1. ISHITA KUNDU
Current Address: Grand Midwest Hotel
Apartment, Flat 502 Dubai
Email: ishita.kundu87@gmail.com
Ph.: +971 526750719
SUMMARY
Audit & Compliance
Possessing 5+ years of experience in the fields of information security, risk & complianc
e domain, business continuity management, ISMS, Strategy and information security
audit
SSAE 16 / ISAE 3402 (earlier SAS70) reporting on controls at a service organization and
its implementation
Implementation of ISO 27001:2013 for major clients in the fields of telecommunication,
commercial and luxury goods, major airlines etc.
Vulnerability assessment for multiple clients in various domains of industry like
resources, finance, health etc.
Business Continuity Management
BCP Documentation across multiple projects of different account group
BCP simulation /Paper test
Awareness / Training
Member of New Joiners faculty member and conducting session for all the joiner’s in
Accenture across India starting from new joiners to senior management.
Conducting information security session on the basic do don’t of information security
policy in the new joiner’s orientation
2. Educational Details
Education - Masters of Computer Application (Silver Medallist)
University - Amity University
Year of Passing - 2011
Marks Obtained 86.3%
Education – Bachelor of Computer Application
College - BIT (Mesra)
Year of Passing - 2008
Marks Obtained 91.2%
Education Higher Secondary (Std. XII)
Board West Bengal Council of Higher Secondary Education
Marks Obtained 74.5%
Education Secondary Education (Std. X)
Board Indian Certificate of Secondary Education
Marks Obtained 81.3%
PROFESSIONAL CERTIFICATIONS & TRAININGS
ISO 22301:2013 – BCMS –Trained from ISC^2 - 2016
CISA (16128868) – Certified Information Security Auditor - 2015
ISO 27001: 2013 Lead Auditor - 2015
Certified Ethical Hacker CEHv8.0 - 2013
ITIL ® Foundation for IT Service Management - 2013
BSI – BS 25999 Business Continuity Management System (BCMS) Implementation -
2011
Currently preparing for CISSP
PROFESSIONAL RECOGNITION
Accenture Celebrates Excellence Awards
Awarded Accenture celebrates excellence award for innovative excellence in the team
category in 2014
Awarded Accenture celebrates excellence award for productivity improvement in team
category – FY 2012
Training & Awareness
Awarded certificate of recognition for delivering awareness session in Accenture Delivery
Centre – 2012 on security
ISO 27001
Awarded certificate of appreciation for ISO 27001 certification implementation in 2013
3. CORE SKILLS
IT Audit
ISO 27001:2013 and ISO 22301:2013, SSAE-16 framework implementation, assurance &
sustenance
IT Security, Physical Security & Process compliance – risk based audits
Coordinated the role of consultancy for different projects in self-assessment
Vulnerability assessments for the projects and assisted them for the closure of the gaps
Risk Management
Core understanding of ISMS
Asset Management
Vulnerability Assessment
Risk Management
Business Continuity Management
Providing SME support for BCP documentation to the management
Coordinating the BCP at an integrated facility level simulation exercises /test on paper
Training
Inculcating information security & BCP awareness and training across the organisations
to the employees
Tools
SEC-Point – Vulnerability Assessment
Risk & Compliance Tool (EGRC)
Understanding of the SIEM Solution
Understanding on Mail Marshal / Web Marshal
Trust Wave DLP
4. PROFESSIONAL EXPERIENCE
Employer: RAS INFOTECH (NOVEMBER 2015 - PRESENT)
Information Security, Risk & Compliance
Working for the implementation of the ISO 27001:2013 for major clients
Performing internal Audits for major clients before the third party risk assessment
Information and Security Awareness programme for external clients
Performing Vulnerability and Penetration testing for major clients
Employer: ACCENTURE (August 2011 - July 2015)
Designation: Security Analyst
Information Security, Risk & Compliance
Ensuring the ISO 27001 controls / clauses are correctly implemented and complied with
by conducting a thorough internal audit every year prior to external Re-Certification and
CAV audits
SAE16 (focusing specifically on Management of SLA, Change Request, Data & Security)
clauses are correctly implemented and complied with by conducting a thorough internal
audit every year prior to external Recertification
Assisting leads in information security policies, procedures review - update & approval
at least annually
Performing asset valuation for all information, software and hardware assets
Conducting asset based risk assessments and risk treatment plans and implementation
of ISMS across functions
Gathering information security controls and compliance requirements for client projects
and ensuring compliances in terms of ISO27001, Facilities, Computing Infrastructure,
Network Infrastructure, Information Security, IPR, Confidentiality, Data protection,
Termination etc.
Conducting internal audits before client visit for specific standards like PCI/DSS, HIPPA
etc.
5. Conducting Contract Compliance internal assessments on delivery projects to:
Measure current project compliance to contractual requirements as per Contract
Compliance tracker
Determine whether controls over contract compliance provide with reasonable as
surance to the management
Provide input to the effectiveness of the Project Contract Compliance
management
Conducting self-assessments for all the projects annually to ensure better internal control
Conducting Project Security Vulnerability Assessments for multiple projects annually to
ensure compliance
PERSONAL DETAILS
Passport Number: G9148270
Nationality: Indian
Date of Birth: 07/02/1987
Marital Status: Married
Contact Details: +971 526750719
DECLARATION
I hereby declare that the information given by me is genuine to the best of my knowledge