Summary
Overview
Work History
Education
Skills
Trainings and Certifications
Websites
References
Timeline
Generic

Thomas Shaji Mathews

Maynooth, Co. Kildare

Summary

Goal-oriented IT professional with significant success in planning, analyzing and implementing of security internal audits , plans and initiatives. With a thorough understanding of regulatory requirements, industry frameworks, and proficient communication skills, I aim to leverage my expertise in Qualcomm’s Information Security Certifications Program and ensuring alignment with corporate Information Security Policy/Standards. Knowledgeable IT security professional with 4 years of experience at HCL Technologies Ltd and Fidelity Investments having exposure in designing and implementing security solutions in high-availability environments. Excel in performing tasks related to the Information Security Audits based on the frameworks such as ISO27001, PCI DSS and GDPR. Certified in CEH and CompTIA Sec+ and having vast amount of knowledge in the field of attack and defense. Learning and developing skills towards my long term goal to become the CISO.

Overview

6
6
years of professional experience

Work History

Senior Technology Risk Analyst

Fidelity Investments
Dublin
11.2022 - Current
  • My job role as Senior Tech Risk Analyst over the past three months have been a great learning.
  • Assisted in updating ISMS standards, policies, and baseline security configurations, in accordance with NIST Cybersecurity Framework, TISAX, and ISO 27001.
  • I was tasked to complete ECAAP Migration, NPH (Non – Public Holdings), Aging Archer issues , ECS(Enterprise Cybersecurity) Monitoring Calls , QBRR Deck.
  • Collaborated in the revision of ISMS standards, policies, and foundational security configurations, ensuring alignment with the NIST Cybersecurity Framework, TISAX, and ISO 27001
  • Performed readiness check risk assessments for the applications that were in scope for External Audit.
  • Developed and maintained process, roadmap, and SOP documentation for GRC related functions.
  • Assisted in developing risk assessment frameworks for identifying and measuring enterprise risks.
  • Took an active role in crafting and sustaining process documentation, strategic roadmaps, and Standard Operating Procedures (SOPs) pertinent to Governance, Risk, and Compliance (GRC) functions.
  • Monitored risk assessments and assessed validity using industry-specific methods.
  • Conducted in-depth analyses on potential risks, impacts of new legislation or potential economic factors related to financial activities.
  • Documented and reported on key risks and recommended mitigation strategies.
  • Acquired risk-related data from external and internal resources.
  • Created and updated internal information security compliance policies, procedures and standards.
  • Researched various emerging attacks, threats and risks related to computer security to produce internal proactive security awareness reports.

Information Security Analyst

HCL Technologies Ltd
Chennai
07.2018 - 04.2021
  • Responsible for conducting Client based internal audits based on the frameworks such as ISO27001:2013 ISMS, PCI DSS and GPDR.
  • Experienced in writing well developed Risk Reports and presenting the risks to the Regional Head and other leadership members about the complex risks in clear and concise manner.
  • Used Risk Agilance tool and RSA Archer tool for performing audits and checking the audit logs.
  • Responsible for conducting Risk Remediation calls with the clients and helping them for closing the critical identified risks based on the Risk assessment.
  • Experience in developing and reviewing Information Security Policies, Procedures, Standards and Guidelines.
  • Designed and implemented plans to secure computer files against breach, destruction or accidental modification.
  • Designed and delivered innovative security solutions across cyber security functions with focus on threat detection and network security.
  • Responsible in conducting Enhanced Compliance Assessments based on the 12 domains including Information Security Organization and Policy, Human Resource Security, Asset Management, Physical and Environmental Security, Logical Security, Network Security, Operations Security, Systems acquisition, development and maintenance, Third Party Security, End user computing security, Business Continuity Management and Regulatory Compliance.
  • Responsible for explaining the Risk reports to the Leadership and the impact of the risks found.
  • Worked successfully with diverse group of coworkers to accomplish goals and address issues related to our products and services.
  • Carried out internal Information Security audits and coordinate external audits including ISO 27001 & Customer Contractual Audits and worked on the remediation of findings.
  • Performed GPDR audits for 250+ clients using Onetrust tool and was responsible for conducting the risk mitigation calls for all the clients.
  • Juggled multiple projects and tasks to ensure high quality and timely delivery.
  • Ensured client's Information security compliance regulations and GRC Standards (PCI-DSS, ISO 27001, HIPPA, NIST, and GDPR).
  • Worked closely with team members to deliver project requirements, develop solutions and meet deadlines.
  • Provided excellent service and attention to customers when face-to-face or through phone conversations.
  • Analyzed system risk to identify and implement appropriate security countermeasures.

Education

Master of Science in Cybersecurity -

Munster Technological University
Cork
08.2022

Bachelor of Engineering in Computer Science And Engineering -

Panimalar Engineering College
Chennai
04.2018

Skills

  • Governance, Risk & Compliance
  • Excellent Stakeholder relationship
  • Regulatory Compliance
  • Business Continuity Management
  • Internal Audit ISO27001
  • Information Security Incident Response Investigations
  • Attention to detail
  • Deadline driven
  • Time Management
  • Problem Solving Skills
  • Critical thinking
  • Decision-making

Trainings and Certifications

  • Comptia Security + certified.
  • CEH (Certified Ethical Hacker) certified.
  • PCI-DSS ver. 3.2.1 (Payment Card Industry Data Security Standard) Implementation Training from BSI.
  • CISM training in progress.

References

1) Souvik Ganguly

Working at Mindtree

Mob : +91 8017684123

Mail : souvikgang@gmail.com.

2)Praveen Vijayan

Working at Pitney Bowes

Mob : +91 9629717994

Mail : praveennjv@protonmail.com

Timeline

Senior Technology Risk Analyst

Fidelity Investments
11.2022 - Current

Information Security Analyst

HCL Technologies Ltd
07.2018 - 04.2021

Master of Science in Cybersecurity -

Munster Technological University

Bachelor of Engineering in Computer Science And Engineering -

Panimalar Engineering College

Similar Profiles

  • MICHAEL O'BRIEN

    MICHAEL O'BRIENMICHAEL O'BRIEN

    FIDELITY CLIENT SERVICES REPRESENTATIVE at Fidelity Investments - Fidelity Institutional (Fidelity Advisor Funds)FIDELITY CLIENT SERVICES REPRESENTATIVE at Fidelity Investments - Fidelity Institutional (Fidelity Advisor Funds)

    View Profile
  • Diana Villa Leon

    Diana Villa LeonDiana Villa Leon

    Retirement Associate at Fidelity InvestmentsRetirement Associate at Fidelity Investments

    View Profile
  • Valerie Yoh

    Valerie YohValerie Yoh

    Service Delivery and Enablement at Fidelity InvestmentsService Delivery and Enablement at Fidelity Investments

    View Profile
Thomas Shaji Mathews