Vijay Amarnath - Updated
- 1. VIJAYAMARNATH E-MAIL: VIJAYAMARNATH@GMAIL.COM C: +919788219201 SUMMARY An IT RISK, ITGC, SOx, ISO27001, SOC1 & 2 and ACCESS MANAGEMENT SPECIALIST whose qualifications include a master’s degree in Computer Applications with ISO-27001 Lead Auditor certification & ISO 20000 Lead Implementation. Detailed knowledge of technologies and best practices in GRC space. 9+ years of IT experience which includes GRC (Governance Risk & Compliance), IT General Controls with extensive knowledge on ISO 27001 , SOx Regulatory ACT, IT Risk Management, Access Management, SOC1 & SOC2 Type I and Type II Audit, Change Management, L2 Support & Maintenance and S/W licensing. BUSINESS SKILLS Project Lead with 9+ years of experience in managing projects on Internal Audit Successfully led a team of 11 members in ITGC space Excellent Project Planning skills and documentation (especially in PPT, excel and SOP preparation) Experience with all stages of audits which includes identifying, planning, execution/ evaluation, reporting and testing in areas of Access Management Sound knowledge in IT Risk Management Thorough understanding of existing process and strong drive for strategy, innovation and in driving automation & simplification of process IT General Control areas of Sarbanes-Oxley Act (SOx) 404 and vast experience in handling Level-2 IT support activities Internal audit of ‘Access Management’ and ‘Change Management’ Projects Certified ISO270001 LA, ISO 20000 LI , ITIL V3 foundation , GREEN BELT and LEAN SIX SIGMA KEY SKILLS IT Risk Management lifecycle, Access Management, ISO 27001, IT General Controls & Framework, Regulatory Compliance (SOx), SOC1 and SOC2, Change Management BCP & DR, PCI DSS, Six Sigma concepts and ITIL V3 Foundation KEY PROJECTS Future Group Pvt Ltd (AS a Lead Consultant) Security Risk assessment and consulting for creation of IT policy for FG covering the below - Worked on for an executive Management report that includes clear recommendations on security policies along with Potential Risk against each recommends and - Mapping of recommended controls measures against ISO & PCI - Prepared a summary listing all the implications if recommended controls Third Party Assessment - Idea Cellular (As a Lead Consultant) Design and Deployment of Supplier Security Compliance Framework Vendor Categorization & Criticality Development of Self-Assessment Questionnaire Manage VRM using CoVi Compliance Tool ISMS Design and Implementation along with PCI DSS - Network 18 (As a Lead consultant) End-to-end delivery of the project (Ensure the Org is implemented with ISO 27001 standards) Organized and executedproject as per the project plan Designed policies and procedure as per ISO 27001:2013 guidelines
- 2. Page 2 Roll out of 3 InfoSec awareness training sessions across the Org Effective stakeholder engagement & work closely with Operation Teams, Risk, Legal & Compliance, IT Technical Team to understand their current day process and lay out optimal ‘TO BE’ process. Develop Unified Compliance Framework with Mapping ISO 27001 controls with PCI DSS requirements to ensure the organization is compliant with both Provide technology roadmap for control automation Risk Management – GE Capital Treasury (As a Project Lead) Work with the IT Leader to address, manage and facilitate the Risks identified during Risk Assessment Upload the Risk itemsin the EOR tool (Enterprise & Operational Risk) and track these Itemsuntil closure Conduct Bridge calls between Risk Owner, IT Owner and external/internal Auditor to address the risk status and plan the further steps Suggest on the Mitigation measure and counter the risk with ideal controls Follow up with the Risk owner until the Risk is either Transferred or addressed with appropriate measures Access & Change Management - GE Capital Treasury (As a Project Lead) Interacting with respective Application Owner’s (AO) team to resolve compliance issues and provide recommendation, communication on status of action resolution and bringing to management issues that require attention tracking corrective actions and to comply with SOX requirements Perform periodic accounts audits across SOx/Non-SOx applications, network domains, servers and databases Perform periodic review of accounts for all Critical/Non-Critical assets. Reviewing Segregation of Duties (SoD) matrix reports in Production & Non-Production environments like Development, QA and Test Perform Change Management control testing for all the samples provided by Business Quarterly - System Access Reviews - GE Capital Treasury (As a Technical Lead) Conduct audits on all in-scope (i.e., Sox / Trade and Banking / Mission Critical) applications comply with DS5 – Ensure System Security (according to COBIT Framework) review controls and its associated infrastructures to ensure that all users having appropriate level of access to the systems. Handover the audit findings to the Asset Owner and follow up on the remediation action until closure Work with the External Auditors and facilitate them on their finding Preparation of SOW, SOP and other important project related documents like revamping and enhancement requirementsto the project Accountable for identification of any IT Risks and treating it appropriately Software License Management – GE Capital Perform Audits on all Business, Corporate and Vendor requests Rollup or remove components / freeware
- 3. Page 3 Collect entitlements. Compare installs to entitlements to reuse licenses from existing pool resulting in savings. Transfer entitlements under one user to other or one machine to other Release software for terminated resource & resource who don’t require the software anymore Assign licenses & Remediate defects L2 Support & Maintenance - ADVANCE COMMERCIAL BANKING SYSTEM – ACBS Foremost job done in As400 area was to submit the EOD Batch process requested by Business users on demand. Provisioning and de-provisioning user access per the pre-defined system Assisting in DR report - Providing RPO and RTO information to Post-Mortem report Submission of post-mortem report of ACBS application to the DR Team Leader Capture RTO and RPO values in AS400 while mocking DR environment testing Taking BRMSDAILY backup jobs KEY CURRICULUM PROJECT Project is about compressing two audio files, making into one and sending it to the receiver such that even when an intruder intrudes he could not find the hidden audio file. Applied the concepts of Cryptography EDUCATION PGDEIM (PG Diploma in Export and Import Management) BSc in Computer Science MCA (Masters in Computer Application) MCA (Masters in Computer Application) CERTIFICATIONS ISO 27001:2005 Lead Auditor ISO 20000 Lead Implementer 2 Green Belt 2 Lean Six Sigma Project 6 Kaizen Project Certified in Computer Hardware and Network Administration Completed ITILV3 Foundation Pursuing CRISC EMPLOYMENT HISTORY Happiest Minds Technologies Associate Manager Jan 2016 – TILL DATE IGATE Global Solutions Project Lead Sep 2007 – Dec 2015 PASSPORT & VISA INFORMATION N5441307 H1 B VISA (Approved & Stamped) REFERENCES Available on request