Gourav Agrawal

Phone No.: +91 9158585080

E-Mail: agrawal.gourav@gmail.com
linkedin.com/in/gourav-agrawal-b6446715

A Risk Management specialist with over fifteen years’ experience delivering World-class risk management solutions
and programmes for organisations addressing project and enterprise risk. These solutions comprise security and risk
consulting, threat and risk assessments, and business recovery. I also have extensive experience with banking and
retail clients with a particular focus on translating business requirements into appropriate technical solutions and
leading complex projects involving sizeable, geographically dispersed teams.
I am looking for an interesting role which will utilise my risk management, security consulting capabilities; this could
be within: a corporate business environment, within the security services sector.

Client-types: Experienced in dealing with banking, financial, telecom and retail organizations in delivering enterprise
risk management solutions. I liaise at all levels within these organisations, predominantly executive management
level, senior directors, and divisional heads.

Geographically, experience has been gained in some parts of United States, Europe and Middle East in market-
sectors such as Retail, Telecom, Banking and Financial Services.

Industry Standards: Over the years I have gained considerable experience of the content, evolution and application
of standards relevant to this industry; this includes the following:

 COBIT5 Foundation by APMG International

 ISO/IEC 27001:2013 – Information Security Management (and family of standards).
 NIST 800-53 r4- Security and Privacy Controls for Federal Information Systems and Organizations
 ISO 22301:2012 – Business Continuity Management
 GDPR law and regulations
 SABSA- Sherwood Applied Business Security Architecture

Career Highlights

Wipro Limited, Lead Consultant- Saudi Telecom Company- Kingdom of Saudi Arabia (KSA) - Jul 2019 till date.
Responsible for:

 Performing remote access assessment for cyber security and telecom security controls.
 Developing templates as per NIST 800-53 framework for control effectiveness track.
 Developing security metrics against which the performance of security controls will be measured.
 Determining threats and risk to asset from organization and business perspective.
 Coordinating with client to identify new risk areas and vulnerabilities as per NIST framework.
 Developing cyber security architecture as per SABSA framework covering IT network, infrastructure, pro-
cesses and people.

Previous employment:

Infosys Limited, Technology Analyst- Jul 2010 to Jun 2012, Technology Lead- Jul 2012 to Jun 2019
Risk and Compliance Specialist- Enterprise Application Security Program (EASP) - EON- Feb 2019 to Jun 2019
Required to:

 Work with application SPOCs to capture compliance reporting parameters for ICE CRM portfolio applica-
tions.
 Update GRC details in Target Operating Model based on team meeting inputs.
 Define and discuss the Risk and Compliance plan for EASP program.

Public
 Project Manager, Information Security Operations – Adidas - Germany - Mar 2018 to Jan 2019
Responsible for the delivery of a project throughout its lifecycle. Required to:

 Manage projects across the full software development life cycle; execution, status reporting and coordination
against project plans and delivery commitments.
 Have end-to-end ownership of cross-functional projects, including product definition, roadmap planning, and
resource planning and project execution.
 Prepare the Project Charter and Project Plan on SOC activities like vulnerability management, firewall re-
mediation, SIEM Integration, OpsGenie implementation.
 Conduct review meetings with the stakeholders for requirement gathering and project budgeting.
 Ensure that the annual PO’s of SOC devices are renewed on an annual basis.

Engagement Consultant – HSBC - Pune, India - Feb 2017 to Feb 2018

As the Engagement Consultant, was assigned to the project throughout the lifecycle of its engagement with IT Secur-
ity. Was required to:

 Work with the project manager to review the project plan and ensure the required IT Security services are in-
cluded and planned accordingly with appropriate milestones.
 Coordinate the delivery of IT Security services and keeping the customer up-to-date with progress.
 Actively monitor progress, hold regular checkpoint meetings.
 Primary point of contact for the project manager. The intention was to help keep delivery on-track.
 Maintain and update Comet and SAA database to reflect progress, go-live dates or other relevant project up-
dates.
 Act as a point of contact and liaison for the customer: respond to queries, communicate risk and provide ad-
vice and guidance to ensure compliance with Standards.
 Address any escalations, or significant issues identified that altered the scope or remit of the engagement.
Provide IT Security Completion.
 Be available to answer questions and/or facilitate any required understanding or discussion regarding the IT
Security output. Provide final Red, Amber, Green (RAG) update to the SAA database for each activity. No-
tify and escalate to the ITSA team any amber or red projects.

Output – the key output was the IT Security Completion Certificate and NFR Approval.

Risk and Compliance Manager - UBS- Pune, India - Aug 2016 to Jan 2017
 Responsible for providing management, leadership and strategic direction to mitigate the organization’s in-
formation security risks through the ISMS and related ISO Control framework.
 Performs information security risk assessments on IT assets (infrastructure, application) and assess the control
environment of the business processes and applications under review.
 Assist both internal and external audits relating to information security as well as performing independent
audits to validate completeness and accuracy of the information security program.
 Develop remediation and corrective action plans with related governance and operational functions (such as
Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance).
 Author and revise information security policies, standards, procedures and guidelines, in conjunction with the
compliance and regulatory requirements of UBS.

Information Security Officer for ICA-Infosys Relationship - Pune, India - Feb 2015 to Jul 2016
 Responsible to ensure compliance with MSA Contractual Requirements in terms of ISMS Compliance.
 Responsible for reviewing the supplier capabilities in servicing the client application delivery and mainten-
ance services from ISO 27001, ITIL, and Master Service Agreement (MSA) perspective including ISAE 3402
Type 1 and Type 2 audits. Risk Coverage: Information Security, Compliance, BCP, Contractual, Operational,
HR, Third Party Risk.

Public
  Identifying controls and coordinating their implementation, in sync with stakeholders from different tracks.
 Auditing systems and its processes for compliance with Standards, Function Baseline and Component
Baseline.
 Supporting the projects on PCI-DSS audit activities as part of annual compliance checklist.

AMP Limited- Security Architect- Requirement Gathering and Design- Pune, India - Dec 2014 to Jan 2015
 Responsible for defining and documenting architecture.
 Capturing and documenting non-functional (architectural) requirements.
 Providing technical leadership to project team to perform design to deployment related activities.
 Providing guidance, performing reviews and resolving technical issues.

AT&T- IBM- Security Design and Engineering, Pune, India - May 2014 to Nov 2014
Refresh implementation project to deploy and configure the change activity across customer’s APAC region.

AT&T- General Motors- Network Design and Engineering, Pune, India - Apr 2012 to Apr 2014
 IOS upgrade for multiple sites at client locations across APAC, EMEA and USA.
 Work closely with project managers to provide onsite and remote oversight of the installation and commis-
sioning of new sites and routers.
 Turn up new WAN/LAN circuits. Troubleshooting with vendors and onsite contacts as needed.

Caesars Entertainment- Network Engineering and Operations, Pune, India Jul 2010 to Mar 2012. Involving:
 Active participation in P1/P2 calls with client and stakeholders for network emergency issues.
 Production support as per ITIL processes within Service Level Agreement.
 Troubleshooting with Cisco TAC Engineer for critical network issues.
 Received client appreciation in Caesars Entertainment Limited for going an extra mile to resolve the issue and
effective communication. Successfully resolved an outage of data centre core switches while being on call
with client and a follow-up with Cisco TAC.

Previous employment:

Tata Consultancy Services Limited, Kolkata, Mumbai, India as Assistant System Engineer- Mar 2007 to Jul
2010
 Ensuring adherence to ITIL process for Incident Management, Change Management and Problem Manage-
ment. Troubleshooting and providing service support in diagnosing, resolving and repairing server related
hardware and software malfunctions, encompassing workstations and communication infrastructure.
 Key role in managing the projects such as: Avaya Global Connect, Toyota Financial Services, Command
Centre- Shared services for multiple clients, and Tata Teleservices Limited.

Prior to these roles, I also worked for:

Promantra Synergy Solutions Limited, Hyderabad, India as Network Administrator- Aug 2006 to Feb 2007
Gemini Communication Limited, Hyderabad, India as Network Engineer- Nov 2005 to May 2006
Brigade Corporation, Hyderabad, India as Technical Support Executive- Sep 2004 to Nov 2005

References: Available

Interests:
Reading Novels- Chetan Bhagat, Paulo Coelho, Sidney Sheldon, Ernest Hemingway
Adventure Sports
Travel.
Football, Badminton.

Public
 Academia

2017 PGDM (E-Business) from Welingkar Institute of Management, Mumbai, India and secured 71.5%
2003 Bachelor of Engineering (Electronics and Telecommunication) from Biju Patnaik University of
Technology (BPUT), Rourkela, India and secured 68.15%.
1999 CBSE 10+2 Delhi Public School, Nalco Nagar, Orissa, India and secured 62.5%.
1997 CBSE 10th Delhi Public School, Nalco Nagar, Orissa, India and secured 69.5%.

Public