Summary
Overview
Work History
Education
Skills
Timeline
Generic

Kanika Rajiv

Summary

Ambitious Information Security professional offering 6+ years of hands-on experience handling information security incidents, risk assessments, IT audits, and third party and vulnerability testing. Expertise in both the technical aspects of information security as well as the human aspects of managing individuals and educating users on security practices. Focused on improving the overall security health of businesses and reducing risks from cyber criminals.

Overview

6
6
years of professional experience

Work History

Information Security Engineer and Audit Manager

Haven Technologies
05.2021 - Current
  • Built out Information security governance program and created internal security controls. Implemented streamlined system for bi-annual internal audits by configuring GRC tool LogicGate.
  • Facilitate and run SOC2 audit at all stages, working with third party auditors as well as company teams to create controls, rectify gaps and collect evidence to submit to auditors, and gain exception-free certifications on annual basis.
  • Manage company email security program, originally in Google admin, then implementing DarkTrace security, regularly monitoring and configuring to further improve overall email security health of Haven.
  • Perform weekly PII monitoring and data loss analyses across platforms via Nightfall security, and update filtering to minimize and alert on exposure of sensitive data.
  • Perform third party risk and vulnerability assessments to assess and reduce vendor risk.
  • Collect and report on metrics of overall security health of different systems of Haven on quarterly basis to senior management and develop quarterly KPIs to create and adhere to goals.
  • Develop, implement and document security programs and policies and monitor compliance across departments, including privacy policy, business continuity policy, and disaster recovery policy.
  • Handle Information security on-call duties on quarterly basis, including overseeing and rectifying all security incidents in that time period using PagerDuty to monitor and resolve issues as alerts arise.
  • Monitor Identity and Access Management (IAM) procedures by assigning levels of access, adding and updating roles as necessary, and ensure data security on all levels.
  • Educate company employees through regular 'Lunch and Learns' and companywide presentations on best security practices, phishing and malware, and other cybersecurity concerns.

Information Security Analyst

Indigo Agriculture
06.2019 - 02.2021
  • Monitored and actioned security alerts on networks and systems such as Rapid7, Office 365, and Microsoft Cloud App Security.
  • Facilitated quarterly penetration testing, other vulnerability testing, and worked with Development team to mitigate vulnerabilities.
  • Developed and distributed company-wide best practices and general cybersecurity practices, while executing regular security training and company phish tests.
  • Configured rules, filters and exceptions within MimeCast, as well as consistent remediation of employee email issues and tickets via Jira.
  • Facilitated company-wide SOX Audit testing and worked with different departments to bring company to GDPR compliance.
  • Tested and evaluated various third-party security vendor systems to determine their viability and benefit to Indigo from security standpoint.

Information Security Analyst

Salsify
01.2019 - 06.2019
  • Performed Privacy Impact Assessments and Risk Analysis for new vendors, partners, and customers.
  • Oversaw companywide SOC2 Report and worked directly with third party auditors and company departments to collect evidence prior to audit period and made sure company, company vendors, and company partners were all compliant to GDPR and EU standards for Privacy Shield Recertification.
  • Owned and completed Customer Security Questionnaires via RFP Platform Loopio.
  • Reviewed and Redlined Customer and Vendor Contracts before approval of deal.

IT Audit and Compliance Specialist

Bullhorn
08.2017 - 12.2018
  • Created SOC1 and SOC2 audit documentation with third party auditors to be distributed to clients. Reviewed and remediated SOC2 gaps.
  • Ensured controls were in place for risk management and were properly documented.
  • Used IT and Business process SOC2 documents to respond to customer regulatory audits and review customer contracts to streamline process.
  • Conducted PCI control testing to produce relevant documentation for global PCI certification.
  • Performed beta testing in development environment to identify issues and improve internal processes with Archer GRC platform.

Education

BSBA in Information Systems And Marketing

Suffolk University
Boston, MA
05.2017

Skills

    Risk Assessments

    Third Party Analyses

    IAM

    SOC2

    Privacy analysis

    Data loss procedures

    Incident handling

    Policy creation

    Email security

    Rapid7

    GRC

    Jira

    GDPR

    MYSQL

Timeline

Information Security Engineer and Audit Manager

Haven Technologies
05.2021 - Current

Information Security Analyst

Indigo Agriculture
06.2019 - 02.2021

Information Security Analyst

Salsify
01.2019 - 06.2019

IT Audit and Compliance Specialist

Bullhorn
08.2017 - 12.2018

BSBA in Information Systems And Marketing

Suffolk University

Similar Profiles

  • LIN YUAN

    LIN YUANLIN YUAN

    Tech Lead at Haven TechnologiesTech Lead at Haven Technologies

    View Profile
  • Ryan Bivens

    Ryan BivensRyan Bivens

    Practice Administrative Associate at Yale New Haven Health/ University Of New HavenPractice Administrative Associate at Yale New Haven Health/ University Of New Haven

    View Profile
  • Sam Cobb

    Sam CobbSam Cobb

    Culinary Worker at New Haven Job Corps Center, HavenCulinary Worker at New Haven Job Corps Center, Haven

    View Profile
Kanika Rajiv