ANJALI VARGHESE
Security Governance, Risk And Compliance Professional
Summary
Focused, detailed-oriented and sel-driven Senior Security , Governance , Risk and Compliance Analyst with over 4 years experience in risk assessments, controls assessment and policy management.
Overview
7
7
years of professional experience
Work History
SENIOR SECURITY AND COMPLIANCE ANALYST
COLES GROUP
MELBOURNE
01.2022 - Current
- Manage the Compliance Program for critical systems through working with relevant stakeholders and risk identification and remediation activities
- Report to board on Cyber metrics KRI and develop internal reports for tracking risk reports, compliancetasks and project risks
- Accountable for developing, maintaining , monitoring and enforcing information security policies andstandards to meet regulatory compliance requirements and management of security exemptionprocess
- Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risksassessment
- Maintain controls library and Cyber Security Framework
- Support Internal and External Audit activities
- Supervise cyber academy interns in day to day tasks and mentor
CYBER SECURITY CONSULTANT
TRISKELE LABS
MELBOURNE, AUSTRALIA
02.2021 - 01.2022
- Operate as an external security consultant providing advisory services to clients while also assisting with internal tasks with a focus on PCI DSS, CPS234, ISO27001
- Assist clients with Information Security Management Systems (ISMSs) implementation through policy internal security controls and internal security controls identification
- Perform Third Party Risk Assessments (TPRAs) and provide recommendations to clients to manage supplier risk with their organisation
- Assist clients in the role of Chief Information Security as a Service to meet regulatory compliance of Australian Privacy Laws, Essential Eight, ISO27001, CPS234 and Australian Government Information Security Manual
- Establish, manage, and administer organisation's ICT security policy and procedures to ensure preventive and recovery strategies are in place, and minimise the risk of internal and external security threats
SECURITY RISK AND COMPLIANCE ANALYST
TRANSURBAN
Melbourne, AUSTRALIA
08.2019 - 02.2021
- Maintain strong working relationships with individuals and groups involved in managing information risks across the organization
- Performed TPRA and provide recommendations to manage risk in supplier management
- Maintained and updated policies, standards, and guidelines through stakeholder engagements to meet NIST and industry standards
- Managed policy exemptions, identify rationale and risks underlying exemption requests, weigh effectiveness of compensating controls, and make decisions around exemption requests
- Uplifted the security awareness program within the organisation through development of customised security awareness training, rollout of phishing simulations and security awareness articles through intranet
- Audit Artefact Review and timely compliance obligation responses for audit such as Payment Card Industry Data Security Standard (PCI DSS), Trade in Services Agreement (TiSA) and ITGC
- Engaged digital development teams in Secure Code review using the Checkmarx Static Code Analysis tool
TEACHING ASSOCIATE
INFORMATION TECHNOLOGY, MONASH UNIVERSITY
MELBOURNE, AUSTRALIA
03.2019 - 06.2019
- Delivered the unit ‘Introduction to Computer Systems, Networks and Security' to first-year undergraduate students
- Developed trust and rapport with students, engaging students in learning activities to optimize their understanding of lessons
INTERN
TRANSURBAN
MELBOURNE, AUSTRALIA
12.2018 - 03.2019
- Used the double diamond design approach to develop a solution for ride-hailing and car sharing
- Conducted desktop research to understand the MaaS (Mobility as a Service) concept and collected online statistics to identify industries of interest
- Analysed ride-hailing and the car-sharing industries by examining their market attractiveness, supporting developments, ability to compete, and risk profiles
- Utilized a design thinking approach to identify customer pain points, and hosted brainstorming sessions across departments
- Undertook repeated iterations to enrich the proposed solution for both the ride-hailing and carsharing industries
NETWORK ENGINEER
ERICSSON GLOBAL SERVICES
BANGALORE
12.2015 - 06.2017
- Assisted in new and upgrade of telecom equipment (2G,3G,4G, and Baseband integration)installation by providing remote support
- Assisted Team Lead to prepare detailed reports to monitor project status and meet Service Level
- Agreements
- Contributed to the development of the team's competency by training two Graduate Engineer
- Trainees
- Awarded the Star of the Month for March 2016 in C&I (Configuration and Integration) Department of
- Ericsson for flawless delivery and exceptional performance
Education
MASTER OF NETWORKS AND SECURITY -
MONASH UNIVERSITY
07.2017 - 05.2019
BACHELOR OF TECHNOLOGY - ELECTRONICS AND COMMUNICATION
AMRITA VISHWA VIDYAPEETHAM
07.2011 - 05.2015
Skills
Active Risk Manager
Archer
Risk Identification
Risk Mitigation
Controls Assessments
Policy Development
Accomplishments
- Certified information Systems Auditor - July 2021
- ISO27001 Associate Implementer - Sept 2021
- ITILV4 - July 2020
Volunteering
- ISACA VOLUNTEER, ISACA, MELBOURNE, AUSTRALIA - July 2022 - Present
- WOMEN IN TECHNOLOGY COMMUNITY OF PRACTICE, COLES GROUP, MELBOURNE, VICTORIA - July 2022 - Present
Timeline
SENIOR SECURITY AND COMPLIANCE ANALYST
COLES GROUP
01.2022 - Current
CYBER SECURITY CONSULTANT
TRISKELE LABS
02.2021 - 01.2022
SECURITY RISK AND COMPLIANCE ANALYST
TRANSURBAN
08.2019 - 02.2021
TEACHING ASSOCIATE
INFORMATION TECHNOLOGY, MONASH UNIVERSITY
03.2019 - 06.2019
INTERN
TRANSURBAN
12.2018 - 03.2019
MASTER OF NETWORKS AND SECURITY -
MONASH UNIVERSITY
07.2017 - 05.2019
NETWORK ENGINEER
ERICSSON GLOBAL SERVICES
12.2015 - 06.2017
BACHELOR OF TECHNOLOGY - ELECTRONICS AND COMMUNICATION
AMRITA VISHWA VIDYAPEETHAM
07.2011 - 05.2015