Yogesh Naik

I aspire to contribute my skills and expertise in a dynamic and challenging work environment, continually enhancing the value I bring to both the organization I represent and my personal development. I am eager to seize opportunities that foster knowledge growth while concurrently upgrading my skills. I welcome any chance to further expand my quest for knowledge, utilizing it to develop innovative methods and solutions that enhance work processes for greater efficiency and effectiveness.

My educational background, collaborative teamwork capabilities, and analytical skills serve as additional assets. As an experienced professional in the information technology and services industry, I have a proven track record in areas such as Risk Management, Information Security Awareness, Compliance Monitoring, Audit Management (ISO 27001:2013, SSAE 16, IT General Controls around Financial Reporting), Business Continuity Management, Project Management, Internal Audit, and Requirements Analysis. I hold a PGDM with a focus on Information Management from Welingkar Institute of Management.

• Master's in Information Management, Mumbai University, Information Management, 05/2015, C Grade
• Bachelor of Science, Mumbai University, Science, Information Technology, 04/2008, 69.93%
• HSC, Pune University, Commerce, 02/2005, 69.17%
• SSC, Pune University, SSC, 03/2003, 76.66%

• As an Information Security Advisory Consultant with IBM India from 02/2018 to present
• Understand and evaluate the Client IT Infrastructure and explore for gaps in Security.
• Help client in aligning the Infrastructure Design and IT Security Policies with the business environment, ISO-27001 and NESA compliance.
• Manage and mentor team performing vulnerability assessment & penetration testing for client assets.
• Conduct Risk Analysis and prepare Risk Registers.
• Help client in formulation of IT Policies/Procedures and other documents to implement security controls.
• Oversee Security Implementation and suggest best practices.
• Manage ISMS internal & external audits and also manage other audits for the organization viz. SSAE16, IT General Controls and customer audits.
• Improve the organization's overall security posture through regular security audits, technical assessments, and awareness campaigns.
• Conduct risk assessment across all IT applications and infrastructure to assess risk posture and highlight residual risk to the client management.
• Identify security controls for performance monitoring and effectiveness measurements.
• Draft the Risk Dashboard to be presented to the Organization's leadership committee.

• Quinnox Consultancy Services Limited, Information Security Manager, As an Information Security Manager with Quinnox Consultancy Services Limited from 12/2015 to 02/2018
• Successfully achieved and maintained the desired ISO 27001 Certification for Quinnox India across 3 locations.
• Manage ISMS internal & external audits and also manage other audits for the organization viz. SSAE16, IT General Controls and customer audits.
• Manage and work with key departments of the organization to establish a working Business Continuity Plan for the project as well as organisation wide plan.
• Successfully ensured information security awareness at all levels of the organization through security newsletters and class room training.
• Improved the organization's overall security posture through regular security audits, technical assessments and awareness campaigns.
• Conducted risk assessment across all departments and functions to assess risk posture and highlight residual risk to the management.
• Drafted the Risk Management Report to be presented to the organization's leadership committee.
• Evaluate products and technologies identified through risk mitigation.
• Identified security controls for performance monitoring and effectiveness measurements.
• Implemented Managed Security Services within the IT department in order to proactively monitor key and critical IT components and report on security breaches.
• TechProcess Payments Services Ltd, Information Security Manager, As an Information Security Manager with TechProcess Payments Services Ltd from 06/2015 to 12/2015
• Ensure compliance with the various client policy requirements including regulatory and audits. Ensure compliance with various RBI guidelines.
• Manages quarterly audits planning, training, testing and reporting for the organisation.
• Compliance Operations, Internal Audit and structuring of ISMS & QMS for the organisation.
• Conducting Audits, reporting non-conformities in the process and analysing the root causes for issues, assisting business owners with issue resolution and designing corrective actions (CAP's)
• Assist in documentation for organisation wide policies and procedures.
• Coordinate and interact with other external client audit teams.
• Coordinate with the teams for documentation and preparation for facing the external audits.
• Conduct risk assessment for technology and operation units.
• Conduct organisation wide training for implementation of ISMS and QMS standards.
• Tata Consultancy Services (TCS), Compliance Officer, As a Compliance Officer with Tata Consultancy Services (TCS) from 08/2008 to 09/2012 and 07/2013 to 05/2015
• Supports Technology Compliance unit to ensure compliance with the various Citigroup policy requirements including contractual, regulatory and audit standard.
• Manages quarterly RCSA planning, training, testing and reporting for Technology SBU (unit performs Application UAT and SDLC support activities)
• Compliance Operations, Internal Audit and structuring of integrated Quality Management System for Technology SBU.
• Conducting Audits, reporting non-conformities in the process and analysing the root cause for issues, assisting business owners with issue resolution and designing corrective actions (CAP's)
• Assist in process documentation for units like UAT defect management, change management and Entitlements.
• Coordinate and interact with Audit Risk Review, Process Risk Review and other external audit teams like SSAE16, SoX, client audits, etc.
• Coordinate with the teams for documentation and other support activities for the external audits.
• Prepare audit checklist for projects and conduct assessment during migration. Also validate compliance of the regulatory requirements. Perform risk assessment to identify residual risk post migration.
• Conduct risk assessment for all projects.
• Tata Consultancy Services (TCS), Risk Management Tool Consultant, As a Risk Management Tool Consultant with Tata Consultancy Services (TCS) from 07/2013 to 05/2015
• Providing business requirements for improving existing operation risk management tool.
• Analyse client requirements and study of various market available GRC tools.
• Providing enhancement suites from client requirements and market tools.
• Productise the tool as a TCS product/tool for operation risk management.
• HDFC Bank, Internal Auditor, As an Internal Auditor with HDFC Bank from 10/2012 to 04/2013
• Conducting Risk based IT Audits as per RBI, COBIT, SOX, ISO 27001, ISO 20000 standards and regulatory requirements
• Performed vulnerability assessment (VA) for business critical applications based on Application Security Standard implemented in the Bank
• Penetration Testing (PT) for Web Applications and Server Audits as required
• Performed audits for various web applications, servers, Datacentre, RSA, RA Audit, BCP and DR
• Helping bank and its processes to adhere with the various circulars published by RBI and the various standards bank has adopted.
• Provide expert advice to the Bank, ensuring compliance and conformance, on COBIT standards and, generally, on information risk analysis/management.
• Implement and enforce suitable and relevant information security policies, ensuring that these are compliant and other legislation and regulations related to information security; reviewing policies on a regular basis.
• Investigate suspected and actual breaches of security and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions.
• Continuously assess the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.

• Certified Information Systems Auditor (CISA), 09/2016
• ISO 22301 (Business Continuity Management System), 02/2013
• ISO 27001 Lead Auditor, 12/2011
• TCS - Internal Certified Auditor, 01/2011
• ISMS – Implementation, 11/2010
• Certified Six Sigma Yellow Belt, 10/2008

• Total Experience: Over 12 years of experience in information security management and audit management with focus on process and control assessment. Also has good knowledge and exposure of Risk and Control Self-Assessment (RCSA) and other compliance initiatives (Process Criticality Assessment, coordinate external reviews, quarterly reporting, tracking Corrective Actions, Deviations etc.) Experienced in lifecycle management of Information Security Standard ISO 27001:2013, Information Security Risk Management, IT Service Management, Information Security Awareness, Compliance Management, Audit Management (ISO 27001:2013, SSAE 16, IT General Controls around Financial Reporting, IT Asset Management), Business Continuity Management, Project & People Management, Technology & Product Evaluation, Business Management, Management Reporting, GDPR, Liaising with internal & external customers to ensure Information Security Assurance.
• Passport Number: U8319807
• Passport Date Of Issue: 10/11/2020
• Passport Place Of Issue: Mumbai
• Date of Birth: 08/05/1987
• Nationality: Indian

Certified Information Systems Auditor