Profiles search
Prasanna Kumar
Information Security Specialist
Jacksonville, FL, United States
Details
Experience:
(Jan-15 to Aug-16 as external through Adecco Personnel Pte. Ltd & direct from Aug-16)
Responsibilities :
• Analyzing & responding to requests from Regulators & Clients in close co-operation with respective divisions & SMEs from various areas within the bank; collect & validate the responses with regard to completeness, plausibility & overall consistency.
• Conducting asmnts. on Reg. Guidelines (draft/final), providing feedback for Consultation Papers & Surveys, taking actions on Alerts, Circulars from Regulators
• Preparing, coordinating & conducting review meetings & smaller workshops to respond to regulatory questionnaires & requests on Info. & Cyber sec. topics
• Participating in the evaluation of regulatory publications in respect to Info. & Cyber Sec. relevant requirements, facilitating the asmnt. of the operative & strategic impacts of those regulatory requirements for CISO in close cooperation with the Regional CISO APAC team.
• Giving Advice on compliance in relation to info. sec. related rules.
• Providing a risk asmnt. quality assurance function which includes business risk asmnt. & Tech. Risk Asmnt.
• Quality review of Info. Sec. Control Self Asmnts (Business/Infra Apps, Vendor/Cloud/locally hosted Apps)
• End to end Audit support (Internal/Regulatory/External) such as Pre-Audit, during the Audit & Post Audit supports for CISO team including validation of evidences before submitting the closure pack
• Co-ordination with the Audit Team for managing the Audit program within in the CISO team for APAC region. Involved in Audit finding mgmt.
• Involved in Risk Remediation Mgmt. program & was responsible for assisting in remediation or risk acceptance which is based on risk control framework. Involved in the Risk Reduction Program
• Providing reporting on the risk & compliance status to Sr. Mgmt. This involves providing the details of the risk & compliance status for the KCI/KPI/KRIs to the Balanced Scorecard Team along with the narratives on Mtly. Basis
2015 : Present
Deutsche Bank AG
Information Security Specialist
Responsible for Regional Technology Risk & Compliance, Regulatory Risk & Remediation Program Management for Global Technology Infrastructure & Services, Asia Pacific and directly reported to COO of GTIS Business Services APAC and Director of GTIS Risk & Control Program in Barclays UK.
• Managing end to end IT Audit program with in GTIS division
• Managing IT Regulatory Remediation program based on MAS TRM Guidelines
• Collecting information and review documentation to ensure that risk scenarios are identified and evaluated
• Creating and maintain a risk register to ensure that all identified risk factors are accounted
• Developed a risk awareness program and conducted training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture
• Identify and evaluate risk response options and provide management with information to enable risk response decisions
• Assist in the development of risk response action plans to address risk factors identified in the org. risk profile
• Collect information and review documentation to identify information systems control deficiencies.
• Provide information systems control status reporting to relevant stakeholders to enable informed decision making
• Managed the Gap Analysis of MAS TRM Guidelines/HKMA/Other APAC Regulators across the Technology groups and Information security team.
2013 : 2014
Barclays Capital
IT Risk Manager
Planning and executing the day-to-day activities of IT audit engagements for assigned of clients, including reviews of application controls, systems development, and IT platforms (databases, servers, operating systems).
Undertaking IT Risk & advisory engagements and managing IT control projects.
Supervising and providing performance management for IT Risk & audit staff working on assigned engagements.
Evaluating the design and effectiveness of technology management controls and IT governance practices supporting the client's business and operations.
2010 : 2013
Stone-Apple Solutions
Team Lead, IT Risk & Compliance
Undertaking IT Risk & Compliance engagements and managing IT control projects for assigned clients in APAC Region.
2008 : 2010
Ness Global Service Pte Ltd
IT Risk & Compliance Consultant
2005 : 2008
Thomson Reuters Ltd
Information Technology and Systems Engineer
Responsibilities :
• Analyzing & responding to requests from Regulators & Clients in close co-operation with respective divisions & SMEs from various areas within the bank; collect & validate the responses with regard to completeness, plausibility & overall consistency.
• Conducting asmnts. on Reg. Guidelines (draft/final), providing feedback for Consultation Papers & Surveys, taking actions on Alerts, Circulars from Regulators
• Preparing, coordinating & conducting review meetings & smaller workshops to respond to regulatory questionnaires & requests on Info. & Cyber sec. topics
• Participating in the evaluation of regulatory publications in respect to Info. & Cyber Sec. relevant requirements, facilitating the asmnt. of the operative & strategic impacts of those regulatory requirements for CISO in close cooperation with the Regional CISO APAC team.
• Giving Advice on compliance in relation to info. sec. related rules.
• Providing a risk asmnt. quality assurance function which includes business risk asmnt. & Tech. Risk Asmnt.
• Quality review of Info. Sec. Control Self Asmnts (Business/Infra Apps, Vendor/Cloud/locally hosted Apps)
• End to end Audit support (Internal/Regulatory/External) such as Pre-Audit, during the Audit & Post Audit supports for CISO team including validation of evidences before submitting the closure pack
• Co-ordination with the Audit Team for managing the Audit program within in the CISO team for APAC region. Involved in Audit finding mgmt.
• Involved in Risk Remediation Mgmt. program & was responsible for assisting in remediation or risk acceptance which is based on risk control framework. Involved in the Risk Reduction Program
• Providing reporting on the risk & compliance status to Sr. Mgmt. This involves providing the details of the risk & compliance status for the KCI/KPI/KRIs to the Balanced Scorecard Team along with the narratives on Mtly. Basis
2015 : Present
Deutsche Bank AG
Information Security Specialist
Responsible for Regional Technology Risk & Compliance, Regulatory Risk & Remediation Program Management for Global Technology Infrastructure & Services, Asia Pacific and directly reported to COO of GTIS Business Services APAC and Director of GTIS Risk & Control Program in Barclays UK.
• Managing end to end IT Audit program with in GTIS division
• Managing IT Regulatory Remediation program based on MAS TRM Guidelines
• Collecting information and review documentation to ensure that risk scenarios are identified and evaluated
• Creating and maintain a risk register to ensure that all identified risk factors are accounted
• Developed a risk awareness program and conducted training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture
• Identify and evaluate risk response options and provide management with information to enable risk response decisions
• Assist in the development of risk response action plans to address risk factors identified in the org. risk profile
• Collect information and review documentation to identify information systems control deficiencies.
• Provide information systems control status reporting to relevant stakeholders to enable informed decision making
• Managed the Gap Analysis of MAS TRM Guidelines/HKMA/Other APAC Regulators across the Technology groups and Information security team.
2013 : 2014
Barclays Capital
IT Risk Manager
Planning and executing the day-to-day activities of IT audit engagements for assigned of clients, including reviews of application controls, systems development, and IT platforms (databases, servers, operating systems).
Undertaking IT Risk & advisory engagements and managing IT control projects.
Supervising and providing performance management for IT Risk & audit staff working on assigned engagements.
Evaluating the design and effectiveness of technology management controls and IT governance practices supporting the client's business and operations.
2010 : 2013
Stone-Apple Solutions
Team Lead, IT Risk & Compliance
Undertaking IT Risk & Compliance engagements and managing IT control projects for assigned clients in APAC Region.
2008 : 2010
Ness Global Service Pte Ltd
IT Risk & Compliance Consultant
2005 : 2008
Thomson Reuters Ltd
Information Technology and Systems Engineer
Company:
Deutsche Bank AG
About
Passionate Information Risk & Audit Professional with broad experience(19+ years IT Industry; including Information Risk & IT Audit and Compliance ) in the following business enablement areas in a dynamic & complex IT environment serving Strategic Business Units with specific Industry requirements:
• IT Security controls design(ISO 27002)
• Information Security Risk Assessment
• Enterprise Policy & Governance
• Business continuity & Disaster recovery planning /deployment
• Regulatory compliance analysis (MAS ITRM,JFSA,HKMA,RBI,SOX,PCI,HIPAA,)
Extensive experience in driving compliance to best risk management practices throughout an organization and ensuring that relevant regulatory requirements and policies are effectively embedded across all lines of businesses.
Profile Photo
