Sonia Mishra, CISM,CGEIT,CRISC

Manager, Cybersecurity Risk at Workday

Ft. Washington, MD, United States

Details

Education: B.E

Computer science

Utkal University

2002 : 2006

Experience: 2022 : Present

Workday

Manager, Cybersecurity Risk

2021 : 2022

Workday

Sr. Information Security Risk Mgmt. Engineer

2017 : 2021

Deloitte

Senior Consultant - Cyber Risk and Strategy

2015 : 2017

Deloitte

Consultant - Cyber Risk and Strategy

•Management Representative to ISO Registrar.

•Responsible for Leading, implementing, and maintaining on-going certification audits for

CMMI DEV and SVC appraisal

ISO 9001, ISO 20000, ISO 27001

•Extensive knowledge and experience on various software development life-cycles (Agile, Waterfall, and Iterative etc.), process tailoring and facilitating project teams.

•Plan and conduct internal quality audits for all projects and internal functions across the organization.

•Develop work plans and schedules, ensure compliance, develop status reports.

•Member of process improvement team and is responsible for process definition and improvement.

•Maintain and update organization's Process Asset Library in SharePoint.

•Provide presentation in Senior Management Review meetings representing Quality Function.

•Develop new processes, procedures and templates for organization’s process asset library.

• Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.

• Conduct and manage information security risk assessments as required for internal systems

• Prepare risk assessment reports to support management action, escalation and risk acceptance processes resulting from risk assessments.

• Track and monitor remediation and risk management activities

• Assist with updating information security policies and standards to meet business needs, address new technologies and threats, and align with common best practice and industry standards

• Support development of information security policies and tools, including gathering business requirements, defining technical and process requirements, conducting functional testing, and creating related documentation.

• Assisting management in the assessment of project risks and controls.

2013 : 2015

IndraSoft, Inc.

Lead-Corporate Quality

Company: Workday

Years of Experience: 15

Spoken Language: Bengali, English, Hindi, Oriya

Skills

Anti Money Laundering, application risk model, Certified Information Security Manager (CISM), CMMI, COBIT, Cyber-security, Cyber risk, Cyber Risk Assessment, Cyber Risk Management, Cybersecurity, Cyber Security Risk, Enterprise Risk Management, FAIR, FFIEC, Information Security, Information Security Management, Information Security Management System (ISMS), Information Technology, Internal Audit, ISO 9001, ISO 27001, IT Controls, ITIL, IT Risk Management, IT Security Policies, Maturity Assessments, NIST, OCC Readiness, Project Management, Quantitative Risk Analysis, Risk Analysis, Risk and Control Matrix, Risk Assessment, Risk Management, Security, Security Audits, Security Risk, Technology Risk, Test Procedures, Third Party Risk Assessment, Third Party Vendor Management, Quality Auditing, Quality Systems, Manual Testing, Quality Management, Quality Consulting, ITIL v3 Foundations Certified, Quality System, Iso 9000, Software Project Management, SDLC, Software Quality Assurance, Process Consulting, PMO, Gap Analysis, Business Analysis, Requirements Analysis, Configuration Management, Agile Project Management, Requirements Gathering, IT Service Management, Agile Methodologies, Waterfall, Enterprise Risk, Software Project, Software Quality, ITIL v3 Foundations, CMMI services, Policy Development, Program Management, Information Security audit, KYC, CDD, Business Process Improvement

About