Sanket Sarfare
Governance, Risk & Compliance and Internal Audit
Dublin
Summary
- Results-driven GRC and Internal Audit professional with a strong background in the financial industry.
- Offering 3+ years of expertise in ensuring regulatory compliance, risk management, and internal controls to optimize organizational performance.
- Adept at ensuring compliance with industry standards such as ISO 27001, GDPR, SOC 2 Type 2, and HIPAA within cloud and on-premise infrastructures.
- Proven track record in conducting comprehensive internal audits, identifying risks, and implementing effective controls to safeguard company assets. Possess a keen eye for detail and exceptional analytical skills, enabling precise risk assessments and compliance assessments.
- Completed an MSc in Cybersecurity with First Class Honours from DBS, Ireland, September 2022 – August 2023.
Overview
7
7
years of professional experience
8
8
years of post-secondary education
3
3
Certifications
Work History
Information Security Analyst
Scrut Automation
Dublin
12.2022 - 07.2023
- Spearheaded the cloud security initiative to achieve ISO 27001 certification, developing and implementing security controls tailored to cloud environments.
- Ensured compliance with GDPR regulations for cloud-based data processing, conducting data impact assessments and implementing privacy measures.
- Orchestrated the successful completion of SOC 2 Type 2 audits for cloud services, collaborating with cloud providers and internal teams to address trust services criteria.
- Implemented comprehensive security measures in cloud environments to comply with HIPAA requirements, safeguarding protected health information (PHI).
- Assisted in the preparation and documentation required for ISO 27001 and GDPR certification audits related to cloud services.
- Provided guidance on the configuration and usage of cloud security tools, such as IAM (Identity and Access Management) and encryption services.
Senior Manager – Audit Lead
Suryoday Small Finance Bank
Navi Mumbai
05.2021 - 06.2022
- Lead the implementation and maintenance of ISO 27001 (ISMS), PCI-DSS and RBI CSF ensuring full compliance with industry standards and regulations.
- Maintained all documentation supporting ISMS, PCI-DSS and Regulatory compliance including Business Continuity, Incident Response, Privacy and Risk Management Plan.
- Collaborated with IT and cross-functional teams to develop and execute remediation plans, enhancing security measures and mitigating risks.
- Responsible for monitoring risk findings, remediate resolutions including development and execution of corrective action plans and ensure follow-on reporting and monitoring.
- Actively liaise with senior management, presenting audit findings and recommendations, and offering strategic insights to improve overall risk management.
Manager - Endpoint & Mobile Security
Reserve Bank Information Technology
Navi Mumbai
06.2019 - 02.2021
- ReBIT is set up by Reserve Bank of India (RBI) for it's IT and Cyber Security needs & to ensure cyber-resilience of Indian Banking.
- Developed and implemented endpoint security strategies, resulting in a 30% reduction in security incidents and successful defense against advanced cyber threats.
- Assisted in the development of security policies and procedures for endpoint and mobile security.
- Collaborated with IT teams to establish and enforce security policies for mobile devices, promoting a secure BYOD (Bring Your Own Device) environment.
- Assisted in the development of secure web and mobile application guidelines and standards to mitigate security risks.
- Collaborated with developers to ensure the integration of security features during the development lifecycle.
Senior Project Engineer
Wipro Technologies
01.2014 - 01.2019
- Conducting vulnerability scanning on internal and external systems to identify and mitigate identified vulnerabilities using QualysGuard.
- Responsible for design and implementation of endpoint protection solutions like McAfee, Symantec and Trend Micro endpoint security.
- Responsible for design and implementation of database and access security solution like Forcepoint DLP, Imperva and Mcafee Database Activity Monitoring and CISO NAC.
- Monitor and analyze security logs and alerts from endpoints and databases, identifying and responding to potential security incidents in real-time.
- Perform incident response and investigation, determining the root cause of security incidents and implementing measures to prevent recurrence.
- Develop and maintain comprehensive documentation related to security operations procedures and best practices.
Education
Master of Science - Cybersecurity
09.2022 - 09.2023
Master of Science - Information Technology
12.2014 - 01.2019
Bachelor of Science - Computer Science
06.2011 - 04.2014
Skills
ISO 27001, GDPR, SOC 2 Type 2, HIPAA Compliance
Certification
ISO 27001 Lead Auditor
Timeline
Information Security Analyst - Scrut Automation
12.2022 - 07.2023
GDPR Foundation
12-2022
Dublin Business School - Master of Science, Cybersecurity
09.2022 - 09.2023
Senior Manager – Audit Lead - Suryoday Small Finance Bank
05.2021 - 06.2022
ITIL Framework
10-2020
ISO 27001 Lead Auditor
05-2020
Manager - Endpoint & Mobile Security - Reserve Bank Information Technology
06.2019 - 02.2021
Vellore Institute of Technology - Master of Science, Information Technology
12.2014 - 01.2019
Senior Project Engineer - Wipro Technologies
01.2014 - 01.2019
Pillai's College of Arts, Science & Commerce - Bachelor of Science, Computer Science
06.2011 - 04.2014
Similar Profiles
MOHAMMED SHAJILMOHAMMED SHAJIL
PROCESS LEAD (ACCOUNTS RECEIVABLES & BILLING) at SCRUT AUTOMATIONPROCESS LEAD (ACCOUNTS RECEIVABLES & BILLING) at SCRUT AUTOMATION
Karthick PonnurajKarthick Ponnuraj
Database Marketing Specialist at Scrut AutomationDatabase Marketing Specialist at Scrut Automation
Alyssa MitchellAlyssa Mitchell
Project Administrator at Dynamysk Automation/AllnorthProject Administrator at Dynamysk Automation/Allnorth