Summary
Overview
Work History
Education
Skills
Languages
Professionalskillsets
Certification
Timeline
Generic

Ruchi Mishra

Toronto

Summary

Observant, analytical, and result-driven Cyber Security professional with 14+ years of experience in Information Security Controls, Policies and Procedures, Risk Management & Compliance, Data Protection, Threat & Risk Assessment, and related areas. Seeking opportunity in a fast-paced environment to utilize skillset in making secure and efficient decisions for organization\'s growth.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Senior Lead, Security Advisory Transformation

Scotiabank
12.2024 - Current
  • Supporting overall initiatives under TRA transformation project
  • Reviewing existing Threat & Risk Assessments completed by team members, providing feedback and ensuring the risks are aligned within the governance framework
  • Provide guidance and technical expertise on threat methodology and frameworks, creation of relevant threat modelling artifacts
  • Reviewing Technical Design Documents for platforms and applications
  • Conducting Threat and Risk Assessments for various platforms, applications leveraged within the Bank

Senior Security Advisor

Scotiabank
04.2020 - 11.2024
  • Conducting Threat and Risk Assessments, Security Memos for the internal and cloud-based SaaS solutions utilized within the Scotiabank
  • Assisting Business lines, vendors to complete Technical Design Document for their respective projects, performing in-depth reviews of the Design Documents
  • Guiding business to follow Security processes to ensure all requirements are met
  • Documenting risk items and related action plans in the security assessment and ensuring the risks are remediated as per timeline
  • Discussing and convincing project teams on the identified risk items and the associated risk ratings

Data Protection Specialist

Scotiabank
07.2019 - 03.2020
  • Assist advisory team in completing the Threat Risk Assessments of various new applications requested by business
  • Responsible for assessing the end-to-end DLP capabilities, define gaps and recommendations
  • Conducting assessments of DLP controls for third party vendors, suppliers and assure Bank's guidelines are met
  • Creating written documentation for various projects, policy tests and new processes
  • Co-ordinating and assisting different teams to complete DLP changes & assessments
  • Responsible for implementing DLP controls as per the bank standards for new mergers/vendors
  • Responsible for coordinating with different regions (Asia, US, Latam) and different business lines to develop a strategic plan to implement up to date DLP policies
  • Actively working on implementing data classification standards for the bank using Azure Information Protection- Microsoft
  • Defining classification and protection rules within office 365 security and compliance portal
  • Developing future DLP strategies for the bank

Data Protection Analyst Advisory

Scotiabank
05.2018 - 06.2019
  • Hands on experience in configuring, testing and implementing data classification labels using Microsoft Azure Information Protection
  • Implementing customized DLP policies based on business needs of the bank in various security application such as Forcepoint, Symantec
  • Expertise on managing Data Protection applications, procedures and standards
  • Creating and testing of diverse test cases for each Data Protection tool
  • In depth understanding of configuring customized DLP policies in Office 365 Security and Compliance Center
  • Experience in coordinating internal process requirements with third parties to configure new tools and technologies
  • Creating a project plan to upgrade current version of Securonix- Data Ex-filtration to Securonix SNYPR
  • Creating Data Protection policies in Google-Suite

Senior Analyst, Data Loss Prevention

Scotiabank
05.2017 - 05.2018
  • Expertise in auditing and advising DLP investigations
  • Responsible for handling changes to DLP policies as and when required
  • Configuring new policies which includes both business and regulatory policies of Canadian banking
  • Well versed with PCI, PII and confidential DLP policies
  • Testing Microsoft Azure Information Protection module and align it with DLP best practices
  • Testing and configuration of Data Exfiltration module in Securonix

Support Engineer, Technology Operations

Cvent India Pvt. Ltd
01.2014 - 08.2015
  • Sever/System health check for incident prevention
  • Maintaining backups of the important application and data
  • Management of Active Directory, DNS, DHCP and Exchange 2010
  • Managing Symantec Endpoint Protection server
  • Creation and modification of policies
  • Hands on experience managing URL/DLP policies on Forcepoint/Websense
  • Setup and maintenance of FTP Server, Web Server
  • Implementation and configuration of various ITSM Suite (Service-desk Plus & Service Now)

IS Helpdesk Associate, Technology Operations

Cvent India Pvt. Ltd
01.2012 - 12.2013

Education

Master of Science - Information System Security Management

Concordia University
Edmonton, AB
01.2017

Bachelor of Technology - Electronics & Communication

World Institute of Technology
Gurgaon
01.2011

Skills

  • Data protection
  • Data loss prevention (DLP)
  • ForcePoint/ McAfee/ O365
  • Threat and Risk Assessment
  • Threat Modeling
  • Security assessments
  • Cloud applications
  • Amazon AWS
  • Microsoft Azure
  • Google Cloud Provider (GCP)
  • API connectivity
  • Mobile applications
  • Verbal communication
  • Written communication
  • Leadership
  • Project management
  • Team collaboration

Languages

English
Full Professional

Professionalskillsets

  • Strong working knowledge on various data protection, data loss prevention (DLP) tools and best practices, such as ForcePoint, McAfee, O365, Box.
  • Detailed oriented information security professional with more than 5 years of experience in conducting detailed Threat and Risk Assessment for various technologies/applications within the Bank such as internet gateways, network devices/appliances.
  • Strong expertise in conducting security assessments for cloud applications hosted on Amazon AWS, Microsoft Azure, Google Cloud Provider (GCP).
  • Skilled in conducting Threat Risk Assessment on API connectivity, and mobile applications.
  • Excellent verbal and written communication skills with security assessments.
  • Ability to work as an effective team member with strong leadership qualities in managing complex projects with business lines, as well as ability to support a team as a leader.

Certification

CISSP

Timeline

Senior Lead, Security Advisory Transformation

Scotiabank
12.2024 - Current

Senior Security Advisor

Scotiabank
04.2020 - 11.2024

Data Protection Specialist

Scotiabank
07.2019 - 03.2020

Data Protection Analyst Advisory

Scotiabank
05.2018 - 06.2019

Senior Analyst, Data Loss Prevention

Scotiabank
05.2017 - 05.2018

Support Engineer, Technology Operations

Cvent India Pvt. Ltd
01.2014 - 08.2015

IS Helpdesk Associate, Technology Operations

Cvent India Pvt. Ltd
01.2012 - 12.2013

Master of Science - Information System Security Management

Concordia University

Bachelor of Technology - Electronics & Communication

World Institute of Technology

Similar Profiles

  • Abhishek Wahal

    Abhishek WahalAbhishek Wahal

    Senior Manager at ScotiabankSenior Manager at Scotiabank

    View Profile
  • Tebah Al-Safi

    Tebah Al-SafiTebah Al-Safi

    Customers Experience Associate at ScotiabankCustomers Experience Associate at Scotiabank

    View Profile
  • HARSHIL PATEL

    HARSHIL PATELHARSHIL PATEL

    Customer Experience Associate, Kitchener at ScotiabankCustomer Experience Associate, Kitchener at Scotiabank

    View Profile
Ruchi Mishra