Anirudh Goyal

Anirudh Goyal

Information Security and Technology Risk Assessments and Controls Testing
Invite to job
Reply rate:
-
Availability:
Hourly ($/hour)
Location:
Bangalore, Karnataka, India
Experience:
16 years
ANIRUDH GOYAL- - Exhibit a strong track record in Risk Management, leveraging over fifteen years of diverse experience in managing Operational, Technology, Cybersecurity, and Third-Party Risks, seeking a leadership position to spearhead risk management functions and drive transformative initiatives within multinational corporations. PROFILE SUMMARY CORE COMPETENCIES                    Risk Management Cybersecurity Risk Management Operational Risk Assessment Regulatory Compliance Frameworks Cybersecurity Best Practices Operational Resilience Planning Third-Party Risk Management Risk Intelligence Development Business Continuity Planning Control Evaluation Methodologies Performance Improvement Initiatives Quantitative Risk Assessment Second Line of Defense Change Risk Management Stakeholder Management Team Leadership & Development Vendor Risk Management Business Continuity Planning Business Process Optimization           SOFT SKILLS Analytical & Problem-solving High Business Ethics  People Management/  Building HighPerformance Teams Decision-making & Visionary Possess a wealth of experience exceeding fifteen years in Risk Management, focusing on Operational, Technology, Cybersecurity, and Third-Party Risks within key industries such as Banking, IT/ITeS, and Telecommunications. Completed MBA - IT from Bentley University, Greater Boston, US in 2010. Holding the position of Vice President and Operational Risk Officer at Standard Chartered, directing essential risk management operations while maintaining compliance with changing regulatory requirements. Cultivated a deep knowledge of risk management methodologies and frameworks through diverse roles that strengthened skills in risk assessment, control evaluation, and engagement with stakeholders. Realized substantial advancements in risk treatment strategies, resulting in improved operational resilience and a notable decrease in significant risk occurrences within the organization. Exhibit strong leadership skills by promoting a culture of ongoing improvement and teamwork among diverse teams to meet and exceed strategic goals. Skilled in regulatory frameworks and risk management tools, facilitating adept navigation through intricate compliance challenges & strategies for risk reduction. Led initiatives that achieved improvement in efficiency of risk assessments, greatly bolstering the organization's overall risk management effectiveness. Maintained knowledge base about current cybersecurity developments and technologies, guaranteeing the application of strong security protocols to safeguard organizational resources and maintain data integrity. Expertise in risk assessment skills including Risk & Control Self Assessments (RCSAs), Quantitative Risk Assessments, Second Line Assurance Reviews, IT General Control Reviews, SSAE 18/ISAE 3402 Type I & II Reviews, Application Controls Testing & Vendor Onsite Reviews, enabling organizations to proactively identify and mitigate potential risks while ensuring compliance with relevant standards and external requirements. Recognized for exceptional stakeholder engagement skills, effectively collaborating with cross-functional teams to drive risk management initiatives and foster a culture of risk awareness throughout the organization. People Leader, who has successfully led and motivated teams in cross-cultural environment towards growth and success in the organization; created a clear & compelling view of future through coaching and execution. CAREER TIMELINE Since 2021 Standard Chartered as VP, Operational Risk Officer – Ops, Tech, and Cybersecurity Risk – Technology & Architecture - Wells Fargo as Operational Risk Manager – Technology, 3rd Party & Information Risk Oversight Regulatory Guidance: RBI, SEBI, FRBNY, SEC, MAS, HKMA, CSRC, PRA - Goldman Sachs as Associate, Internal Audit Risk Management Tools: Archer eGRC, MetricStream M7, ServiceNow - Grant Thornton India LLP as Manager – IT Advisory & Cyber Security Cybersecurity Resources: Checkpoint DLP, Symantec SEP, Greynoise, OSINT, NVD, CVE, Kali Linux, Wireshark, Tenable Nessus, Qualys - Fidelity Information Services as Manager – Operational Risk Management Certifications & Trainings: ISO 27001 LA, ISO 31000, IRM-ICORM (Candidate) - KPMG as Associate Consultant – IT Advisory Reporting Tools: Tableau, Crystal Reports - REGULATORS, FRAMEWORKS & TOOLS Risk Management Frameworks: ITIL, COBIT, NIST CSF, BCBS Process Design Tools: MS - Visio Quinnox Consultancy Services as Consultant, Solution Delivery CURRENT WORK EXPERIENCE May’21 – Till Date: Standard Chartered – Bangalore, India Vice President, Operational Risk Officer – Ops, Tech, and Cybersecurity Risk – Technology & Architecture             Second Line of Defense Oversight: Leading the challenge to Risk Control Self-Assessments (RCSAs) across Operational, Technology, Cybersecurity, and Third-Party risks to ensure robust risk evaluation and effective mitigation strategies. Stakeholder Relationship Management: Cultivating strong relationships with key stakeholders in Technology and the First Line of Defense, ensuring collaboration and adaptive risk management in response to a constantly evolving risk landscape. Risk Treatment Plan Transformation: Driving the transformation of Risk Treatment Plans for Technology and Cybersecurity, optimizing the organization’s approach to risk management and improving response capabilities for emerging risks. Root Cause Analysis of Risk Events: Streamlining Root Cause Reviews for Material Risk Events, providing actionable insights to senior leadership (Group Head of Operational Risk or Group Chief Risk Officer) to address and mitigate recurring issues. Change Risk Assessment Enhancement: Enhancing Change Risk Assessments to evaluate delivery risks associated with critical technology initiatives, ensuring proactive identification and mitigation of risks in technology projects. Risk Intelligence Generation: Actively participating in Risk Management Forums to collate, correlate and disseminate risk intelligence, enabling informed decision-making across the organization. Knowledge Sharing & Best Practices Promotion: Promoting the exchange of actionable knowledge and best practices among Risk Committees and Councils, ensuring a consistent and informed approach to risk management across teams. Training & Continuous Improvement: Leading training sessions and continuous improvement initiatives to develop a common body of knowledge and elevate the organization’s risk management capabilities. Integration of Advanced Risk Management Methodologies: Championing the integration of advanced risk management methodologies, improving risk assessments, enhancing data analytics, and streamlining risk management processes. Policy & Procedure Optimization: Spearheading the optimization of policies, standards, and procedures related to Technology, Cybersecurity, and Third-Party Risks, ensuring alignment with best practices and regulatory requirements. 2nd Line Assurance Reviews Roadmap: Defining the scope and roadmap for upcoming 2nd Line Assurance Reviews, ensuring alignment with the organization's risk management goals for the upcoming financial year. Team Leadership & Development (BOT Model): Leading cross-cultural teams of seasoned risk management professionals, following the Build, Operate, and Transfer (BOT) model to establish a high-performing and sustainable risk management function. PREVIOUS WORK EXPERIENCE Mar’19 – Apr’21: Wells Fargo – Bangalore, India Operational Risk Manager – Technology, 3rd Party & Information Risk Oversight         Executed comprehensive Quantitative Risk Assessments across Technology Processes to identify relevant risks in process execution, addressing gaps in control design in relation to policy and regulatory requirements. Conducted thorough Quantitative Risk Assessments and Control Evaluations for Technology Processes and Application Ecosystems that support the Bank's Critical Business Services, ensuring robust risk management practices. Led Second Line Assurance Reviews on key themes identified through risk intelligence gathered throughout the year, providing valuable insights for risk mitigation. Maintained and nurtured key stakeholder relationships with Technology Process Owners, Front Line Risk Managers, and Subject Matter Experts to gather essential inputs for scoping Second Line Assurance Reviews. Built and managed a high-performing team of 15 Operational Risk Consultants across various Risk and Control Functions within the Technology, Third Party, and Information Risk Oversight group. Mentored & developed existing team capabilities, aligning their growth with leadership objectives & enhancing overall team performance. Recommended compensation revisions and authored performance evaluations for a team of Risk Consultants, ensuring alignment with organizational goals. Developed and implemented a robust risk reporting framework that provided senior management with real-time insights into risk exposure and mitigation strategies. Apr’17 – Mar’19: Goldman Sachs – Bangalore, India Associate, Internal Audit         Conducted comprehensive audits of Technology Infrastructure for various regional offices and data centers, ensuring compliance with internal policies and regulatory requirements. Led Platforms Engineering Audits for engineering platforms related to IT Service Operations, identifying areas for improvement and ensuring adherence to best practices. Developed and maintained strong relationships with technology stakeholders to gather Risk Intelligence and report on key technology initiatives, facilitating informed decision-making. Monitored and analyzed updates on regulatory requirements from key regulators, ensuring the firm’s compliance with evolving standards and guidelines. Designed and coordinated training programs for the Internal Audit Division, enhancing the team's knowledge and skills in risk management practices. Observed Site-Level Failover Tests for Business Continuity objectives on behalf of Internal Audit, reporting results and actionable items to management for further action. Reviewed policy revisions on behalf of Internal Audit, providing the Division’s perspective on modifications and additions to ensure alignment with organizational goals. Defined Internal Audit’s approach for thematic audits around Third-Party Vendor Risk, enhancing the organization’s ability to manage vendor-related risks effectively. Aug’15 – Mar’17: Grant Thornton India LLP – New Delhi, India Manager – IT Advisory & Cyber Security      Rationalized the description of controls and validated the testing of controls for SSAE 16/ISAE 3402 Audits, IT Internal Audits, and ITGC Reviews, ensuring compliance with industry standards. Identified and pursued business opportunities for the firm’s IT Advisory and Cyber Security Services, developing compelling business proposals and drafting responses to Requests for Quotations (RFQs). Hired and mentored information security risk professionals, fostering a culture of continuous learning and development within the firm. Monitored billability targets, wrote engagement contracts, and ensured timely billing and collections for services rendered on behalf of the Practices, optimizing financial performance. Supervised execution of a significant portion of the Practice’s business pipeline, ensuring high-quality deliverables and client satisfaction. Aug’12 – Jun’15: Fidelity Information Services – Gurgaon, India Manager – Operational Risk Management      Coordinated the issuance of SSAE 16/ISAE 3402 Audits as the single point of contact with External Auditors and Operational Business Units, ensuring seamless communication and collaboration. Conducted comprehensive Risk Control Self-Assessments (RCSA) for various business units, identifying areas for improvement and ensuring compliance with regulatory requirements. Provided valuable end-user testing feedback to the Software Development Team for the design and development of a Risk Information System, enhancing its functionality and usability. Conducted thorough risk assessments of technology vendors in accordance with Graham-Leach-Bliley Act guidelines, ensuring compliance with data protection regulations. Designed and developed periodic dashboards for senior management’s consumption using Tableau and MS-Excel, providing insights into key risk management metrics. Dec’10 - Jul’12: KPMG – Gurgaon, India Associate Consultant – IT Advisory     Conducted thorough testing of controls related to Confidentiality, Integrity, and Availability in support of SAS 70 Type II/ISAE 3402/SSAE 16 reviews for a leading IT/ITeS provider. Executed pan-India Third-Party Vendor Reviews for a leading European Telecom Solutions Provider, ensuring compliance with regulatory requirements and best practices. Conducted multiple Information Technology General Control Reviews to provide reasonable assurance on the completeness and accuracy of financial data hosted in client organizations' accounting information systems. Performed Post-Implementation Application Controls Testing Reviews for a leading European Healthcare solutions provider after the enterprise-wide implementation of their Governance, Risk, and Compliance Solution. Jul’06 – Jun’08: Quinnox Consultancy Services – Pune, Maharashtra, India Consultant, Solution Delivery      Collaborated with Change Management efforts to transition business opportunity management from legacy applications to a web-based Management Information System, enhancing operational efficiency. Conducted training sessions for business users on system functionalities, business process workflows, and internal controls, ensuring effective utilization of the new system. Managed the incident support team to ensure prompt resolution of issues faced by business users in the system, enhancing user satisfaction and operational continuity. Led a team of consultants in the development of managerial and financial reporting components for the Management Information System, ensuring alignment with business objectives. Delivered comprehensive presentations and reports to senior management on the progress of change management efforts, facilitating informed decision-making. EDUCATION 2010: MBA – Information Technology (GPA – 3.67/4.0) from Bentley University, Greater Boston, United States 2006: Bachelor of Engineering – Electronics (Distinction) from Bharati Vidyapeeth University, College of Engineering, Pune, India
Get your freelancer profile up and running. View the step by step guide to set up a freelancer profile so you can land your dream job.