Professional Documents
Culture Documents
PoojaVerma (15 0)
PoojaVerma (15 0)
PoojaVerma (15 0)
+91 9958355578
poojaverma.in@gmail.com
https://www.linkedin.com/in/pooja-verma-pmp-cissp-cisa-cism-ceh-bb34a915/
Pooja is a Governance, Risk and Compliance professional with 16 years of progressive and diversified
experience. She has demonstrated her capabilities in Information security strategy, Third party risk KEY SKILLS & COMPETENCIES
management, Process control domain, Security assessments and compliance audits against various standards
(i.e. ISO 27001, HIPAA, PCI DSS, ISA 62443) while leading projects across multiple geographies. ❑ Information Security Advisory
Her focus on result orientation, timely delivery, solutions, technical know-how and managerial skills has helped
her to exceed client delivery expectations spread across industry sectors i.e. BFSI, Healthcare, Oil and Gas, ❑ Enterprise Risk Management
Telecom, Utility. She is adept in working in volatile, uncertain, complex and ambiguous business environment
with a mindset to efficiently align IT strategies with business goals. ❑ Third Party Risk Management
Birlasoft (India) Limited, Noida (March 2010 – November 2012) ❑ PCI DSS (Payment Card Industry Data Security Standard)
Assistant Manager – Compliance and Security ❑ HIPAA (Health Insurance Portability and Accountability)
❖ Provide compliance and security induction, awareness and role-based trainings to users/support functions ❑ NIST SP 800-53r4 (Securty and Privacy controls)
❖ Provide security awareness across organization by awareness mailers, quiz, workshops, assessments etc.
❖ Facilitates external audits and achieve acceptable audit ranking ❑ NIST SP 800-82r2 (Guide to Industrial Control
❖ Conduct internal audits and reviews to identify non-conformities and propose corrective actions Systems (ICS) Security)
❖ Participation in asset classification and ownership, risk assessment and Business Impact Assessment (BIA)
❖ Maintain, review and periodically test business continuity/Disaster recovery plan for all critical projects ❑ COBIT 5 for risk (Control Objectives for Information
❖ Integrate information security incident response plan with the disaster recovery/business continuity plan and Related Technology)
❖ Conduct RCA to identify the cause of the Infosec incident, develop corrective actions and reassess risk
❑ GDPR (General Data Protection Regulation)
HCL Comnet Ltd., Noida (July 2007 – March 2010)
❑ PDPA (Personal data protection Act 2010)
Senior Analyst – Security
Responsibilities: ACADEMICS
❖ Solution consulting, process designing and management and monitoring for IT and Security services
❖ Analyse information (i.e. event logs, IDAM, vulnerability data) to diagnose and manage security problems ❑ Master’s in Business Administration
❖ Vulnerability scans, Risk management, Security incident Investigation and Security health check
❖ Conduct RCA to identify the cause of the incident, plan for preventive/corrective actions and reassessment. (International Business)
`
❖ Conduct gap assessment and defined remediation process for identified security risks
❑ Master’s in Computer Applications
❖ Develop Run Books/Handbooks, SOP’s and Work Instruction
❖ Involved in creation and presentation of monthly and quarterly business review metrics ❑ Bachelor’s in Computer Applications
WNS Global Services (P) Ltd., Gurgaon (November 2006 – June 2007)
IT Executive PERSONAL DETAILS
Page 2|2