Summary
Overview
Work history
Education
Skills
Certification
Languages
Accomplishments
Timeline
Manager
Shweta Gaur

Shweta Gaur

London,United Kingdom

Summary

Senior Technology Risk Manager with 10 years of experience in implementing advanced security frameworks and conducting comprehensive governance risk and compliance audits including cloud security to consistently drive risk reduction and compliance. Adept at leading cross-functional teams to enhance security measures and ensure robust data protection.

Overview

10
10
years of professional experience
4
4
years of post-secondary education
6
6
Certification

Work history

Senior Information Security Analyst

Elastic
11.2022 - Current
  • Conducted security audits, identified vulnerabilities and enhanced protocols to achieve significant risk reduction
  • Drive continuous improvement in security measures, significantly reducing potential breaches.
  • Conduct meticulous annual compliance audits across multiple standards, ensuring strict adherence to ISO, PCI, SOC2, HIPPA, and CSA Star requirements.
  • Successfully implement PCI DSS 4.0 requirements from ground up, bolstering compliance and fortifying overall security posture.
  • Orchestrate and drive UK Cyber Essential Plus Audit, fostering cross-functional cooperation for comprehensive security assessment.
  • Facilitate Vulnerability assessment and penetration testing.
  • Led customer security audits for IBM, Vanguard, UK Met office etc. and engage with senior customer leadership
  • Support the leadership team in developing key messages and governance reporting.
  • Represent compliance function in various stakeholders meetings, Quarterly review conversations with Leadership.
  • Engage with different internal teams to help them better understand internal audit requirements


Senior Technology Risk Manager

GoDaddy Europe Limited
04.2020 - 05.2020
  • Drive and Implement ISO 27001 for GoDaddy Domain registrar, enhancing security compliance and efficiency.
  • Coordinate PCIDSS audits for payment carts, ensuring regulatory adherence and secure transactions.
  • Conduct cloud controls testing across deployment models, improving system reliability and security.
  • Perform cloud security reviews pre-migration, ensuring readiness and minimizing risks.
  • Validate AWS roles and responsibilities, strengthening accountability and operational clarity.
  • Successfully automated and implemented compliance management tools.
  • Led and coordinate the GRC audits (HIPPA,GDPR, ISO 27001, CSA STAR) including audit planning, engaging with external auditors and internal stakeholders.
  • Led customer audit calls and represent Organisation Information security management system.
  • Conducted comprehensive SOX 404 audits to assess internal controls over financial reporting, ensuring compliance with regulatory requirements.



Senior Security Specialist

Accenture Solutions Pvt. Ltd
11.2018 - 03.2020
  • Performed vendor risk assessment for 50+ vendors
  • Complete and evaluate customer security questionnaires and audit reports
  • Conducted SOX 404 audits for manufacturing and health sectors, ensuring compliance and reducing risks.
  • Performed web application security assessments, identifying vulnerabilities and recommending fixes.
  • Trained developers in secure coding practices, reducing security incidents and improving code quality.
  • Supervised independent risk and compliance audits to monitor growth and productivity.
  • Automated audit evidence collection and remediation using tool like ServiceNow, Anecdotes, Audit Board

Senior Associate Consultant

Ernst & Young
10.2017 - 11.2018
  • Performed thorough SOX 404 audits, ensuring compliance and identifying critical risk areas.
  • Performed testing of ITGC controls (Change Management, Incident Management, Backup & Recovery procedures)
  • Collaborated with teams to implement corrective actions, enhancing financial controls.
  • Delivered detailed audit reports, driving significant improvements in financial controls.
  • Perform Information Security Risk assessments on an ongoing basis and report critical risks
  • Enforced SOX compliance across high-volume controls environment.

Associate

HcentiveTechnology India Pvt. Ltd
05.2016 - 09.2017
  • Complete and review third party customer security questionnaires
  • Tested IT controls per ISO 27001, ensuring compliance and security.
  • Conducted web application security assessments, identifying vulnerabilities.
  • Trained developers in secure coding practices as per OWASP Top 10
  • Assisted in training and mentoring junior auditors on SOX 404 compliance and audit methodologies.


Analyst

JK Technosoft
07.2014 - 03.2015
  • Implemented ISO 27001 Information Security Management System, conducting internal audits.
  • Assessed security posture, identified gaps, and developed solutions to mitigate risks.
  • Enhanced security measures, achieving measurable improvements in risk management.
  • Collaborated with teams to ensure compliance with ISO 27001 standards.
  • Tested security measures and systems, performing risk assessments to detect vulnerabilities.

Education

Bachelor of Technology -

Inderaprastha Engineering College
04.2010 - 04.2014

Skills

  • ISO 27001
  • PCI DSS
  • Cloud Security
  • (SSAE 16) SOC 1/ SOC 2 Audit
  • SOX 404 Audit
  • Vulnerability Scanning
  • Penetration Testing
  • Secure Code Review
  • Cloud Readiness Review
  • UK Cyber Essential plus
  • CSA STAR (CCM)
  • NIST CSF
  • Third party Risk Management
  • HIPPA
  • GDPR

Certification

  • CISSP
  • Certified ISO 27001: 2013 Lead Auditor
  • Certified ISO 27001:2022 Lead Auditor
  • Certified PCIDSS V4.0 Implementer
  • Certified Ethical Hacker (CEH V8.0)
  • Certified CCSK (Cloud Computing Security Knowledge ) by CSA

Languages

English
Fluent
Hindi
Fluent

Accomplishments

  • Successful Implementation of GRC Framework - Led the implementation of a comprehensive GRC framework that resulted in automated evidence collection and unified remediation.
  • PCI 4.0 Gap Analysis- Conducted gap analysis of PCI environment to accomplish transition from 3.2.1 to 4.0 version.
  • Training and Development Programs - Developed and delivered training programs that increased employee awareness of compliance and risk management including secure code training.
  • Led audit calls and reporting : Leading GRC (Governance, Risk, and Compliance) audit calls with external auditors involving clear communication and focus on collaboration.
  • Cross-Departmental Collaboration - Established a cross-functional team to enhance communication and collaboration on GRC initiatives, leading to improved stakeholder engagement.
  • Achieved UK Cyber Essential Plus - Coordinated with an accredited certification body to conduct the Cyber Essentials Plus assessment. Successfully guided the organization through the evaluation process, addressing any identified issues promptly.
  • Developed Vendor Risk Assessment Program- Successfully designed and implemented a robust vendor risk assessment program that enhanced our organization’s ability to manage third-party risks effectively.

Timeline

Senior Information Security Analyst

Elastic
11.2022 - Current

Senior Technology Risk Manager

GoDaddy Europe Limited
04.2020 - 05.2020

Senior Security Specialist

Accenture Solutions Pvt. Ltd
11.2018 - 03.2020

Senior Associate Consultant

Ernst & Young
10.2017 - 11.2018

Associate

HcentiveTechnology India Pvt. Ltd
05.2016 - 09.2017

Analyst

JK Technosoft
07.2014 - 03.2015

Bachelor of Technology -

Inderaprastha Engineering College
04.2010 - 04.2014

Similar Profiles

Create profile
Shweta Gaur