Sanket Sarfare
Governance, Risk & Compliance and Internal Audit
Dublin
Summary
- Results-driven GRC and Internal Audit professional with a strong background in the financial industry.
- Offering 3+ years of expertise in ensuring regulatory compliance, risk management, and internal controls to optimize organizational performance.
- Adept at ensuring compliance with industry standards such as ISO 27001, GDPR, SOC 2 Type 2, and HIPAA within cloud and on-premise infrastructures.
- Proven track record in conducting comprehensive internal audits, identifying risks, and implementing effective controls to safeguard company assets. Possess a keen eye for detail and exceptional analytical skills, enabling precise risk assessments and compliance assessments.
- Completed an MSc in Cybersecurity with First Class Honours from DBS, Ireland, September 2022 – August 2023.
Overview
7
7
years of professional experience
8
8
years of post-secondary education
3
3
Certifications
Work History
Information Security Analyst
Scrut Automation
Dublin
12.2022 - 07.2023
- Spearheaded the cloud security initiative to achieve ISO 27001 certification, developing and implementing security controls tailored to cloud environments.
- Ensured compliance with GDPR regulations for cloud-based data processing, conducting data impact assessments and implementing privacy measures.
- Orchestrated the successful completion of SOC 2 Type 2 audits for cloud services, collaborating with cloud providers and internal teams to address trust services criteria.
- Implemented comprehensive security measures in cloud environments to comply with HIPAA requirements, safeguarding protected health information (PHI).
- Assisted in the preparation and documentation required for ISO 27001 and GDPR certification audits related to cloud services.
- Provided guidance on the configuration and usage of cloud security tools, such as IAM (Identity and Access Management) and encryption services.
Senior Manager – Audit Lead
Suryoday Small Finance Bank
Navi Mumbai
05.2021 - 06.2022
- Lead the implementation and maintenance of ISO 27001 (ISMS), PCI-DSS and RBI CSF ensuring full compliance with industry standards and regulations.
- Maintained all documentation supporting ISMS, PCI-DSS and Regulatory compliance including Business Continuity, Incident Response, Privacy and Risk Management Plan.
- Collaborated with IT and cross-functional teams to develop and execute remediation plans, enhancing security measures and mitigating risks.
- Responsible for monitoring risk findings, remediate resolutions including development and execution of corrective action plans and ensure follow-on reporting and monitoring.
- Actively liaise with senior management, presenting audit findings and recommendations, and offering strategic insights to improve overall risk management.
Manager - Endpoint & Mobile Security
Reserve Bank Information Technology
Navi Mumbai
06.2019 - 02.2021
- ReBIT is set up by Reserve Bank of India (RBI) for it's IT and Cyber Security needs & to ensure cyber-resilience of Indian Banking.
- Developed and implemented endpoint security strategies, resulting in a 30% reduction in security incidents and successful defense against advanced cyber threats.
- Assisted in the development of security policies and procedures for endpoint and mobile security.
- Collaborated with IT teams to establish and enforce security policies for mobile devices, promoting a secure BYOD (Bring Your Own Device) environment.
- Assisted in the development of secure web and mobile application guidelines and standards to mitigate security risks.
- Collaborated with developers to ensure the integration of security features during the development lifecycle.
Senior Project Engineer
Wipro Technologies
01.2014 - 01.2019
- Conducting vulnerability scanning on internal and external systems to identify and mitigate identified vulnerabilities using QualysGuard.
- Responsible for design and implementation of endpoint protection solutions like McAfee, Symantec and Trend Micro endpoint security.
- Responsible for design and implementation of database and access security solution like Forcepoint DLP, Imperva and Mcafee Database Activity Monitoring and CISO NAC.
- Monitor and analyze security logs and alerts from endpoints and databases, identifying and responding to potential security incidents in real-time.
- Perform incident response and investigation, determining the root cause of security incidents and implementing measures to prevent recurrence.
- Develop and maintain comprehensive documentation related to security operations procedures and best practices.
Education
Master of Science - Cybersecurity
09.2022 - 09.2023
Master of Science - Information Technology
12.2014 - 01.2019
Bachelor of Science - Computer Science
06.2011 - 04.2014
Skills
ISO 27001, GDPR, SOC 2 Type 2, HIPAA Compliance
Risk Assessment and Vulnerability Management
Security Policy Development and Implementation
Audit and Compliance Reporting
IT Support and Troubleshooting
Data Security and Endpoint Security Solutions (Antivirus, DLP, DAM, EDR, etc)
Certification
ISO 27001 Lead Auditor
Timeline
Information Security Analyst - Scrut Automation
12.2022 - 07.2023
GDPR Foundation
12-2022
Dublin Business School - Master of Science, Cybersecurity
09.2022 - 09.2023
Senior Manager – Audit Lead - Suryoday Small Finance Bank
05.2021 - 06.2022
ITIL Framework
10-2020
ISO 27001 Lead Auditor
05-2020
Manager - Endpoint & Mobile Security - Reserve Bank Information Technology
06.2019 - 02.2021
Vellore Institute of Technology - Master of Science, Information Technology
12.2014 - 01.2019
Senior Project Engineer - Wipro Technologies
01.2014 - 01.2019
Pillai's College of Arts, Science & Commerce - Bachelor of Science, Computer Science
06.2011 - 04.2014