undefined
WBBSE
CISA Qualified, 2024
ITIL Foundation, 02311953-01-B98V
CEHv8, ECC80027538170
ISO-27001 Lead Auditor certification exam, ISPA1007831-2015-10
Similar Profiles
Sahil GroverSahil Grover
Director-Banking Partnerships,Product & Opeartions at PayU Payments Private LimitedDirector-Banking Partnerships,Product & Opeartions at PayU Payments Private Limited
Poornima VermaPoornima Verma
Senior Manager - Fraud & Risk at Payu Payments Private LimitedSenior Manager - Fraud & Risk at Payu Payments Private Limited
Tanu DuaTanu Dua
Fraud and Risk Analyst at PayU Payments Private LimitedFraud and Risk Analyst at PayU Payments Private Limited