Kunal Bharduaj
Regina,SK
Summary
A competent professional with 14 years of experience in Information Security & Risk Management. Cloud security governance to ensure environment is audit ready. Service Delivery by ensuring security deliverables to customer in line with the contractual requirements and defined compliance levels. Publish monthly security metrics and dashboard to customer to provide overview of infrastructure hygiene and status of security roadmap. Security Risk Assessment for critical business functions, application and infrastructure components to identify potential security gaps, publish report and discuss findings with key stakeholders for further action and remediation. Process Transformation to meet the organization/customer requirements and ensure security hygiene e.g. Vulnerability Management, Patch Management, Agent Health etc. Business enablement by working closely with business and infrastructure teams to assist in security related issues. Coordinate with corporate security and technology teams for service enablement and improvements e.g. Integrations, Software usage, Product upgrade, Report automation, Security Awareness etc. Security Assurance by represented Information Security team in client audits, responded to customer security questioner. Application Risk assessment for internal and vendor applications to calculate inherent risk of the application, coordinate with application owners for timely closure of findings. Ensure certification and compliance with ISO 27001 by perform internal security audits as per ISO 27001 standard. Follow up with respective teams for closure of findings identified during audit. Metrics Transformation which includes mapping of traditional metrics requirements in line with industry best practices to assess the effectiveness, identify deficiencies and prioritize the area that need more focus.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Technical Specialist - Global Risk and Compliance (GRC)
HCL
- Conduct Internal Audit in organization as per ISO 27001 standard
- Ensure that all the documents are valid and up to date
- Follow up with the respective person for closure of finding arise during audit
- Facilitate external auditor to perform audit in organization
- Maintained and generated reports and present it to client on monthly basis
- Perform Business Impact Assessments for all the applications based on Client - specific group requirements and impact assessment criteria, identifying relevant BIA functional respondents, facilitating BIA requirement working sessions, preparing detailed consolidated departmental BIA results/report for Top management
- Developing and executing Disaster Recovery Plans for various applications, Review/update existing plans and procedures at regular intervals
- Conduct periodic testing of Disaster Recovery test
- Document the results of all tests and exercises and identify any recommended enhancements to the Business Continuity Plans and Procedures
- Ensuring Disaster Recovery Test meets the business approved RTO and RPO of applications and log the test results in Archer.
Manager - Corporate - Cyber Security Assurance
Genpect
10.2016
- Perform Cyber Security Assurance assessment for key customers of Genpact to ensure compliance to contractual obligations from Information Security and IT, identify potential data leakage opportunities
- Perform periodic security compliance audit on for adherence to security policies and guidelines
- Managing complex business relationships and provide exceptional customer service to key accounts by regularly holding meetings, understanding the customer security requirements and by promptly responding to customer request
- Maintain controls documentation with SME's and ensure compliance with Internal and External audits
- Vendor risk management through contract review, consistent monitoring of vendor performance, to ensure that vendors meets compliance guidelines
- Work on special security assignments to assess the risk and identify the potential threat vectors
- Define security KPI/Metrics in line with the requirement.
Team Leder - Risk & Security
Metlife GOSC
02.2012
- Initiate the Risk Assessment for internal and vendor applications
- Perform Internal Application assessment for new and existing applications
- Assist application owner to complete the risk assessment for their application
- Review Internal Assessment questioner and identify gaps
- Assist Application owner to identify the Confidential, Integrity and Availability rating
- Initiate the advanced Internal Application Assessment of the application, if inherent of application
Technical Project Manager
Persistent Systems
04.2023 - Current
- Service Delivery by ensuring security deliverables to customer in line with the contractual requirements and defined compliance levels
- Cloud Governance Risk and Compliance to ensure environment is audit ready
- Cloud compliance audits via AWS Audit Manager service
- Cloud policies and procedures management via Docusign and SmartSolve
- Cloud log review to identify unauthorized changes in the infrastructure
- Periodic user access reconciliation to ensure authorized access to the infrastructure
- Coordinate with internal teams during the audit to collect and publish the evidences required by auditors.
Consultant - Governance Risk & Compliance
HCL
01.2023 - 03.2023
- Publish monthly security metrics and dashboard to customer to provide overview of infrastructure hygiene and status of security roadmap.
Assistant Vice President - CSO (Chief Security Office)
Barclays
10.2021 - 01.2023
- Perform Cyber Security Assurance assessment for Barclays suppliers to ensure compliance with Barclays security requirements
- Lead and engage all the relevant stakeholders during planning, execution, remediation, communication and various other related activities
- Define the testing strategies both from design and operating effectiveness assessment to be used for executing reviews
- Extensive experience in planning and executing both onsite and desktop/ remote reviews
- Identify control failures/gaps within the supplier control environment, driving proactive remediation and action
- Support and advise the business in developing remediation plans for control weakness
- Lead and support the assigned assurance reviews as per the defined timelines
- On time escalations of issues associated with the defined role and responsibilities
- Ownership and management of end to end delivery of the review
- Actively contributing to the supplier assurance methodology and framework to align it with risk that supply chain function faces.
Senior Manager - Corporate - Security and Compliance
Genpect
- 10.2021
- Perform Cyber Security Assurance assessment for key customers of Genpact to ensure compliance to contractual obligations from Information Security and IT, identify potential data leakage opportunities
- Perform periodic security compliance audit on for adherence to security policies and guidelines
- Managing complex business relationships and provide exceptional customer service to key accounts by regularly holding meetings, understanding the customer security requirements and by promptly responding to customer request
- Maintain controls documentation with SME's and ensure compliance with Internal and External audits
- Vendor risk management through contract review, consistent monitoring of vendor performance, to ensure that vendors meets compliance guidelines
- Work on special security assignments to assess the risk and identify the potential threat vectors
- Define security KPI/Metrics in line with the requirement.
Senior Information Security Engineer
SAP BPO Services Private Limited
07.2011 - 02.2012
- Perform internal security audits as per ISO 27001 compliance in all departments of organization like HR, Finance, Admin, IT, Sales and Marketing etc
- Evidences collection for closing the Non- Conformities arise during audit
- Prepare Audit Plans, Review audit reports and making BCP (DR) report
- Review ISMS policy of organization and make changes if any
- Recording Vulnerabilities and report to ICO team for closing loop holes
- Updating Audit results in management record.
Senior Information Security Executive
NIIT Technologies
11.2008 - 07.2011
- Provide security operations centre support in real-time monitoring of bank enterprise assets for coverage in all areas of information security
- Experience on monitoring security incidents 24X7 for SIMP Project and investigate the incidents with tools like ARS Remedy Support, IRM-A, HPSC and Change Controls Plans
- Database Security Event Monitoring and server monitoring of bank enterprise
- Experience on reviewing standard operating procedures and process for all the security policies
- Experience on Creating and Reviewing Management Summery Reports for the Client.
Education
GNIIT Diploma (System Engennering and Networking) -
NIIT
01.2009
B.Com -
Delhi University
01.2008
Skills
- Cyber Security Assurance
- Data Privacy
- Vendor Governance
- BCP/DR
- Security KPI/Metrics Transformation
- Internal Audit
- Security Risk Assessment
- Cloud GRC
- Technical support knowledge
- Telecommunications
- Security understanding
- Internet of Things
- Enterprise Resource Planning
Languages
English
Full Professional
Hindi
Native or Bilingual
Certification
- CISA
- CBCP
- ISO 27001:2013 LA
- ITIL V3
Personal Information
Date of Birth: 10/04/86
Timeline
Technical Project Manager
Persistent Systems
04.2023 - Current
Consultant - Governance Risk & Compliance
HCL
01.2023 - 03.2023
Assistant Vice President - CSO (Chief Security Office)
Barclays
10.2021 - 01.2023
Manager - Corporate - Cyber Security Assurance
Genpect
10.2016
Team Leder - Risk & Security
Metlife GOSC
02.2012
Senior Information Security Engineer
SAP BPO Services Private Limited
07.2011 - 02.2012
Senior Information Security Executive
NIIT Technologies
11.2008 - 07.2011
Technical Specialist - Global Risk and Compliance (GRC)
HCL
Senior Manager - Corporate - Security and Compliance
Genpect
- 10.2021
GNIIT Diploma (System Engennering and Networking) -
NIIT
B.Com -
Delhi University
Similar Profiles
Nitin GolaNitin Gola
Delivery Head / Associate Director at HCLDelivery Head / Associate Director at HCL
Prokhor RyazanovProkhor Ryazanov
Senior Help Desk Analyst at HCLSenior Help Desk Analyst at HCL
Liza JacobLiza Jacob
Citrix & VMware Administrator at HCLCitrix & VMware Administrator at HCL
Shalini SharmaShalini Sharma
Deputy Manager - Operations & Training at HCLDeputy Manager - Operations & Training at HCL
Patricia ParadaPatricia Parada
PURCHASING CLERK at City of ReginaPURCHASING CLERK at City of Regina