POOJA VERMA

+91 9958355578
poojaverma.in@gmail.com
https://www.linkedin.com/in/pooja-verma-pmp-cissp-cisa-cism-ceh-bb34a915/

Pooja is a Governance, Risk and Compliance professional with 16 years of progressive and diversified
experience. She has demonstrated her capabilities in Information security strategy, Third party risk KEY SKILLS & COMPETENCIES
management, Process control domain, Security assessments and compliance audits against various standards
(i.e. ISO 27001, HIPAA, PCI DSS, ISA 62443) while leading projects across multiple geographies. ❑ Information Security Advisory
Her focus on result orientation, timely delivery, solutions, technical know-how and managerial skills has helped
her to exceed client delivery expectations spread across industry sectors i.e. BFSI, Healthcare, Oil and Gas, ❑ Enterprise Risk Management
Telecom, Utility. She is adept in working in volatile, uncertain, complex and ambiguous business environment
with a mindset to efficiently align IT strategies with business goals. ❑ Third Party Risk Management

PROFESSIONAL EXPERIENCE ❑ Application / Vendor Risk Assessment

Accenture, Gurugram (March 2016 - Till date)
❑ Compliance and Security Audits
Associate Manager - Security
❑ Security Policies and Procedures Development
Projects Highlight:
❖ Performed PCI DSS gap assessment and provided remediation plan to a US based retail client for their US ❑ Security Assessment and Roadmap
and Canada regions
❖ ServiceNow Security Operations (SecOps) implementation (Security Incident Response, Vulnerability ❑ Capability Maturity Assessment
Response Management) using Agile methodology for UK based Government client
❑ Industrial Control Systems / OT Security
❖ ServiceNow Governance, Risk and Compliance (GRC) implementation (Policy and Compliance
Management, Risk Management) for Asian Telecom client ❑ Regulatory Compliance (PCI DSS, HIPPA)
❖ Development of IT/OT Threat Model, IT/OT Threat catalog and performing threat assessment in alignment
with industry frameworks (NIST 800-30, COBIT 5 for Risk, ISA 62443) for Arabic Oil and Gas client. ❑ Security Standards & Frameworks (ISO, NIST)
❖ Development of ICS training and awareness material to train operators and other organizational resources
❑ Cloud and Infrastructure Security
❖ Development of cyber security framework, Policy control standard and procedures for IT/OT (IT/OT
convergence) in alignment with industry standards (NIST, ISO 27001, ISA 62443) and regulations (PDPA,
GDPR) for Asian Oil and Gas client. CERTIFICATIONS
❖ Development of Cyber Security Risk management methodology and process for Asian Oil and Gas client to
perform risk assessment for business units and 3rd parties/vendors. Performed risk assessment for third- ❑ ISC2 CISSP [Certification Number – 362060]
party service providers/vendors and provided guidance to client, third party and other stakeholders in
❑ ISACA CISA [Certification Number – 12101654]
identifying risks and potential risk mitigation alternatives.
❖ Develop cyber Security operational model (specifications and procedures), training material, and execution ❑ ISACA CISM [Certification Number – 1529532]
strategy for control systems in alignment with ISA 62443 and ISO 27001 for Arabic Oil and Gas client
❖ Managed new and existing third party (vendor) relationships globally for European Oil and Gas client by ❑ ISACA CDPSE [Certification Number – 2010429]
performing security assessments in compliance with organisation policies and help business make
❑ PMI’s PMP [Certification Number –1456206]
decisions based on the risk associate with that relationship.
❖ Security maturity assessment of IT infrastructure and applications to assess the security posture, determine ❑ EC-Council CEH (Certified Ethical Hacker)
current maturity level and provide roadmap to achieve the target maturity level for Swiss Insurance client.
❑ ITIL V4 (IT Service Management)
Supplementary Responsibilities:
❖ Responding to RFP / RFI's, writing proposals and technical solution documents for potential clients. ❑ MCSE (Microsoft Certified System Engineer)
❖ Support new offering developments by preparing detailed delivery method and associated work products.
❖ Management of capability team and project delivery team (onshore and offshore) TRAININGS ATTENDED
❖ Drive and govern projects delivery as per defined scope of work.
❑ ISO 31000:2009 Risk Management Principles &
HCL Technologies, Noida (February 2014 - March 2016)
Manager – Process and Compliance Guidelines Implementation (BSI)

Responsibilities: ❑ ISO/IEC 20000-1:2011 IT Service Management

❖ Conducting security risk assessment and internal audits for clients of various sectors (i.e. BFSI, Healthcare,
System Auditor/Lead Auditor (BSI)
Utility, Oil and Gas etc.) covering various standards i.e. ISO 27001, PCI DSS, HIPAA)
❖ Ensuring appropriate level of documentation and implementation of security policies and procedures ❑ ISC2 CCSP Certified cloud Securiy Profrssional
❖ Preparedness and facilitation for client/external audits (i.e. ISO 27001, PCI DSS, HIPAA)
❖ Respond to RFP for IT/information security relevant controls/requirements (Koenig Solutions)
❖ Developing, maintaining, and executing plans to ensure compliance with standards (ISO 27001, ISO 20000)
❖ Initiating and facilitating activities to create information security awareness within the organization Page 1|2
❖ Identify process gaps and propose improvement plan to enhance process and improve security posture
❖ Coordination with various teams for closure of audit findings and highlight recurring audit observations
 POOJA VERMA
DLF (DHFL) Pramerica Life Insurance, Gurgaon (December 2012 - February 2014) STANDARDS / FRAMEWORKS EXPERIENCE
Manager – Security and Technology Governance
❑ ISO 27001 (Information Security Management System)
Responsibilities:
❖ Prepare audit calendar and conduct audits / 3rd party Risk assessment as per ISO 27001 for Vendors, Branch ❑ ISO 31000 (Risk Management Principles & Guidelines)
Offices, IT Infrastructure, Data center, Applications, User access recertification for application / database
❖ Create, review and communicate information security policies and procedures across organization ❑ ISO 20000 (IT Service Management)
❖ Coordinate with different functions across organization for various information security initiatives
❑ ISO 19600 (Compliance Management Systems)
❖ Drive information security awareness program across organization
❖ Publish monthly performance dashboard to senior management on Information Security performance ❑ ISA 62443 (Industrial Automation and Control Systems)
❖ Perform audit reporting and action plan tracking and coordinate for closure
❑ ISO 9001 (Quality Management)
❖ Carry out evaluation of new initiatives and projects from security standpoint

Birlasoft (India) Limited, Noida (March 2010 – November 2012) ❑ PCI DSS (Payment Card Industry Data Security Standard)

Assistant Manager – Compliance and Security ❑ HIPAA (Health Insurance Portability and Accountability)

Responsibilities: ❑ NIST SP 800-30, SP 800-39 (Guide for Applying the

❖ Implementation and monitoring of information security controls for fortune 5 customer
❖ Development, communication and maintenance of Information security policies and procedures IT Risk Management Framework)

❖ Provide compliance and security induction, awareness and role-based trainings to users/support functions ❑ NIST SP 800-53r4 (Securty and Privacy controls)
❖ Provide security awareness across organization by awareness mailers, quiz, workshops, assessments etc.
❖ Facilitates external audits and achieve acceptable audit ranking ❑ NIST SP 800-82r2 (Guide to Industrial Control

❖ Conduct internal audits and reviews to identify non-conformities and propose corrective actions Systems (ICS) Security)
❖ Participation in asset classification and ownership, risk assessment and Business Impact Assessment (BIA)
❖ Maintain, review and periodically test business continuity/Disaster recovery plan for all critical projects ❑ COBIT 5 for risk (Control Objectives for Information

❖ Integrate information security incident response plan with the disaster recovery/business continuity plan and Related Technology)
❖ Conduct RCA to identify the cause of the Infosec incident, develop corrective actions and reassess risk
❑ GDPR (General Data Protection Regulation)
HCL Comnet Ltd., Noida (July 2007 – March 2010)
❑ PDPA (Personal data protection Act 2010)
Senior Analyst – Security
Responsibilities: ACADEMICS
❖ Solution consulting, process designing and management and monitoring for IT and Security services
❖ Analyse information (i.e. event logs, IDAM, vulnerability data) to diagnose and manage security problems ❑ Master’s in Business Administration
❖ Vulnerability scans, Risk management, Security incident Investigation and Security health check
❖ Conduct RCA to identify the cause of the incident, plan for preventive/corrective actions and reassessment. (International Business)
`
❖ Conduct gap assessment and defined remediation process for identified security risks
❑ Master’s in Computer Applications
❖ Develop Run Books/Handbooks, SOP’s and Work Instruction
❖ Involved in creation and presentation of monthly and quarterly business review metrics ❑ Bachelor’s in Computer Applications

WNS Global Services (P) Ltd., Gurgaon (November 2006 – June 2007)
IT Executive PERSONAL DETAILS

Responsibilities: ❑ Year of Birth: 1983

❖ System and Network administration of network (Windows domain server, Exchange Server and File Server).
❑ Language Proficiency: English and Hindi
❖ Work on solutions including firewall, VPN, Anti-Virus, Patch management and content inspection
❖ Monitor of email traffic and Monitoring of network bandwidth using NetFlow analyzer ❑ Nationality: Indian
❖ Perform Network scanning and analysis of network traffic/systems for signs of intrusion and policy violation.
❑ Address of Residence: G1108, Mantri Tranquil,
BCMT, Gohana (July 2005 – November 2006)
Gubbalala, Kanakpura road, Bangaluru -560061
IT Engineer
(Karnataka)
Responsibilities:
❖ Acted as Intranet webmaster and helped create and administer security policies
❖ Assess threats, risks, and vulnerabilities from emerging security issues
❖ Antivirus and patch management for all desktop/ laptop/ servers and File and folder access management

Page 2|2