Profiles search
Anindita Mitra Roy (CISM, CPDSE, ISO LI,CEH, ITIL,CCSK)
Information Security Manager at Wells Fargo VP
New York, NY, United States
Details
Education:
Diploma in Electronics and Tele-Communication Engineering
Electronics and Tele-Communication
Women's polytechnic, Jadavpur, Kolkata, WB, India
1997 : 2000
10+2
Physics, Chemistry, Biology, Mathematics
Scottish Church College, Kolkata, WB, India
1994 : 1996
Electronics and Tele-Communication
Women's polytechnic, Jadavpur, Kolkata, WB, India
1997 : 2000
10+2
Physics, Chemistry, Biology, Mathematics
Scottish Church College, Kolkata, WB, India
1994 : 1996
Experience:
• Application Risk Assessment (ARA) to identify risk profile for select applications and Infrastructure
• Working with organization senior management, security, corporate compliance officers to establish governance for the
• compliance and Information Security Audit program
• Educating the company employees on important compliance requirement and security best practices through Security
• Awareness Trainings.
• Assisting client with PCI-DSS / ISO 27001/ Third Party Risk Management program
2021 : Present
Wells Fargo
Information Security Manager
• RPF response and solution estimation
• As a Client Data Protection (CDP) Architect I am responsible for the development of a compliance and risk management framework for client account
• Working with organization senior management, security, corporate compliance officers to establish governance for the compliance and Information Security Audit program
• Educating the company employees on important compliance requirement and security best practices through Security Awareness Trainings.
• Assisting client with PCI-DSS / ISO 27001 audit to ensure compliance and address potential issues proactively
• Maintaining and updating (wherever required) the policies and procedure manual (PPM)
• Lead vulnerability management and remediation effort across the engagement
• Maintaining comprehensive records of all data processing activities conducted by the company, including purpose of all processing activities
• Monitoring performance and providing advice on impact of data protection effort
2019 : 2021
Accenture
Associate security Manager
Undertake proactive thematic risk reviews in order to identify risk issues and act as an SME reviewer of technical Infrastructure Risk Assessments covering the functional area.
• Advise Asset Management LOB, based on the testing their result to ensure compliance with the Firm’s Policy and Standards
• Liaising and partnering with JPMorgan’s IT Operational Risk Management peers covering other CIO areas, as well as Information Security and Legal & Compliance organization to ensure complete risk profile is understood.
• Assist with the firmwide PCI-DSS, MAS and SSAE 16 compliance program.
• Assist application development team in Application Risk Assessment (ARA) process to identify risk profile for the particular application and Infrastructure.
• Strengthen IT controls over risk, and comply with corporate initiatives such as Management Self Identification of Audit Issues and Operational Risk & Control Self Assessments (RCSA)
• Responsibility for access governance, entitlement reviews, highly privileged access controls and provisioning/de-provisioning of accounts across systems and core banking applications and enforcing the Principle of Least Privilege across all assets, data and applications• Managed the
• Support Application Control Testing program including initial interviews to ensure standard controls usage for the applications, evidence validation to justify control effectiveness.
• Worked as a key LOB representative in firmwide Infrastructure Control development activity.
2015 : 2016
J.P. Morgan
Information Security Manager
Security operations center management
• Responsible for managing Security Operations Centre, Covering Risk Assessment for a new project, Security Management & Privileged Access Control, Vulnerability & Virus Management, Governance & Compliance with Standards and Policies, Production Acceptance/Transition, Platform Audits and Risk Management.
• Implemented and extensively worked in ITIL methodologies.
• Implemented COBIT Risk Framework for the bank globally.
• Attended audits and ensure compliance with the organization standards (ISO 27001)
• Ensure monitoring and management of security threats and vulnerabilities using various security tools like NetIQ SM, NetIQ VM, Nessus, Nmap.
• Manage and deliver infrastructure vulnerability assessment for various delivery locations across the globe based on systematic and structured assessment methodology in order to highlight the security risks to the enterprise infrastructure.
• Managed and delivered end-to-end global Microsoft Patch Management strategy.
2009 : 2015
ANZ Operations and Technologies
Lead- Security Operation Centre
Project : Solution engineering
• As a member of “solution engineering” team, I was responsible to provide “Infrastructure Solution” or “High Level Designs” for different “Business Unit” related projects. My role requires me to coordinate with Application Developers, Project Managers or Business Stakeholders to understand the requirement for Infrastructure Components and provide a High Level Design/solution for subsequent implementation.
• Perform evaluation of business requirements, processes, business impact analysis to create an As-Is baseline for Wintel Infrastructure solutions
• Participate in the development of POC of new Wintel Infrastructure solutions.
• High Level Design of Infrastructure Components of Business Unit related projects that includes technologies like MS Cluster, Web Server (IIS), Databases (SQL), Storage (NAS and SAN), Security principles, Disaster Recovery solutions, Network components,VDI etc.
• Design and implementation of Microsoft Windows 2003 Public Key Infrastructure (PKI) Certificate service.
• Consultation and Security Design on Windows 2008 Active Directory design and Migration planning from windows 2000 to 2008.
• Designing highly scalable system architectures that accommodate future growth, minimize risk, and optimize long-term investment in IT infrastructure for the bank
• Budgetary Estimation for Infrastructure Components, BOM Finalization for Hardware/Software Procurement
• Project Tier Assessment and Budgetary Estimation
• Project Management
2006 : 2008
ANZ Operations and Technologies
Solution Engineer
• Working with organization senior management, security, corporate compliance officers to establish governance for the
• compliance and Information Security Audit program
• Educating the company employees on important compliance requirement and security best practices through Security
• Awareness Trainings.
• Assisting client with PCI-DSS / ISO 27001/ Third Party Risk Management program
2021 : Present
Wells Fargo
Information Security Manager
• RPF response and solution estimation
• As a Client Data Protection (CDP) Architect I am responsible for the development of a compliance and risk management framework for client account
• Working with organization senior management, security, corporate compliance officers to establish governance for the compliance and Information Security Audit program
• Educating the company employees on important compliance requirement and security best practices through Security Awareness Trainings.
• Assisting client with PCI-DSS / ISO 27001 audit to ensure compliance and address potential issues proactively
• Maintaining and updating (wherever required) the policies and procedure manual (PPM)
• Lead vulnerability management and remediation effort across the engagement
• Maintaining comprehensive records of all data processing activities conducted by the company, including purpose of all processing activities
• Monitoring performance and providing advice on impact of data protection effort
2019 : 2021
Accenture
Associate security Manager
Undertake proactive thematic risk reviews in order to identify risk issues and act as an SME reviewer of technical Infrastructure Risk Assessments covering the functional area.
• Advise Asset Management LOB, based on the testing their result to ensure compliance with the Firm’s Policy and Standards
• Liaising and partnering with JPMorgan’s IT Operational Risk Management peers covering other CIO areas, as well as Information Security and Legal & Compliance organization to ensure complete risk profile is understood.
• Assist with the firmwide PCI-DSS, MAS and SSAE 16 compliance program.
• Assist application development team in Application Risk Assessment (ARA) process to identify risk profile for the particular application and Infrastructure.
• Strengthen IT controls over risk, and comply with corporate initiatives such as Management Self Identification of Audit Issues and Operational Risk & Control Self Assessments (RCSA)
• Responsibility for access governance, entitlement reviews, highly privileged access controls and provisioning/de-provisioning of accounts across systems and core banking applications and enforcing the Principle of Least Privilege across all assets, data and applications• Managed the
• Support Application Control Testing program including initial interviews to ensure standard controls usage for the applications, evidence validation to justify control effectiveness.
• Worked as a key LOB representative in firmwide Infrastructure Control development activity.
2015 : 2016
J.P. Morgan
Information Security Manager
Security operations center management
• Responsible for managing Security Operations Centre, Covering Risk Assessment for a new project, Security Management & Privileged Access Control, Vulnerability & Virus Management, Governance & Compliance with Standards and Policies, Production Acceptance/Transition, Platform Audits and Risk Management.
• Implemented and extensively worked in ITIL methodologies.
• Implemented COBIT Risk Framework for the bank globally.
• Attended audits and ensure compliance with the organization standards (ISO 27001)
• Ensure monitoring and management of security threats and vulnerabilities using various security tools like NetIQ SM, NetIQ VM, Nessus, Nmap.
• Manage and deliver infrastructure vulnerability assessment for various delivery locations across the globe based on systematic and structured assessment methodology in order to highlight the security risks to the enterprise infrastructure.
• Managed and delivered end-to-end global Microsoft Patch Management strategy.
2009 : 2015
ANZ Operations and Technologies
Lead- Security Operation Centre
Project : Solution engineering
• As a member of “solution engineering” team, I was responsible to provide “Infrastructure Solution” or “High Level Designs” for different “Business Unit” related projects. My role requires me to coordinate with Application Developers, Project Managers or Business Stakeholders to understand the requirement for Infrastructure Components and provide a High Level Design/solution for subsequent implementation.
• Perform evaluation of business requirements, processes, business impact analysis to create an As-Is baseline for Wintel Infrastructure solutions
• Participate in the development of POC of new Wintel Infrastructure solutions.
• High Level Design of Infrastructure Components of Business Unit related projects that includes technologies like MS Cluster, Web Server (IIS), Databases (SQL), Storage (NAS and SAN), Security principles, Disaster Recovery solutions, Network components,VDI etc.
• Design and implementation of Microsoft Windows 2003 Public Key Infrastructure (PKI) Certificate service.
• Consultation and Security Design on Windows 2008 Active Directory design and Migration planning from windows 2000 to 2008.
• Designing highly scalable system architectures that accommodate future growth, minimize risk, and optimize long-term investment in IT infrastructure for the bank
• Budgetary Estimation for Infrastructure Components, BOM Finalization for Hardware/Software Procurement
• Project Tier Assessment and Budgetary Estimation
• Project Management
2006 : 2008
ANZ Operations and Technologies
Solution Engineer
Company:
Wells Fargo
Years of Experience:
20
Spoken Language:
Bengali, English, Hindi
Skills
Active Directory, Business Analysis, Enterprise Architecture, Governance, Information Security, Information Security Management, Infrastructure, Integration, ITIL, IT Service Management, Microsoft SQL Server, Project Management, Requirements Analysis, Security, Software Project Management, SQL, Virtualization, Windows Server
About
IT leader with a proven track record of bringing together an excellent combination of technical capabilities, business knowledge and global work exposure.
Over 17 years of experience in Information Security with a focus primarily in Security Governance, Risk Management and Compliance.
Extensive experience in managing security solution encompassing
• Enterprise Standards (NIST and ISO), Regulations and Industry practices
• Third-party Risk assessment
• Data Privacy framework
• Vulnerability Management (vulnerability scanning and remediation)
• Cloud Security Assessment
Extensive knowledge in:
• Encryption methodologies
• Security operations, administration and service management
• Requirement analysis, adherence to standards /security patterns and documentation
• Security consultation, RFPs, vendor and stakeholder management
• Security Policy and Standard Designing and Development
Profile Photo
