This document provides a summary of Ishita Kundu's professional experience and qualifications. She has over 5 years of experience in information security, risk and compliance domains including implementation of ISO 27001 and SSAE 16 standards. She has conducted vulnerability assessments, penetration testing, and internal audits for clients in various industries. She is certified in CISA, ISO 27001 Lead Auditor, CEH, and ITIL and is currently preparing for CISSP. She has received recognition awards for her work at Accenture from 2011 to 2015.
1. ISHITA KUNDU
Current Address: Grand Midwest Hotel
Apartment, Flat 502 Dubai
Email: ishita.kundu87@gmail.com
Ph.: +971 526750719
SUMMARY
Audit & Compliance
Possessing 5+ years of experience in the fields of information security, risk & complianc
e domain, business continuity management, ISMS, Strategy and information security
audit
SSAE 16 / ISAE 3402 (earlier SAS70) reporting on controls at a service organization and
its implementation
Implementation of ISO 27001:2013 for major clients in the fields of telecommunication,
commercial and luxury goods, major airlines etc.
Vulnerability assessment and Penetration Testing for multiple clients in various domains
of industry like resources, finance, health etc.
Business Continuity Management
BCP Documentation across multiple projects of different account group
BCP simulation /Paper test
Awareness / Training
Member of New Joiners faculty member and conducting session for all the joiner’s in
Accenture across India starting from new joiners to senior management.
Conducting information security session on the basic do don’t of information security
policy in the new joiner’s orientation
2. Educational Details
Education - Masters of Computer Application (Silver Medallist)
University - Amity University
Year of Passing - 2011
Marks Obtained 86.3%
Education – Bachelor of Computer Application
College - BIT (Mesra)
Year of Passing - 2008
Marks Obtained 91.2%
Education Higher Secondary (Std. XII)
Board West Bengal Council of Higher Secondary Education
Marks Obtained 74.5%
Education Secondary Education (Std. X)
Board Indian Certificate of Secondary Education
Marks Obtained 81.3%
PROFESSIONAL CERTIFICATIONS & TRAININGS
ISO 22301:2013 – BCMS –Trained from ISC^2 - 2016
CISA (16128868) – Certified Information Security Auditor - 2015
ISO 27001: 2013 Lead Auditor - 2015
Certified Ethical Hacker CEHv8.0 - 2013
ITIL ® Foundation for IT Service Management - 2013
BSI – BS 25999 Business Continuity Management System (BCMS) Implementation -
2011
Currently preparing for CISSP
PROFESSIONAL RECOGNITION
Accenture Celebrates Excellence Awards
Awarded Accenture celebrates excellence award for innovative excellence in the team
category in 2014
Awarded Accenture celebrates excellence award for productivity improvement in team
category – FY 2012
Training & Awareness
Awarded certificate of recognition for delivering awareness session in Accenture Delivery
Centre – 2012 on security
ISO 27001
Awarded certificate of appreciation for ISO 27001 certification implementation in 2013
3. CORE SKILLS
Vulnerability Testing
Prioritized list of vulnerabilities found during testing along with effective remediation
recommendations
Summarized and detailed results of port scanning and protocol used
Exploitation results with highlighted critical vulnerabilities
Recommendations to enhance security of your network and architecture
Short term and long-term risk mitigation action plan
Penetration Testing
Penetration testing is used in a variety of contexts and for a wide range of reasons, including
Assessing the type and extent of security-related vulnerabilities in systems and
networks.
Testing network perimeter security.
Empirically verifying the resistance of applications to misuse and exploits.
Supplementing the security audits.
Provide a "litmus test" before allowing a new application or system to go live.
Provide metrics to evaluate the progress of specific areas within a security practice.
Test the security baseline for internal systems.
IT Audit
ISO 27001:2013 and ISO 22301:2013, SSAE-16 framework implementation, assurance &
sustenance
IT Security, Physical Security & Process compliance – risk based audits
Coordinated the role of consultancy for different projects in self-assessment
Vulnerability assessments for the projects and assisted them for the closure of the gaps
Risk Management
Core understanding of ISMS
Asset Management
Vulnerability Assessment
Risk Management
Business Continuity Management
4. Providing SME support for BCP documentation to the management
Coordinating the BCP at an integrated facility level simulation exercises /test on pape
Training
Inculcating information security & BCP awareness and training across the organisations
to the employees
ISO 27001:2013 Implementation
Risk Assessment
Gap Analysis
Development of policies and procedures for the implementation of ISO 27001:2013
Implementation of ISMS framework
Tools
SEC-Point – Vulnerability Assessment
Risk & Compliance Tool (EGRC)
Understanding of the SIEM Solution
Understanding on Mail Marshal / Web Marshal
Trust Wave DLP
Risk and Compliance Tool – Internal to Accenture
PROFESSIONAL EXPERIENCE
Employer: RAS INFOTECH (NOVEMBER 2015 - PRESENT)
Information Security, Risk & Compliance
Working for the implementation of the ISO 27001:2013 for major clients
Performing internal Audits for major clients before the third party risk assessment
Information and Security Awareness programme for external clients
Performing Vulnerability and Penetration testing for major clients
Employer: ACCENTURE (August 2011 - July 2015)
5. Designation: Security Analyst
Information Security, Risk & Compliance
Ensuring the ISO 27001 controls / clauses are correctly implemented and complied with
by conducting a thorough internal audit every year prior to external Re-Certification and
CAV audits
SAE16 (focusing specifically on Management of SLA, Change Request, Data & Security)
clauses are correctly implemented and complied with by conducting a thorough internal
audit every year prior to external Recertification
Assisting leads in information security policies, procedures review - update & approval
at least annually
Performing asset valuation for all information, software and hardware assets
Conducting asset based risk assessments and risk treatment plans and implementation
of ISMS across functions
Gathering information security controls and compliance requirements for client projects
and ensuring compliances in terms of ISO27001, Facilities, Computing Infrastructure,
Network Infrastructure, Information Security, IPR, Confidentiality, Data protection,
Termination etc.
Conducting internal audits before client visit for specific standards like PCI/DSS, HIPPA
etc.
Conducting Contract Compliance internal assessments on delivery projects to:
Measure current project compliance to contractual requirements as per Contract
Compliance tracker
Determine whether controls over contract compliance provide with reasonable as
surance to the management
Provide input to the effectiveness of the Project Contract Compliance
management
Conducting self-assessments for all the projects annually to ensure better internal control
Conducting Project Security Vulnerability Assessments for multiple projects annually to
ensure compliance
PERSONAL DETAILS
Passport Number: G9148270
Nationality: Indian
6. Date of Birth: 07/02/1987
Marital Status: Married
Contact Details: +971 526750719
DECLARATION
I hereby declare that the information given by me is genuine to the best of my knowledge