Sharad Sahni
Sydney,NSW
Summary
Professional with extensive experience in specialised roles, bringing valuable insights and practical expertise. Recognised for fostering team collaboration and consistently achieving objectives. Reliable and adaptable, with strong problem-solving and analytical skills.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Senior Specialist Cyber Advisor
Transport for NSW
07.2022 - Current
- Provided strategic guidance on cyber risk management and ensured compliance with industry regulations through close collaboration with cross-functional teams
- Conducted thorough assessments of cybersecurity risks to identify vulnerabilities and recommend impactful solutions
- Implemented a third-party cyber risk management framework to streamline the management and mitigation of cybersecurity risks
- Conducted vendor cybersecurity assessments to identify and address risks associated with third-party suppliers
- Reviewed and guided the implementation of cybersecurity policies, standards and procedures aligning with security standards and frameworks (ISO27001, Protective Security Policy Framework (PSPF), ASD Information Security Manual (ISM), ASD Essential 8, NIST)
- Participated in organisation-wide and other department projects/initiatives as a Cyber Risk representative to provide GRC guidance and advise on cyber security best practices
Manager Technology & Cyber Audit
Optus
08.2020 - 07.2022
- Responsible for leading Cybersecurity and Technology Audit reviews to identify, assess, monitor, and report on the effectiveness of technology and cybersecurity controls and drive corrective action
- Responsible for audit planning tasks, resource planning and assignment, review of audit working papers, completion of the final report and presenting audit findings to senior management
- Developed statement of work for Internal Audit to engage in special project work, to enable transparency around objectives for the area being reviewed
- Member of Technology Risk Committee; delivered enhanced processes to enable risk-based decisions at the Committee, including improvements to the timeliness of material distribution, improved issues reporting, and topics that highlight the key risk issues
- Collaborated with business partners including IT, Network, Information security, Risk management and Legal to ensure controls were designed in compliance with regulatory requirements and industry best practices
Manager Technology Risk & Cyber Security
KPMG Australia
02.2017 - 03.2020
- Managed the planning, scoping, delivery, risk management, review, and end-to-end delivery of IT and Cyber Audits
- Supported business development initiatives including identifying, qualifying and pursuing revenue-generating opportunities, preparing proposals, and attending pitches
- Coached and developed junior members of the team with a focus on producing quality outputs
- Led Technology Audit including IT general controls review and business process controls review for corporate and public sector clients
- Managed the Cloud Governance Review, including assessing the effectiveness of controls to manage cloud security risk for corporate and public sector clients
- Led the Cyber maturity assessment (CMA) based on the NIST and ISO27001 framework for corporate clients
- The project involved an in-depth review of an organisation’s ability to protect its information assets and its preparedness against cyber threats
- Cyber maturity assessment (CMA) helps corporate clients: Identifies current gaps in compliance and risk management of information assets; Assesses the scale of cyber vulnerabilities; Sets out prioritised areas for a management action plan
- Conducted ISO 27001, APRA CPS 234 and CPS 234 readiness reviews for corporate clients including risk assessment, controls assessment, identifying weaknesses in existing controls or control gaps and reporting the compliance status against the standard to the management
Assistant Manager
KPMG UK
05.2014 - 12.2016
- Managed ISAE 3402 control reporting engagement for banking clients providing fund accounting services relating to hedge funds and mutual funds to clients all over the world
- The assignment includes testing of controls related to accounting & valuation, investor services, market data, custody settlements, user access management, data backup, change management, business continuity management, and physical security
- Led AAF 01/06 control reporting engagement for Investment Management Firm
- The firm provides its services to pension funds, charitable organisations, retail investors, and institutional investors
- This assignment involved risk-based control design, implementation, evaluation, mitigation, and deficiency reporting for controls covering IT and business process controls
- Performed SoX – 404 readiness testing for Royal Bank of Scotland covering major financial critical applications, operating systems, and databases
- This assignment involved risk-based control design, evaluation, mitigation, and deficiency reporting for controls covering IT and business process controls
Consultant
KPMG India
05.2010 - 05.2014
- Managed Sarbanes Oxley Attestation reporting for a leading ITES firm in India
- Work involved testing of IT controls relevant to financial reporting, detailed walkthrough of critical IT processes, IT General control, financially relevant controls, and Application related controls
- Risk-based control design, benchmarking, implementation, evaluation, mitigation, and deficiency reporting for controls covering IT and business process controls
- Led ISAE 3402 examination for corporate clients providing business services and solutions
- The examination consisted of reviewing the process-related controls for the clients’ various processes at India Centre
- The assignment includes testing of design and effectiveness of controls relating to claims, collections, loss prevention, remittance, and revenue processing
- Primary resource involved in the delivery of Information Technology (IT) Business Continuity Plan for corporate clients
- This project involved assessing the critical business applications, performing business impact analysis of critical applications, designing recovery strategies, and delivering of IT Business Continuity Plan
Education
MBA-IT -
Indian Institute of Information Technology
06.2022
B.Tech-Industrial Production -
Uttar Pradesh Technical University
06.2007
Skills
- Technology Risk Management
- Cyber Security Governance
- Cloud Security
- APRA CPS 234
- Cyber Security Risk Assessment
- IT Audit & Assurance
- Technology & Cyber Internal Audit
- ASD Essential 8
- IT Architecture Review
- ASD ISM
- Protective Security Policy Framework
Certification
- Certified Information Systems Security Professional (CISSP), ISC2
- Certified Information Security Manager (CISM), ISACA
- Certified Information System Auditor (CISA), ISACA
Training
Information Security Registered Assessors Program (IRAP)
Additional Information
Australian Citizen, Available for assessment for Baseline or NV1 Security Clearance
Timeline
Senior Specialist Cyber Advisor
Transport for NSW
07.2022 - Current
Manager Technology & Cyber Audit
Optus
08.2020 - 07.2022
Manager Technology Risk & Cyber Security
KPMG Australia
02.2017 - 03.2020
Assistant Manager
KPMG UK
05.2014 - 12.2016
Consultant
KPMG India
05.2010 - 05.2014
B.Tech-Industrial Production -
Uttar Pradesh Technical University
MBA-IT -
Indian Institute of Information Technology
Similar Profiles
Hayden SutherlandHayden Sutherland
Civil Construction Worker at Transport For NSWCivil Construction Worker at Transport For NSW
Jay CrittendenJay Crittenden
Team Leader at Transport for NSWTeam Leader at Transport for NSW
DILEK SENGELDILEK SENGEL
Shared Services Consultant, Receivables and Payables, Corporate Services at TRANSPORT FOR NSWShared Services Consultant, Receivables and Payables, Corporate Services at TRANSPORT FOR NSW