GURPREET GHUMAN
Frederick,MD
Summary
Accomplished in spearheading risk management and cybersecurity initiatives, I significantly reduced operational risk by 8% at Deloitte & Touché through strategic implementation of Risk & Control Self-Assessment (RCSA). Expert in NIST Cybersecurity Framework and COBIT, with strong leadership skills, I excel in driving projects to enhance security and compliance across financial and healthcare sectors.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior Consultant/Lead
Deloitte & Touché
Baltimore, MD
01.2022 - Current
- Directed comprehensive oversight of program controls for business functions, synchronizing risk management frameworks, policies, procedures.
- Conducted risk assessments, performed due diligence, and led ongoing monitoring and governance activities to maintain a reliable, well-managed supplier base.
- Collaborated with cross-functional teams, including Privacy, IT, Legal, and Compliance, to implement best practices for supplier management, and enhance risk management processes throughout the supplier lifecycle.
- Led the implementation of Risk & Control Self-Assessment (RCSA) for a financial services client, identifying key risks and control gaps, and developing remediation plans, resulting in an 8% reduction in operational risk.
- Designed and deployed Privacy and Identity Access Management, Security Monitoring, Cloud transformation solutions for healthcare clients worth $1.2M.
Senior Consultant
Business Integra Inc
Bethesda, Maryland
08.2020 - 01.2022
- Oversee the business process development in financial services clients that include developing IT policies, standards, processes, and guidelines for IT security, asset management, data governance, and third-party risk management to align with regulatory dimensions and NIST standards.
- Leading commercial business offering with financial and healthcare clients to focus on enterprise risk management, incident response, maturity assessment, and act as Data Privacy Officer to manage data compliance against regulatory requirements with PCI DSS, HIPAA, ISO, NIST SP 800-171, HITRUST, and SEC.
- Spearheading business process improvements with higher education clients to manage the Identity & Access Management program initiative, Vendor Risk Management, GDPR compliance, Third-Party Risk Management, Data Management, and Governance program establishment in order to adhere to regulatory compliance, as well as meet industry baseline standards.
Consultant
Deloitte & Touché
McLean, Virginia
02.2019 - 08.2020
- Led the security program to address the third-party risk and vendor assessments for financial technology, higher education, and healthcare clients to identify vendor supplier and security assessment process optimization requirements, design the consolidation of processes, and deploy enhancements across the 400+ vendors.
- Security risks, privacy risks, developed remediation plans for security incidents, and implemented security controls based on industry best practices and standards, including HIPAA, HITRUST, NIST CSF, PCI, and GDPR compliance.
- Spearheaded the digital platform assessment for a telecommunication client and identified DevSecOps security gaps, streamlined software development processes, including testing security gates, audit log generation, and integrated security processes within 32 teams in FIOS Business, Consumer, and Wireless Services development.
- Supported Security Operations Center (SOC) to streamline their threat alerts and executive reporting in ServiceNow and LogRhythm for a telecommunication client.
- Lead quality control and compliance for financial services to identify security gaps with Securities and Exchange Commission (SEC) standards, developed Know Your Customer (KYC) security review processes that modernized customer screening and fraud assessments in wealth management.
- Performed an external IT audit on financial systems to identify cybersecurity gaps, and developed a mitigation strategy.
Security Consultant
Business Integra Inc
Bethesda, Maryland
07.2016 - 02.2019
- Performed cybersecurity continuous assessment for a government client to identify security vulnerabilities, developed a Plan of Action and Milestones covering 101 systems based on FISMA and NIST SP 800-53A, and 171 standards.
- Led the RSA Archer implementation for a government organization to consolidate risk reporting of multi-faceted systems, to develop system authorization packages, system security plans, continuous monitoring performance reports, and incident response plans for 26 FISMA systems.
- Deployed a Risk Management Framework (RMF) for a federal client to identify security risks within systems implementation, enterprise change management processes, and integrated third-party risk controls to maintain a risk register, and generated audit reports, which resulted in continuous compliance with government regulations.
- Acted as Data Protection Officer to manage vendor risks and the compliance program in the Investment and Securities Department for a financial client.
Education
Master of Engineering - Cybersecurity
University of Maryland
Maryland05.2016
Bachelor of Technology - Computer Science Engineering
Manav Rachna International University
India06.2013
Skills
- NIST Cybersecurity Framework Expertise
- COBIT
- NIST SP 800 Compliance
- Sarbanes-Oxley Compliance
- Expertise in HIPAA Standards
- FISMA Risk Management
- ISO/IEC 27001 Auditing
- ITIL Foundation Knowledge
- ServiceNow IT Asset Management
- ServiceNow Governance, Risk, and Compliance
- RSA Archer Proficiency
- LogRhythm Experience
- Splunk
- AWS
- Strong leadership skills
- Data-driven decision making
- Operations management
- Business development
- Project management
- Corporate governance
- Change management
Affiliations
- Member of ISACA, IEEE
Accomplishments
- Star of the Year 2016 by Business Integra
Certification
- Aspiring PMP Professional
- Aspiring ISACA IT Audit Fundamentals
Timeline
Senior Consultant/Lead
Deloitte & Touché
01.2022 - Current
Senior Consultant
Business Integra Inc
08.2020 - 01.2022
Consultant
Deloitte & Touché
02.2019 - 08.2020
Security Consultant
Business Integra Inc
07.2016 - 02.2019
Master of Engineering - Cybersecurity
University of Maryland
Bachelor of Technology - Computer Science Engineering
Manav Rachna International University
Similar Profiles
Yolanda R. CruzYolanda R. Cruz
Sr. Business Program Specialist – Hybrid-Operate at Deloitte & TouchéSr. Business Program Specialist – Hybrid-Operate at Deloitte & Touché
Ronald Colwell Jr.Ronald Colwell Jr.
Senior Auditor at Deloitte & TouchéSenior Auditor at Deloitte & Touché
Mulenga MusondaMulenga Musonda
Assistant Audit Manager at Deloitte & TouchéAssistant Audit Manager at Deloitte & Touché
STEPHANIE H. BROOKSSTEPHANIE H. BROOKS
Senior Consultant at Deloitte & TouchéSenior Consultant at Deloitte & Touché
Keiry Martinez-RamosKeiry Martinez-Ramos
Advanced Medical Laboratory Technician at US NavyAdvanced Medical Laboratory Technician at US Navy