Aishwarya Sharma
Marleston
Summary
Aishwarya is a Cybersecurity Senior Analyst within the Digital Risk Management capability of PwC Australia’s Cybersecurity and Digital Trust team. She is passionate about auditing cyber security controls, implementing, and documenting them and conducting risk assessments. She also has a knowledge of cybersecurity standards and frameworks, including CPS 234, NIST CSF, ISO 27001/2, South Australia Cyber Security Framework (SACSF), Protective Security Policy Framework (PSPF), Defence Security Principles Framework (DSPF), PCI DSS, ASC Essential Eight, Information Security Manual, MITRE ATT&CK, Australian Energy Sector Cyber Security Framework (AESCSF), Australian Privacy Principles. She has strong thinking, work ethics, good technical skills and problem-solving capabilities which helps her to tailor effective cybersecurity solutions and mitigation strategies for clients. Always ready to help organisation towards achieving their goals.
Overview
7
7
years of professional experience
Work History
Senior Cybersecurity Analyst – Assurance
PwC Australia
01.2022 - 11.2023
- Worked with team to respond to client Request for Proposals (RFP)
- ISO 27001 Assessment
- Conducted risk assessments to identify and assess potential information security risks
- Collaborated with other departments to understand the organization's risk landscape
- Collaborated with the clients to conduct a risk assessment to identify and assess potential information security risks
- Assisted in developing risk treatment plans to mitigate identified risks
- Conducted interviews with key stakeholders, including management, IT personnel, and other relevant staff
- Discussed security practices, roles and responsibilities, and the implementation of security controls
- If necessary, conducted on-site visits to assess the physical security of facilities and the implementation of security measures
- Verified that security controls are in place and operating effectively
- Developed and implemented incident response procedures for the clients
- Investigated and analysed security incidents to determine the root cause
- Worked on containment, eradication, and recovery efforts in response to the incidents
- Identified any gaps or areas where the client's practices need improvement to meet the standard
- Implemented and managed technical security controls to protect information assets
- Ensured that security measures are in place and effective in mitigating identified risks
- Conducted vulnerability assessments to identify weaknesses in the organization's systems
- Collaborated with system administrators and IT teams to remediate identified vulnerabilities
- Assisted in developing and delivering security awareness programs for employees and the clients
- Provided training to staff on security best practices and policies
- Contributed to the development and maintenance of information security policies and procedures
- Documented findings, including areas of compliance and non-compliance
- Ensure that corrective actions are taken to address non-compliance issues
- Provided recommendations for improvement and corrective actions
- Ensured that security policies are communicated and adhered to throughout the organization
- Shared the assessment report with the client for review and feedback
- Provided guidance on how to maintain and continually improve the ISMS
- Conducted follow-up assessments to verify that corrective actions have been implemented effectively
- Provided ongoing support and advice as needed
- NIST Assessment
- Responsible for conducting a complete NIST assessment
- Responsible for leading client workshops, collecting documented evidence, completing the maturity assessment, identifying gaps and uplift opportunities, and reporting to the client
- Third Party Risk Assessment
- Delivered third party risk assessment service for Big Four Australian banks based on Control Objective Framework (COF), including reviewing suppliers’ relevant policies and procedures, and testing designed controls
- Led a small group of assessors to deliver reports in a timely manner and resolving any issues arising within the assessment team
- Performed control mapping from ISO 27001 and SOC-2 Type II auditing report to third-party risk assessment framework
- Performed risk assessments across five key domains: BCP/DR, HR, Information System and Security, Legal and Compliance, Technology Management and Physical Security
- Produced vendor summary reports sharing assessment results and observations
- Conducted workshops with senior stakeholders
- Assisted the team in delivering good quality of project on time
- FAIR Threat & Risk Assessment
- Conducted Threat and Risk Assessment (TRA) for New South Wales Electoral Commission
- It involved identification of critical assets, detailed risk assessments and quantified reporting outputs to develop detailed roadmaps for clients
- Assessed control areas and provided effectiveness ratings for each critical asset using Threat Risk and Control (TRC) model
- Assisted the client in reviewing, updating, and forming new IT security policies and uplifting their overall security posture along with creating threat scenarios for the identified crown jewels and providing appropriate mitigation strategies
- Responsible for client communications and project management activities for several work streams running together including Threat & Risk Assessments, Identity and Access Management, Incident Response, NIST Maturity Assessments and Third-Party Risk Assessments
- Led the development and implementation of the GRC framework, resulting in specific outcome
- Conducted regular risk assessments and worked cross-functionally to address identified vulnerabilities, which helped reducing overall risk exposure
- Ensured compliance with relevant standards through some audits and proactive risk management initiatives
- Responsible for creating templates, collating updates and preparing slide decks for weekly project control meeting with the client and fortnightly governance meeting with the board
- Responsible for completing the tasks at the end of the engagement
- Critical Infrastructure Audit
- Assisted in conducting client workshops, gathering the required details for the audit through the workshops and collating supporting evidence to help prepare client for an upcoming audit
- Responsible for completing the audit checklist for the identified areas of NIST assessment
- Reviewed and provided coaching
- Always reviewed the work done by the juniors and provided feedback based on work done by them
- Provided coaching to the junior staff on specific frameworks, by taking responsibility of the overall project
- Helped them to resolve the issues if they are unable to do so
- Took overall responsibility of the engagement: assisting team for proposals, overseeing the budget by making sure correct time is charged for correct code, making sure all the deliverables are delivered to the client on-time and within the budget assigned.
Cybersecurity Advisor – GRC
Kumar Industries
06.2016 - 06.2019
- Performed Security Risk Assessments
- Conducted extensive consultations with clients to understand their business objectives, risk tolerance, and current cybersecurity posture
- Utilized a consultative approach to identify gaps and vulnerabilities in clients' infrastructure
- Assisted clients in mapping frameworks to organizational objectives and implementing robust policies, procedures, and controls
- Conducted gap analyses and risk assessments to prioritize remediation efforts
- Advocated for a culture of continuous improvement, facilitating regular assessments, training sessions, and tabletop exercises
- Communicated technical information to non-technical individuals easily and comprehensively
- Support and evaluation of implemented IT Security Policies, Standards and Procedures across the organisation.
Education
PCI DSS Standard and Compliance -
Udemy
ISO 27001:2022 Lead Implementer -
Udemy
Implementing the NIST Cybersecurity Framework -
Udemy
Masters of Cybersecurity -
University of South Australia
Bachelor of Computer Applications -
Guru Nanak Dev University
Skills
- Cybersecurity Risk and Compliance
- ISO 27000 Series Standards and ISO 31000 Standards
- Information Security Management Systems (ISMS)
- Cyber Supply Chain Risk Management
- Audit, Assurance and Supply Chain Considerations
- Ability to identify and manage risk
- Australian Prudential Regulatory Authority (APRA)
- Australian Security and Investment Commission (ASIC)
- Experience for working on environments
- AWS
- Office 365
- Microsoft Teams
- IT Stakeholder Engagement
- Stakeholder Engagement
- Conflict and issue resolution
- Delivered good quality projects on time
- Always received positive feedback and appreciation from stakeholders
- Tools and Programming Languages:
- Wireshark, CISCO, OWASP ZAP, C, C, Java, Linux, Powershell, Tenableio
- Great presentation skills
- Good communication skills
- Maintain high standards of professionalism by always being on time, keeping good attitude towards others and always wear a smile on face
- Ability to maintain work life balance by doing other curricular activities after working hours
- Security Operations Center
- Developing security plans
- Incident Response Management
- Disaster Recovery
- Digital Forensics
- Vulnerability Assessment
- Risk Mitigation
- Information Governance
Languages
English
Hindi
Punjabi
References
Available upon request.
Timeline
Senior Cybersecurity Analyst – Assurance
PwC Australia
01.2022 - 11.2023
Cybersecurity Advisor – GRC
Kumar Industries
06.2016 - 06.2019
PCI DSS Standard and Compliance -
Udemy
ISO 27001:2022 Lead Implementer -
Udemy
Implementing the NIST Cybersecurity Framework -
Udemy
Masters of Cybersecurity -
University of South Australia
Bachelor of Computer Applications -
Guru Nanak Dev University
Similar Profiles
Pardhu KolluPardhu Kollu
Cybersecurity Senior Analyst at PwC AustraliaCybersecurity Senior Analyst at PwC Australia
Galiba SardarGaliba Sardar
Audit Associate at PwC AustraliaAudit Associate at PwC Australia
Barbara SmithBarbara Smith
Case Manager/Injury Management - Manager at PwC AustraliaCase Manager/Injury Management - Manager at PwC Australia
Jennifer HoangJennifer Hoang
Payroll Associate at PwC AustraliaPayroll Associate at PwC Australia
Leon BijuLeon Biju
Medical Receptionist at Adelaide ENT SurgeryMedical Receptionist at Adelaide ENT Surgery