Вы находитесь на странице: 1из 3

Deepak Singhania

Mobile: (+91) 7032409170
Email- dsinghania07@gmail.com


IT Security and Risk Management professional with management and consulting experience
spanning 7 years purely in the Information Security domain. Vast experience in various areas
such as ITGC, risk assessment, risk management, Third party Vendor audits, Data Centre
audits, Penetration Testing and Vulnerability Assessment.
Results driven professional with exceptional and effective communication skills.

Specialties: ITGC Controls like Logical Access controls, SDLC controls, Change Management
controls and Data center physical controls etc.

Key Skills:

 Regulatory Compliance  Change Management Control

 Risk assessments  Authentication & Access Control
 Data Centre Audit  Team coordination
 Analysis and reporting  Project evaluations

Key Competencies:

 COBIT5 Foundation Certified

 Make recommendations for mitigating identified risks.
 Identified and evaluated potential threats and vulnerabilities.
 Maintained and tested corporate response plans
 Logical Access controls in entire infrastructure mainly in OS , DB and Core applications
 Data center physical audit as per prescribed regulatory requirements.
 Change Management controls in key applications like core banking, internet banking
and Mobile banking
 Increase in key application uptime from 90% to 98% by incorporating proper logical
access control in OS and DB leads to increase in Business.
 Key player in incorporating proper change management technique resulting in less
application downtime which leads in business growth
Professional Experience:

Jana Small Finance Bank, June 2018 to till now

 Developed and improve multiple processes in the areas of IT Security like User
Access Management and Program Change Management
 Managed and fulfilled requests or tasks with Internal Audit and Control Owners for
various regulation audits
 Responsible for a close relationship with the security teams of outsourcing partners
to ensure compliance with multiple regulations
 Maintained system security roles, permissions and privileges while maintaining
access controls with Security committee approvals

 Compiled evidences for each ITGC control based on risk and frequency of the
control to demonstrate compliance with SOX

ICICI Bank Ltd, From August 2011 to June 2018

 Executing the vendor's lifecycle process from information risk (security) standpoint.
 Support the process with linkages from Business and sourcing & procurement
 Ensuring compliance to business agreement, policies, procedures & regulations.
 Supporting remediation efforts with business / vendor managers.
 Ensuring alignment of security policies/standards with IT infrastructure frameworks.
 Investigating non-standard requests and problems, with assistance from others.
 Prioritizes and organizes own work to meet deadlines.
 Planning, managing and executing compliance programs
 Responsibility for maintaining relationships with business leaders.

My responsibilities also included:

 Perform Technology Risk Assessments on the Bank's global Infrastructure :

 Physical access control systems for office premises across Mumbai and Hyderabad.
 Remote access solutions - use of USB port for internet access to corporate laptops.
 Server resource manager tool to report on resource utilization including memory.
 Deliver security advice and guidance to IT areas using the Risk Assessment
 Liaison with the regional IT departments, Relation manager and CTOs across the
globe during Risk Assessments.
 Formal documentation of residual risks and areas of policy non-compliance for risk
mitigation/acceptance and final business sign-off.
 Performed Vulnerability Assessment and Pen Testing for the following Platforms
Windows (2000, 2003), Oracle (8i, 9i), Linux, and Penetration Testing.
 Web Application security testing for application vulnerabilities including SQL
injection, Cross site scripting, URL/Parameter manipulation and information disclosure
 Identified and evaluated risks during review and analysis of System Development
Life Cycle (SDLC), including design, testing/QA, and implementation of systems and
 Prepared audit scopes, reported findings, and presented recommendations for
improving data integrity and operations.
 Performed operational and financial integrated audits and pre- and post-
implementation reviews.
 Helped establish annual audit plan for core competency areas using risk
assessment methodology.
 Reviewed systems for adequate management controls, efficiency, and compliance
with policies, regulations, and accounting principles. Made recommendations when
 Created flowcharts to document business systems and processes for IT audit
 Coordinated with various departments to create remediation plans for deficiencies
found during audit.


 COBIT 5 Foundation Certified

 NSDL Certified
 NISM Certified


 MBA in Finance, Manipal University

 B.Tech in Computer science , Punjab Technical University


 Playing Cricket
 Special interest in nature Photography and Traveling