Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Hi, I’m

Asheesh Gupta

Milperra,NSW
Asheesh Gupta

Summary

Being an experienced Risk Governance Lead with the focus on Business and Technology, I am dedicated to a long-term risk management by building strong relationship across different business functions and helping them achieve their business goals with a minimum risk profile.

Overview

17
years of professional experience
1
Certification

Work History

DELOITTE

Risk Manager
01.2022 - Current

Job overview

  • In my current capacity I am responsible for leading the Risk Governance and compliance advisory for internal and external customers.
  • Cloud Risk governance for the organization operations and data.
  • Compliance to Australian standards of security and privacy.
  • Secure data management by reviewing access policies and integration of CIA with the business needs.
  • Building Strategy and Roadmap for Risk Mitigation in line with the Business Vision.
  • Assessing the current security maturity and risk assessment of the business environment.
  • Help in growing the Digital and Technology risk management practices across the cloud and on-prem.
  • Mentor and coach, the staff and new managers.
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
  • Devised new systems and specific processes to handle ongoing monitoring needs for potential risks.
  • Monitored business growth to stay current on potential risks.
  • Work with technical, operational and business stakeholders to keep the minimum risk profile.

EHealth NSW

Senior Cyber Security Advisor
06.2021 - 01.2022

Job overview

  • The role was about improving the risk governance and cyber threat mitigation practices for the Health dept and the associated local health districts (LHDs)
  • Provide recommendations and advice on risk mitigation, design and implementation of ICT systems
  • Help develop a cost-effective catalogue of available cybersecurity advisory services and assist in managing finances
  • Balance compliance and cyber risks against efficient service delivery
  • Protect and harden NSW Health's ICT systems and deliver as per Privacy and Security Assurance Framework (PSAF)
  • Liaise with eHealth clients and vendors to ensure appropriate expectations and deadlines are met
  • Provision of cybersecurity effective advice ‘as a service'
  • Recommend improvements in security systems and procedures.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.

Service NSW

Senior Cyber Security Advisor
04.2020 - 06.2021

Job overview

  • This role focused on improving the cloud infrastructure, secure application development, and setting up security processes -
  • Performing Security Risk Assessment on public projects rollout – (COVID 19, Student Grants, Licensing, etc.)
  • Managing the cloud security infrastructure
  • Risk assessment of internal environment while collaborating with other agencies – Transport, OCG, DCS, etc
  • Working with application security controls on new applications being released
  • Enhance monitoring, detection and investigating capabilities
  • Acting as a technical security advisor on cloud, infrastructure, and endpoint
  • Establishing security processes and improving the existing ones
  • Guiding Essential 8 program within the agency and mitigation of the audit findings
  • Leading security alerts investigations
  • Reviewing changes for security and risk coverage
  • Completed vulnerability scans to identify at-risk systems and remediate issues.

Randstad

Cyber Security Solution Specialist
05.2018 - 05.2019

Job overview

  • This role was a combination of security delivery and security consultant.
  • Ensure delivery for the in-region customers from the global SOC.
  • Provide monitoring, detection and investigating capabilities.
  • Manage incident response, change management, vulnerabilities and patch management based on SOC findings.
  • Overall accountable for security delivery to the customer.
  • Responsible for uncovering details of business problems and customer objectives.
  • Prioritize the highlighted issues and aligning the delivery accordingly.
  • Understanding customer requirement and developing the right solution meeting their business objectives and security governance goals.
  • Arrange technical training for delivery engineers for advisory and managed services.
  • Assist in the strategic direction for long term cyber security program and leading for the overall better security maturity in the organization.
  • Align existing delivery model with the security objective of the customers.
  • Set up SLAs, defining delivery engagement and security on boarding for the clients.
  • Enhance the existing processes to be fit for the security delivery.

Swift

SOC Manager
12.2016 - 09.2017

Job overview

  • This role was about managing global SOC during APAC hours.
  • Monitoring/Detection – Manage set up of security monitoring tools to receive raw security-relevant data.
  • Incident Handling and Investigation.
  • Find suspicious or malicious activity by analyzing alerts.
  • Investigate indicators of compromise (IOCs like file hashes, IP addresses and blacklisted domains).
  • Review event correlation rules.
  • Perform triage on security alerts by determining their criticality and scope of impact.
  • Operations & Management - Supervise the activity of the SOC team.
  • Recruit, hire, train, and assess the staff.
  • Manage the escalation process and review incident reports.
  • SOC Integration with the business and operations.
  • Leading the SOC to higher maturity.

DXC (CSC) TECHNOLOGY

Cyber Security Operations Manager
06.2011 - 12.2016

Job overview

  • This role was about running a cybersecurity operation for various customers from insurance, industrial and health sector.
  • Manage the cybersecurity operations for multi-domain customers.
  • Responsible for providing a secure business operation environment following the industry standards and regulations such as NIST, PCI-DSS and HKMA.
  • Operations of security infrastructure including firewalls, IDS/IPS, Proxy and F5 load balancers.
  • Rules and configurations reviews.
  • Project implementations, data centre migrations and security operations take over from previous service provider.
  • Manage the Disaster recovery and secure BCP operations from security operations standpoint.
  • Manage a regional team - of culturally diversified Security Professionals out of six countries.
  • Responsible for daily operations readiness following the leverage model
  • Security Solution and Implementation.
  • Audits and vulnerabilities remediation.
  • Change and Incidents Management.
  • Hiring/Recruitment and operations team expansion.

DXC (CSC)

Assistant Manager - Security
07.2006 - 06.2011

Job overview

  • Here, I was working as a Network Security Associate Manager responsible for a team managing client network security infrastructure.
  • We were providing network security solutions to our clients in Australia and U.S.
  • Handling Customer Escalations.
  • Constant refresh of the environment in terms of upgraded security patches and hardware.
  • Team Activities such as rotation of duties, standby availabilities, and operation readiness.
  • Audit of resources and services.
  • VPN and Firewalls projects deployment.
  • Infrastructure upgrade planning and implementation
  • Training the new hires and security staff members.
  • Change management and Incident Management following ITIL practices.

Education

Indra Gandhi University
India

Master of Science from Computer Applications
06.2008

Software Technology Group
India

Advanced Diploma from Software Technology
09.2000

University of Delhi
India

Bachelor of Arts from Economics
06.1996

Skills

  • Cross-Functional Collaboration
  • Root Cause Analysis
  • Risk Management and Governance
  • Government Regulations and Guidelines - APP and CPS, E8
  • NIST Cybersecurity Framework
  • ISO Standards

Accomplishments

  • Introduced meaningful changes in the Risk Strategy based on the Organisation vision.
  • Risk assessed for 24 new services planned to be operationally ready with in a month
  • Improved the Enterprise Infosec Assessment structure imparting greater positivity along with an effective risk reporting.
  • Enhanced Business Continuity Planning by mandating BCP as during Change Planning.
  • Formulated an efficient Risk Register prioritising risks in terms of relative severity of impact to the business.
  • Identified persistent Enterprise level risks in key activities targeted towards NSW residents.
  • Identified an upcoming threat during key business hours with the collaboration of operations experts.
  • Enhanced relationship with the business groups and improved on the perception carried for the Security Team which were earlier perceived as "Privacy Monitors"
  • Supervised team of twelve staff members spread across multiple locations

Certification

  • Certified Information Systems Security Professional (CISSP) – License 362287, (ISC)²
  • Certified Information Security Manager® (CISM) - License 1527634, ISACA


Timeline

Risk Manager

DELOITTE
01.2022 - Current

Senior Cyber Security Advisor

EHealth NSW
06.2021 - 01.2022

Senior Cyber Security Advisor

Service NSW
04.2020 - 06.2021

Cyber Security Solution Specialist

Randstad
05.2018 - 05.2019

SOC Manager

Swift
12.2016 - 09.2017

Cyber Security Operations Manager

DXC (CSC) TECHNOLOGY
06.2011 - 12.2016

Assistant Manager - Security

DXC (CSC)
07.2006 - 06.2011

Indra Gandhi University

Master of Science from Computer Applications

Software Technology Group

Advanced Diploma from Software Technology

University of Delhi

Bachelor of Arts from Economics

Similar Profiles

CREATE PROFILE
Asheesh Gupta