Sanket Sarfare
Governance, Risk & Compliance and Internal Audit
Dublin
Summary
- Results-driven GRC and Internal Audit professional with a strong background in the financial industry.
- Offering 3+ years of expertise in ensuring regulatory compliance, risk management, and internal controls to optimize organizational performance.
- Adept at ensuring compliance with industry standards such as ISO 27001, GDPR, SOC 2 Type 2, and HIPAA within cloud and on-premise infrastructures.
- Proven track record in conducting comprehensive internal audits, identifying risks, and implementing effective controls to safeguard company assets. Possess a keen eye for detail and exceptional analytical skills, enabling precise risk assessments and compliance assessments.
- Completed an MSc in Cybersecurity with First Class Honours from DBS, Ireland, September 2022 – August 2023.
Overview
7
7
years of professional experience
8
8
years of post-secondary education
3
3
Certifications
Work History
Information Security Analyst
Scrut Automation
Dublin
2022.12 - 2023.07
- Spearheaded the cloud security initiative to achieve ISO 27001 certification, developing and implementing security controls tailored to cloud environments.
- Ensured compliance with GDPR regulations for cloud-based data processing, conducting data impact assessments and implementing privacy measures.
- Orchestrated the successful completion of SOC 2 Type 2 audits for cloud services, collaborating with cloud providers and internal teams to address trust services criteria.
- Implemented comprehensive security measures in cloud environments to comply with HIPAA requirements, safeguarding protected health information (PHI).
- Assisted in the preparation and documentation required for ISO 27001 and GDPR certification audits related to cloud services.
- Provided guidance on the configuration and usage of cloud security tools, such as IAM (Identity and Access Management) and encryption services.
Senior Manager – Audit Lead
Suryoday Small Finance Bank
Navi Mumbai
2021.05 - 2022.06
- Lead the implementation and maintenance of ISO 27001 (ISMS), PCI-DSS and RBI CSF ensuring full compliance with industry standards and regulations.
- Maintained all documentation supporting ISMS, PCI-DSS and Regulatory compliance including Business Continuity, Incident Response, Privacy and Risk Management Plan.
- Collaborated with IT and cross-functional teams to develop and execute remediation plans, enhancing security measures and mitigating risks.
- Responsible for monitoring risk findings, remediate resolutions including development and execution of corrective action plans and ensure follow-on reporting and monitoring.
- Actively liaise with senior management, presenting audit findings and recommendations, and offering strategic insights to improve overall risk management.
Manager - Endpoint & Mobile Security
Reserve Bank Information Technology
Navi Mumbai
2019.06 - 2021.02
- ReBIT is set up by Reserve Bank of India (RBI) for it's IT and Cyber Security needs & to ensure cyber-resilience of Indian Banking.
- Developed and implemented endpoint security strategies, resulting in a 30% reduction in security incidents and successful defense against advanced cyber threats.
- Assisted in the development of security policies and procedures for endpoint and mobile security.
- Collaborated with IT teams to establish and enforce security policies for mobile devices, promoting a secure BYOD (Bring Your Own Device) environment.
- Assisted in the development of secure web and mobile application guidelines and standards to mitigate security risks.
- Collaborated with developers to ensure the integration of security features during the development lifecycle.
Senior Project Engineer
Wipro Technologies
2014.01 - 2019.01
- Conducting vulnerability scanning on internal and external systems to identify and mitigate identified vulnerabilities using QualysGuard.
- Responsible for design and implementation of endpoint protection solutions like McAfee, Symantec and Trend Micro endpoint security.
- Responsible for design and implementation of database and access security solution like Forcepoint DLP, Imperva and Mcafee Database Activity Monitoring and CISO NAC.
- Monitor and analyze security logs and alerts from endpoints and databases, identifying and responding to potential security incidents in real-time.
- Perform incident response and investigation, determining the root cause of security incidents and implementing measures to prevent recurrence.
- Develop and maintain comprehensive documentation related to security operations procedures and best practices.
Education
Master of Science - Cybersecurity
2022.09 - 2023.09
Master of Science - Information Technology
2014.12 - 2019.01
Bachelor of Science - Computer Science
2011.06 - 2014.04
Skills
ISO 27001, GDPR, SOC 2 Type 2, HIPAA Compliance
Certification
ISO 27001 Lead Auditor
Timeline
Information Security Analyst - Scrut Automation
2022.12 - 2023.07
GDPR Foundation
2022-12
Dublin Business School - Master of Science, Cybersecurity
2022.09 - 2023.09
Senior Manager – Audit Lead - Suryoday Small Finance Bank
2021.05 - 2022.06
ITIL Framework
2020-10
ISO 27001 Lead Auditor
2020-05
Manager - Endpoint & Mobile Security - Reserve Bank Information Technology
2019.06 - 2021.02
Vellore Institute of Technology - Master of Science, Information Technology
2014.12 - 2019.01
Senior Project Engineer - Wipro Technologies
2014.01 - 2019.01
Pillai's College of Arts, Science & Commerce - Bachelor of Science, Computer Science
2011.06 - 2014.04
Similar Profiles
Karthick PonnurajKarthick Ponnuraj
Database Marketing Specialist at Scrut AutomationDatabase Marketing Specialist at Scrut Automation
MOHAMMED SHAJILMOHAMMED SHAJIL
PROCESS LEAD (ACCOUNTS RECEIVABLES & BILLING) at SCRUT AUTOMATIONPROCESS LEAD (ACCOUNTS RECEIVABLES & BILLING) at SCRUT AUTOMATION
Chellsey RiccaChellsey Ricca
Project Coordinator at Automation & Controls Engineering / AWCProject Coordinator at Automation & Controls Engineering / AWC