SlideShare a Scribd company logo

Resume_IshitaKundu_CISA

Ishita Kundu
Ishita Kundu

This document provides a summary of Ishita Kundu's professional experience and qualifications. She has over 5 years of experience in information security, risk and compliance domains including implementation of ISO 27001 and SSAE 16 standards. She has conducted vulnerability assessments, penetration testing, and internal audits for clients in various industries. She is certified in CISA, ISO 27001 Lead Auditor, CEH, and ITIL and is currently preparing for CISSP. She has received recognition awards for her work at Accenture from 2011 to 2015.

1 of 6
Download to read offline
ISHITA KUNDU Current Address: Grand Midwest Hotel Apartment, Flat 502 Dubai Email: ishita.kundu87@gmail.com Ph.: +971 526750719 SUMMARY Audit & Compliance  Possessing 5+ years of experience in the fields of information security, risk & complianc e domain, business continuity management, ISMS, Strategy and information security audit  SSAE 16 / ISAE 3402 (earlier SAS70) reporting on controls at a service organization and its implementation  Implementation of ISO 27001:2013 for major clients in the fields of telecommunication, commercial and luxury goods, major airlines etc.  Vulnerability assessment and Penetration Testing for multiple clients in various domains of industry like resources, finance, health etc. Business Continuity Management  BCP Documentation across multiple projects of different account group  BCP simulation /Paper test Awareness / Training  Member of New Joiners faculty member and conducting session for all the joiner’s in Accenture across India starting from new joiners to senior management.  Conducting information security session on the basic do don’t of information security policy in the new joiner’s orientation
Educational Details Education - Masters of Computer Application (Silver Medallist) University - Amity University Year of Passing - 2011 Marks Obtained 86.3% Education – Bachelor of Computer Application College - BIT (Mesra) Year of Passing - 2008 Marks Obtained 91.2% Education Higher Secondary (Std. XII) Board West Bengal Council of Higher Secondary Education Marks Obtained 74.5% Education Secondary Education (Std. X) Board Indian Certificate of Secondary Education Marks Obtained 81.3% PROFESSIONAL CERTIFICATIONS & TRAININGS  ISO 22301:2013 – BCMS –Trained from ISC^2 - 2016  CISA (16128868) – Certified Information Security Auditor - 2015  ISO 27001: 2013 Lead Auditor - 2015  Certified Ethical Hacker CEHv8.0 - 2013  ITIL ® Foundation for IT Service Management - 2013  BSI – BS 25999 Business Continuity Management System (BCMS) Implementation - 2011  Currently preparing for CISSP PROFESSIONAL RECOGNITION Accenture Celebrates Excellence Awards  Awarded Accenture celebrates excellence award for innovative excellence in the team category in 2014  Awarded Accenture celebrates excellence award for productivity improvement in team category – FY 2012 Training & Awareness  Awarded certificate of recognition for delivering awareness session in Accenture Delivery Centre – 2012 on security ISO 27001  Awarded certificate of appreciation for ISO 27001 certification implementation in 2013
CORE SKILLS Vulnerability Testing  Prioritized list of vulnerabilities found during testing along with effective remediation recommendations  Summarized and detailed results of port scanning and protocol used  Exploitation results with highlighted critical vulnerabilities  Recommendations to enhance security of your network and architecture  Short term and long-term risk mitigation action plan Penetration Testing Penetration testing is used in a variety of contexts and for a wide range of reasons, including  Assessing the type and extent of security-related vulnerabilities in systems and networks.  Testing network perimeter security.  Empirically verifying the resistance of applications to misuse and exploits.  Supplementing the security audits.  Provide a "litmus test" before allowing a new application or system to go live.  Provide metrics to evaluate the progress of specific areas within a security practice.  Test the security baseline for internal systems. IT Audit  ISO 27001:2013 and ISO 22301:2013, SSAE-16 framework implementation, assurance & sustenance  IT Security, Physical Security & Process compliance – risk based audits  Coordinated the role of consultancy for different projects in self-assessment  Vulnerability assessments for the projects and assisted them for the closure of the gaps Risk Management  Core understanding of ISMS  Asset Management  Vulnerability Assessment  Risk Management Business Continuity Management
 Providing SME support for BCP documentation to the management  Coordinating the BCP at an integrated facility level simulation exercises /test on pape Training  Inculcating information security & BCP awareness and training across the organisations to the employees ISO 27001:2013 Implementation  Risk Assessment  Gap Analysis  Development of policies and procedures for the implementation of ISO 27001:2013  Implementation of ISMS framework Tools  SEC-Point – Vulnerability Assessment  Risk & Compliance Tool (EGRC)  Understanding of the SIEM Solution  Understanding on Mail Marshal / Web Marshal  Trust Wave DLP  Risk and Compliance Tool – Internal to Accenture PROFESSIONAL EXPERIENCE Employer: RAS INFOTECH (NOVEMBER 2015 - PRESENT) Information Security, Risk & Compliance  Working for the implementation of the ISO 27001:2013 for major clients  Performing internal Audits for major clients before the third party risk assessment  Information and Security Awareness programme for external clients  Performing Vulnerability and Penetration testing for major clients Employer: ACCENTURE (August 2011 - July 2015)
Designation: Security Analyst Information Security, Risk & Compliance  Ensuring the ISO 27001 controls / clauses are correctly implemented and complied with by conducting a thorough internal audit every year prior to external Re-Certification and CAV audits  SAE16 (focusing specifically on Management of SLA, Change Request, Data & Security) clauses are correctly implemented and complied with by conducting a thorough internal audit every year prior to external Recertification  Assisting leads in information security policies, procedures review - update & approval at least annually  Performing asset valuation for all information, software and hardware assets  Conducting asset based risk assessments and risk treatment plans and implementation of ISMS across functions  Gathering information security controls and compliance requirements for client projects and ensuring compliances in terms of ISO27001, Facilities, Computing Infrastructure, Network Infrastructure, Information Security, IPR, Confidentiality, Data protection, Termination etc.  Conducting internal audits before client visit for specific standards like PCI/DSS, HIPPA etc.  Conducting Contract Compliance internal assessments on delivery projects to:  Measure current project compliance to contractual requirements as per Contract Compliance tracker  Determine whether controls over contract compliance provide with reasonable as surance to the management  Provide input to the effectiveness of the Project Contract Compliance management  Conducting self-assessments for all the projects annually to ensure better internal control  Conducting Project Security Vulnerability Assessments for multiple projects annually to ensure compliance PERSONAL DETAILS Passport Number: G9148270 Nationality: Indian
Date of Birth: 07/02/1987 Marital Status: Married Contact Details: +971 526750719 DECLARATION I hereby declare that the information given by me is genuine to the best of my knowledge

Recommended

Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
Ishita Kundu
 
Resume-Ishita_Kundu_2015
Resume-Ishita_Kundu_2015Resume-Ishita_Kundu_2015
Resume-Ishita_Kundu_2015
Ishita Kundu
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - Updated
Vijay Amarnath
 

Recommended

Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
Ishita Kundu
 
Resume-Ishita_Kundu_2015
Resume-Ishita_Kundu_2015Resume-Ishita_Kundu_2015
Resume-Ishita_Kundu_2015
Ishita Kundu
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - Updated
Vijay Amarnath
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...
adeel hamid
 
Balaji Jagan -Resume
Balaji Jagan -ResumeBalaji Jagan -Resume
Balaji Jagan -Resume
Balaji Jagannathan
 
Feedback access control 1
Feedback access control 1Feedback access control 1
Feedback access control 1
Lynden Jones
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
mcloete
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC Training
Tonex
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic InsightsReliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights
Arrelic
 
Securadyne_Consulting_Services
Securadyne_Consulting_ServicesSecuradyne_Consulting_Services
Securadyne_Consulting_Services
JAMES E. McDONALD, PSNA
 
SOC 2 | SOC 2 Compliance
SOC 2 | SOC 2 ComplianceSOC 2 | SOC 2 Compliance
SOC 2 | SOC 2 Compliance
himalya sharma
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
Intland Software GmbH
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
powertech
 
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
GlobalCompliancePanel
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
Beingcert_Certifications
 
Secured Remote Solutions for Critical Plant Assets
Secured Remote Solutions for Critical Plant AssetsSecured Remote Solutions for Critical Plant Assets
Secured Remote Solutions for Critical Plant Assets
Yokogawa
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
Divya Tiwari
 
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
GlobalCompliancePanel
 
Resume Joe Johnston
Resume Joe JohnstonResume Joe Johnston
Resume Joe Johnston
Joe Johnston CISA CISM
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
Barry Caplin
 
Final final soldadura
Final final soldaduraFinal final soldadura
Final final soldadura
Guilmar_medina
 
MaaradFelahi
MaaradFelahiMaaradFelahi
MaaradFelahi
James Robert Stratton
 

More Related Content

What's hot

Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC Training
Tonex
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
Intland Software GmbH
 

What's hot (20)

Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...
 
Balaji Jagan -Resume
Balaji Jagan -ResumeBalaji Jagan -Resume
Balaji Jagan -Resume
 
Feedback access control 1
Feedback access control 1Feedback access control 1
Feedback access control 1
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC Training
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic InsightsReliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights
 
Securadyne_Consulting_Services
Securadyne_Consulting_ServicesSecuradyne_Consulting_Services
Securadyne_Consulting_Services
 
SOC 2 | SOC 2 Compliance
SOC 2 | SOC 2 ComplianceSOC 2 | SOC 2 Compliance
SOC 2 | SOC 2 Compliance
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
 
Secured Remote Solutions for Critical Plant Assets
Secured Remote Solutions for Critical Plant AssetsSecured Remote Solutions for Critical Plant Assets
Secured Remote Solutions for Critical Plant Assets
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
 
Resume Joe Johnston
Resume Joe JohnstonResume Joe Johnston
Resume Joe Johnston
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 

Viewers also liked

Space on lease for call center seats in gurgaon
Space on lease for call center seats in gurgaonSpace on lease for call center seats in gurgaon
Space on lease for call center seats in gurgaon
Global Propertiez Real Estate Consultant Gurgaon, Haryana (India)
 

Viewers also liked (7)

Final final soldadura
Final final soldaduraFinal final soldadura
Final final soldadura
 
MaaradFelahi
MaaradFelahiMaaradFelahi
MaaradFelahi
 
Lesson Plan 1
Lesson Plan 1Lesson Plan 1
Lesson Plan 1
 
Office space in sohna road gurgaon
Office space in sohna road gurgaonOffice space in sohna road gurgaon
Office space in sohna road gurgaon
 
Furnished office space for lease in mg road gurgaon
Furnished office space for lease in mg road gurgaonFurnished office space for lease in mg road gurgaon
Furnished office space for lease in mg road gurgaon
 
Space on lease for call center seats in gurgaon
Space on lease for call center seats in gurgaonSpace on lease for call center seats in gurgaon
Space on lease for call center seats in gurgaon
 
Major characters of oliver twist
Major characters of oliver twistMajor characters of oliver twist
Major characters of oliver twist
 

Similar to Resume_IshitaKundu_CISA

Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
Ishita Kundu
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Resume-APOORVA KABRA
Resume-APOORVA KABRAResume-APOORVA KABRA
Resume-APOORVA KABRA
Apoorva Kabra
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
Resume-Amit 1.0
Resume-Amit 1.0Resume-Amit 1.0
Resume-Amit 1.0
Amit Verma
 
Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
Venkatesh M S
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
Birendra Raturi
 

Similar to Resume_IshitaKundu_CISA (20)

Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISA
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
Mahalakshmi_Profile
Mahalakshmi_ProfileMahalakshmi_Profile
Mahalakshmi_Profile
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
G-CISO
G-CISOG-CISO
G-CISO
 
Resume-APOORVA KABRA
Resume-APOORVA KABRAResume-APOORVA KABRA
Resume-APOORVA KABRA
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
Resume-Amit 1.0
Resume-Amit 1.0Resume-Amit 1.0
Resume-Amit 1.0
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
 
Maximize Data Security with ISO 27001 Certification in Saudi Arabia.pdf
Maximize Data Security with ISO 27001 Certification in Saudi Arabia.pdfMaximize Data Security with ISO 27001 Certification in Saudi Arabia.pdf
Maximize Data Security with ISO 27001 Certification in Saudi Arabia.pdf
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Pankaj's Resume Information Security Professional
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security Professional
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
 

Resume_IshitaKundu_CISA

  • 1. ISHITA KUNDU Current Address: Grand Midwest Hotel Apartment, Flat 502 Dubai Email: ishita.kundu87@gmail.com Ph.: +971 526750719 SUMMARY Audit & Compliance  Possessing 5+ years of experience in the fields of information security, risk & complianc e domain, business continuity management, ISMS, Strategy and information security audit  SSAE 16 / ISAE 3402 (earlier SAS70) reporting on controls at a service organization and its implementation  Implementation of ISO 27001:2013 for major clients in the fields of telecommunication, commercial and luxury goods, major airlines etc.  Vulnerability assessment and Penetration Testing for multiple clients in various domains of industry like resources, finance, health etc. Business Continuity Management  BCP Documentation across multiple projects of different account group  BCP simulation /Paper test Awareness / Training  Member of New Joiners faculty member and conducting session for all the joiner’s in Accenture across India starting from new joiners to senior management.  Conducting information security session on the basic do don’t of information security policy in the new joiner’s orientation
  • 2. Educational Details Education - Masters of Computer Application (Silver Medallist) University - Amity University Year of Passing - 2011 Marks Obtained 86.3% Education – Bachelor of Computer Application College - BIT (Mesra) Year of Passing - 2008 Marks Obtained 91.2% Education Higher Secondary (Std. XII) Board West Bengal Council of Higher Secondary Education Marks Obtained 74.5% Education Secondary Education (Std. X) Board Indian Certificate of Secondary Education Marks Obtained 81.3% PROFESSIONAL CERTIFICATIONS & TRAININGS  ISO 22301:2013 – BCMS –Trained from ISC^2 - 2016  CISA (16128868) – Certified Information Security Auditor - 2015  ISO 27001: 2013 Lead Auditor - 2015  Certified Ethical Hacker CEHv8.0 - 2013  ITIL ® Foundation for IT Service Management - 2013  BSI – BS 25999 Business Continuity Management System (BCMS) Implementation - 2011  Currently preparing for CISSP PROFESSIONAL RECOGNITION Accenture Celebrates Excellence Awards  Awarded Accenture celebrates excellence award for innovative excellence in the team category in 2014  Awarded Accenture celebrates excellence award for productivity improvement in team category – FY 2012 Training & Awareness  Awarded certificate of recognition for delivering awareness session in Accenture Delivery Centre – 2012 on security ISO 27001  Awarded certificate of appreciation for ISO 27001 certification implementation in 2013
  • 3. CORE SKILLS Vulnerability Testing  Prioritized list of vulnerabilities found during testing along with effective remediation recommendations  Summarized and detailed results of port scanning and protocol used  Exploitation results with highlighted critical vulnerabilities  Recommendations to enhance security of your network and architecture  Short term and long-term risk mitigation action plan Penetration Testing Penetration testing is used in a variety of contexts and for a wide range of reasons, including  Assessing the type and extent of security-related vulnerabilities in systems and networks.  Testing network perimeter security.  Empirically verifying the resistance of applications to misuse and exploits.  Supplementing the security audits.  Provide a "litmus test" before allowing a new application or system to go live.  Provide metrics to evaluate the progress of specific areas within a security practice.  Test the security baseline for internal systems. IT Audit  ISO 27001:2013 and ISO 22301:2013, SSAE-16 framework implementation, assurance & sustenance  IT Security, Physical Security & Process compliance – risk based audits  Coordinated the role of consultancy for different projects in self-assessment  Vulnerability assessments for the projects and assisted them for the closure of the gaps Risk Management  Core understanding of ISMS  Asset Management  Vulnerability Assessment  Risk Management Business Continuity Management
  • 4.  Providing SME support for BCP documentation to the management  Coordinating the BCP at an integrated facility level simulation exercises /test on pape Training  Inculcating information security & BCP awareness and training across the organisations to the employees ISO 27001:2013 Implementation  Risk Assessment  Gap Analysis  Development of policies and procedures for the implementation of ISO 27001:2013  Implementation of ISMS framework Tools  SEC-Point – Vulnerability Assessment  Risk & Compliance Tool (EGRC)  Understanding of the SIEM Solution  Understanding on Mail Marshal / Web Marshal  Trust Wave DLP  Risk and Compliance Tool – Internal to Accenture PROFESSIONAL EXPERIENCE Employer: RAS INFOTECH (NOVEMBER 2015 - PRESENT) Information Security, Risk & Compliance  Working for the implementation of the ISO 27001:2013 for major clients  Performing internal Audits for major clients before the third party risk assessment  Information and Security Awareness programme for external clients  Performing Vulnerability and Penetration testing for major clients Employer: ACCENTURE (August 2011 - July 2015)
  • 5. Designation: Security Analyst Information Security, Risk & Compliance  Ensuring the ISO 27001 controls / clauses are correctly implemented and complied with by conducting a thorough internal audit every year prior to external Re-Certification and CAV audits  SAE16 (focusing specifically on Management of SLA, Change Request, Data & Security) clauses are correctly implemented and complied with by conducting a thorough internal audit every year prior to external Recertification  Assisting leads in information security policies, procedures review - update & approval at least annually  Performing asset valuation for all information, software and hardware assets  Conducting asset based risk assessments and risk treatment plans and implementation of ISMS across functions  Gathering information security controls and compliance requirements for client projects and ensuring compliances in terms of ISO27001, Facilities, Computing Infrastructure, Network Infrastructure, Information Security, IPR, Confidentiality, Data protection, Termination etc.  Conducting internal audits before client visit for specific standards like PCI/DSS, HIPPA etc.  Conducting Contract Compliance internal assessments on delivery projects to:  Measure current project compliance to contractual requirements as per Contract Compliance tracker  Determine whether controls over contract compliance provide with reasonable as surance to the management  Provide input to the effectiveness of the Project Contract Compliance management  Conducting self-assessments for all the projects annually to ensure better internal control  Conducting Project Security Vulnerability Assessments for multiple projects annually to ensure compliance PERSONAL DETAILS Passport Number: G9148270 Nationality: Indian
  • 6. Date of Birth: 07/02/1987 Marital Status: Married Contact Details: +971 526750719 DECLARATION I hereby declare that the information given by me is genuine to the best of my knowledge