1. VIJAYAMARNATH E-MAIL: VIJAYAMARNATH@GMAIL.COM C: +919788219201
SUMMARY An IT RISK, ITGC, SOx, ISO27001, SOC1 & 2 and ACCESS MANAGEMENT SPECIALIST whose qualifications
include a master’s degree in Computer Applications with ISO-27001 Lead Auditor certification & ISO 20000
Lead Implementation. Detailed knowledge of technologies and best practices in GRC space. 9+ years of IT
experience which includes GRC (Governance Risk & Compliance), IT General Controls with extensive
knowledge on ISO 27001 , SOx Regulatory ACT, IT Risk Management, Access Management, SOC1 & SOC2
Type I and Type II Audit, Change Management, L2 Support & Maintenance and S/W licensing.
BUSINESS SKILLS Project Lead with 9+ years of experience in managing projects on Internal Audit
Successfully led a team of 11 members in ITGC space
Excellent Project Planning skills and documentation (especially in PPT, excel and SOP preparation)
Experience with all stages of audits which includes identifying, planning, execution/ evaluation,
reporting and testing in areas of Access Management
Sound knowledge in IT Risk Management
Thorough understanding of existing process and strong drive for strategy, innovation and in driving
automation & simplification of process
IT General Control areas of Sarbanes-Oxley Act (SOx) 404 and vast experience in handling Level-2 IT
support activities
Internal audit of ‘Access Management’ and ‘Change Management’ Projects
Certified ISO270001 LA, ISO 20000 LI , ITIL V3 foundation , GREEN BELT and LEAN SIX SIGMA
KEY SKILLS IT Risk Management lifecycle, Access Management, ISO 27001, IT General Controls & Framework,
Regulatory Compliance (SOx), SOC1 and SOC2, Change Management BCP & DR, PCI DSS, Six Sigma
concepts and ITIL V3 Foundation
KEY PROJECTS Future Group Pvt Ltd (AS a Lead Consultant)
Security Risk assessment and consulting for creation of IT policy for FG covering the below
- Worked on for an executive Management report that includes clear recommendations on
security policies along with Potential Risk against each recommends and
- Mapping of recommended controls measures against ISO & PCI
- Prepared a summary listing all the implications if recommended controls
Third Party Assessment - Idea Cellular (As a Lead Consultant)
Design and Deployment of Supplier Security Compliance Framework
Vendor Categorization & Criticality
Development of Self-Assessment Questionnaire
Manage VRM using CoVi Compliance Tool
ISMS Design and Implementation along with PCI DSS - Network 18 (As a Lead consultant)
End-to-end delivery of the project (Ensure the Org is implemented with ISO 27001 standards)
Organized and executedproject as per the project plan
Designed policies and procedure as per ISO 27001:2013 guidelines
2. Page 2
Roll out of 3 InfoSec awareness training sessions across the Org
Effective stakeholder engagement & work closely with Operation Teams, Risk, Legal &
Compliance, IT Technical Team to understand their current day process and lay out optimal ‘TO
BE’ process.
Develop Unified Compliance Framework with Mapping ISO 27001 controls with PCI DSS
requirements to ensure the organization is compliant with both
Provide technology roadmap for control automation
Risk Management – GE Capital Treasury (As a Project Lead)
Work with the IT Leader to address, manage and facilitate the Risks identified during Risk
Assessment
Upload the Risk itemsin the EOR tool (Enterprise & Operational Risk) and track these Itemsuntil
closure
Conduct Bridge calls between Risk Owner, IT Owner and external/internal Auditor to address the
risk status and plan the further steps
Suggest on the Mitigation measure and counter the risk with ideal controls
Follow up with the Risk owner until the Risk is either Transferred or addressed with appropriate
measures
Access & Change Management - GE Capital Treasury (As a Project Lead)
Interacting with respective Application Owner’s (AO) team to resolve compliance issues and
provide recommendation, communication on status of action resolution and bringing to
management issues that require attention tracking corrective actions and to comply with SOX
requirements
Perform periodic accounts audits across SOx/Non-SOx applications, network domains, servers and
databases
Perform periodic review of accounts for all Critical/Non-Critical assets.
Reviewing Segregation of Duties (SoD) matrix reports in Production & Non-Production
environments like Development, QA and Test
Perform Change Management control testing for all the samples provided by Business
Quarterly - System Access Reviews - GE Capital Treasury (As a Technical Lead)
Conduct audits on all in-scope (i.e., Sox / Trade and Banking / Mission Critical) applications comply
with DS5 – Ensure System Security (according to COBIT Framework) review controls and its
associated infrastructures to ensure that all users having appropriate level of access to the
systems.
Handover the audit findings to the Asset Owner and follow up on the remediation action until
closure
Work with the External Auditors and facilitate them on their finding
Preparation of SOW, SOP and other important project related documents like revamping and
enhancement requirementsto the project
Accountable for identification of any IT Risks and treating it appropriately
Software License Management – GE Capital
Perform Audits on all Business, Corporate and Vendor requests
Rollup or remove components / freeware
3. Page 3
Collect entitlements. Compare installs to entitlements to reuse licenses from existing pool
resulting in savings. Transfer entitlements under one user to other or one machine to other
Release software for terminated resource & resource who don’t require the software anymore
Assign licenses & Remediate defects
L2 Support & Maintenance - ADVANCE COMMERCIAL BANKING SYSTEM – ACBS
Foremost job done in As400 area was to submit the EOD Batch process requested by Business
users on demand.
Provisioning and de-provisioning user access per the pre-defined system
Assisting in DR report - Providing RPO and RTO information to Post-Mortem report
Submission of post-mortem report of ACBS application to the DR Team Leader
Capture RTO and RPO values in AS400 while mocking DR environment testing
Taking BRMSDAILY backup jobs
KEY CURRICULUM
PROJECT
Project is about compressing two audio files, making into one and sending it to the receiver such that even
when an intruder intrudes he could not find the hidden audio file. Applied the concepts of Cryptography
EDUCATION PGDEIM (PG Diploma in Export and Import Management)
BSc in Computer Science
MCA (Masters in Computer Application)
MCA (Masters in Computer Application)
CERTIFICATIONS ISO 27001:2005 Lead Auditor
ISO 20000 Lead Implementer
2 Green Belt
2 Lean Six Sigma Project
6 Kaizen Project
Certified in Computer Hardware and Network Administration
Completed ITILV3 Foundation
Pursuing CRISC
EMPLOYMENT
HISTORY
Happiest Minds Technologies Associate Manager Jan 2016 – TILL DATE
IGATE Global Solutions Project Lead Sep 2007 – Dec 2015
PASSPORT
&
VISA
INFORMATION
N5441307
H1 B VISA (Approved & Stamped)
REFERENCES Available on request