Connecting Risk Professionals

IT Advisory Services

2021

500+ www.riskpro.in | info@riskpro.in

Happy Clients 1
Risk Advisory | IT Risk Advisory | GRC Technology | Training | Recruitment
Riskpro’s Overview

Riskpro is an “Indian” Risk

Management and
▪ 10+ years of business
Compliance Consulting
▪ 525+ Clients
Firm Delhi
▪ 7+ Cities
▪ 65+ Team Members
We connect Risk
Professionals to Clients for ▪ 10+ strategic partners

maximum value add ▪ 45+ Cities Associate firm Mumbai Kolkata

representation
Pune
Riskpro has five business Hyderabad

verticals are Risk Advisory, Bengaluru

IT Advisory Trainings, Chennai
Our growth story is continuous.
Technology and
Recruitment

2
Our Service Verticals
Risk Advisory

IT Advisory
Technology
Trainings
Recruitment 3
4
You need to find a balance between RISK and REWARD
and Connect
5
 Personal Data
SSAE 18 (SOC Audits) GDPR
Protection (PDP)

▪ Organizations continue to outsource ▪ GDPR is a sweeping change. Effective ▪ Riskpro has a strong team of
parts of their business to realize potential May 2018, if you are not ready, you will experienced and certified data privacy
cost benefits, to alleviate the need for not be able to do business, if you hold and data protection professionals who
hiring or retaining internal specialists Personal data of any EU citizen and are have thorough industry and technical
and/or to create more flexibility to not GDPR compliant. knowledge and can assist you with:
realize their business strategy. • Highlighting gaps in your framework/
▪ This may be as simple as an email in a policies/ processes and suggest an
▪ Assurance reports play an important role marketing email list. You will not be able effective mitigation plan.
as a management control. In the USA, the to send marketing mailers unless there is • Define/review procedures to ensure
new SSAE 18 standard was introduced in explicit consent or a lawful purpose/ updates in the bill are identified
2016 and implemented in 2017. legitimate business purpose. timely.
• Ensure the controls/ framework
▪ Riskpro has done more than 100+ SSAE ▪ If you are recruiters, you will not be able defined are adequate and in
engagements and we have an inhouse to forward the CVs, download and save accordance with PDP Bill
CPA to perform these attestations. candidate data without their consent. requirements.
• Define and/or implement a bill
compliant data protection governance
framework.
6
 Cyber Security
ISO 27001 SOX Compliance
Advisory

▪ ISO 27001 specifies a management ▪ A company should adopt leading ▪ In 2002, the United States Congress
system that is intended to bring framework to evaluate their passed the Sarbanes-Oxley Act (SOX) to
information security under management preparedness against cyber risks. protect shareholders and the general
control and gives specific requirements. public from accounting errors and
▪ Riskpro helps companies to develop a fraudulent practices in enterprises, and
▪ Riskpro helps to review current practices board approved Cyber Security Policy to improve the accuracy of corporate
against ISO 27001 requirements and and Cyber Crisis Management Policy. disclosures.
establish frameworks to address
▪ We can develop Key Risk Indicators to ▪ An Audit of Internal Control over
Information Security.
track risks and preparedness. Financial Reporting performed in
▪ We carry out a self assessment review of conjunction with an audit of financial
your ISMS implementation against the ▪ We conduct Periodic cyber risk audits.
statements.
requirement and issue a review /
▪ We also provide cyber security services
certification report. ▪ All public companies now must comply
for Urban Cooperative Banks and for
with SOX, both on the financial side and
other BFSI sectors.
on the IT side.

7
 End User Computing Business Continuity/
CMMC
(EUC) Disaster Recovery

▪ Riskpro develops EUC/ IPE Framework ▪ Riskpro helps with, ▪ Cyber Security Maturity Model
and Gap Assessment against best Certification (CMMC) Framework is the
practices relating to EUC/IPE using • project initiation and latest development in IT Security in USA.
Control policy. management.
▪ It provides assurance to the DoD that a
▪ We help with EUC Risk Assessment by • risk evaluation & control. DIB contractor can adequately protect
testing of majors EUCs and preparing CUI. Mandatory for any organization/
▪ We develop continuity strategies and
audit report with results and company who wants to do business with
help in the disaster stages & process
recommendations. DoD.
management by developing and
▪ We develop critical risk reporting implementing The Business Continuity ▪ Riskpro assist companies with expertise
templates for various committees and Plan. and guidance in achieving CMMC.
senior management. Riskpro can support an organization
through implementation to certification
and continuous work with security.

8
 IT General Controls
HIPAA Compliance Data Analytics
(ITGC)

▪ Companies that deal with protected ▪ Data analytics refers to qualitative and ▪ Riskpro assists organizations in
health information (PHI) must have quantitative techniques and processes designing ITGC frameworks and provides
physical, network, and process security used to enhance productivity and operating effectiveness assurance
measures in place and follow them to business gain. through ITGC audits.
ensure HIPAA Compliance.
▪ We have dedicated IT audit
▪ We perform gap assessment and give a ▪ Riskpro offers comprehensive data professionals having experience working
gap report against HIPAA compliance. analytics services to convert historical with a wide variety of industries of all
and real-time, traditional and big data sizes to mitigate ITGC risks within your IT
▪ We help with documentation, fixing into actionable insights for you to take environment.
documentation related gaps. timely corrective actions if necessary.
▪ Our ITGC services are tailored to the
▪ We help with security consulting and ▪ We proactively identify the indicators of organizations risk appetite and
implementation support and provide frauds and trigger automatic resolution. compliance requirements.
HIPAA Compliance Report.

9
 21 CFR Part 11 NIST Compliance Microsoft SSPA

▪ Riskpro helps with the 21 CFR Part 11 ▪ NIST guidance provides the set of ▪ The Supplier Security and Privacy
requirements for Electronic records and standards for recommended security Assurance (SSPA) is an assessment for
Electronic signatures to the companies controls for information systems at Microsoft suppliers/vendors who
related to Life science community and federal agencies. The NIST guidelines process their data on their behalf.
other FDA regulated industries to ensure and recommendations will help federal
adequate maintaining of document ▪ Riskpro provides assistance in consulting
agencies ensure compliance with other
security and authenticity. as well as responding to the DPR
regulations, such as HIPAA, FISMA, or
questionnaire.
SOX.
▪ We can help with the 21 CFR ▪ Riskpro has an inhouse CPA that
compliances like GAP assessment, performs DPR audits incase you are in
▪ We can help with the Gap Assessment
Computer System Validation (CSV), high risk profile and independent audits
against NIST / FISMA Framework,
Auditing services, Healthcare and Life are required.
Consulting/ implementation support
Science Offerings like HIPAA, ISO 27001,
and Report / Compliance Letter issued
SOC etc, Recruitment, Training &
by Riskpro.
awareness.

10
Riskpro Capabilities – Privacy and Cybersecurity
✓ Team of 20+ information security professionals who have deep cyber security and information
security experience.
✓ Two members are DSCI Certified Privacy Lead Assessors (DCPLA©)
✓ Inhouse CPA for SSAE Attestations
✓ Conducted more than 350 SSAE/SOC1 and SOC 2 audits, all of which require assessment of a
company’s security practices.
✓ Riskpro and its team members have executed several Information Security, Data Protection
Assessments.
✓ Adopted AICPA, CSA, NIST and other leading framework to evaluate and assess cyber security
measures.
✓ Our risk management experience helps to identify security loop holes and to help mitigate these.

11
IT Governance Offerings

IS AUDIT
• Operating Systems Audit
• Database Audit
• Networking Audit IT GOVERNANCE
• Firewall Audit • COBIT
• IDS Audit • Val IT
• Web Application, Data Center Audit • Balanced Scorecard
• Internet Banking, Core Banking Audit • IT & Business Maturity Models
• Performance & Forensic Auditing
• Application Systems - Functional review
• Compliance with IS Policies & Procedures
IT ASSURANCE
• Business Continuity Planning
• Computer Crime Investigations
INFORMATION SECURITY • Training in IT
• Penetration Testing • Compliance with IS Policies &
• Application Systems - Security review Procedures
• Review of IS Controls
• ISO 27001 Implémentation
• Formation of IS Security Policy
• Compliance with IS Policies & Procedures

12
IT Service Management Scope – ISO 20000
IT Service Management System Relationship processes
❖ Management responsibility ❖ Business relationship management
❖ Documentation requirements ❖ Supplier management
❖ Service Management System Policy and Plan
Resolution processes
Planning and implementing service management ❖ Incident management
❖ Planning service management ❖ Problem management
❖ Implementing service management and providing services
❖ Monitoring, measuring, and review Monitor processes
❖ Continual improvement ❖ Configuration management
❖ Change management
Planning and implementing new or modified services
Release processes
Service delivery process ❖ Release management
❖ Service level management
❖ Service reports
❖ Service continuity and availability management Competence, awareness, and training
❖ Budgeting and accounting for IT services
❖ Capacity management / Information security management

13
Information and cyber security audit as per IRDAI guidelines and ISO 27001:2012 standards

Asset Management
Access Control
Asset Management
Business Continuity Management
Cloud Security
Communication Security
Compliance
Compliance with legal requirements
Cryptography
Human resource security
Information security in supplier relationships
Information security incident management
Information security policy
Operations security
Organization of information security
Physical Access and Environmental controls

System acquisition, development and maintenance

14
Cyber Security Risk - How Riskpro can help
• Develop board approved •Develop Risk register • Perform independent
Cyber Security Policy and specific to cyber threats Cyber-Risk audit services
Cyber Crisis •Identify gaps in network assessment
Management Policy security and IT access • Support on SOC
• Establish governance to control risks operations.
address cyber risks • VA/PT services AICPA Cyber Security
• Align to Best practices Risk Management
Framework
Continuous
Cyber Security Inventory of
monitoring
Policy Cyber Risks
(SOC)

•Board approved CCMP •Develop Key Risk •2 Days awareness NIST Cyber Security
•Testing of CCMP on an Indicators to track risks and trainings across Institution Risk Management
annual basis preparedness •Online E Learning Framework
•Diagnostic gaps in Crisis •Periodic audit of cyber modules for mass
Management Framework threats and report testing awareness
to Risk Committees •Reasonable training fees
per participant or per day
rates
Cyber Crisis Cyber-security
Cyber security
Management awareness
indicators
Plan Trainings
15
RBI Guidelines on Cyber Security Framework (Download)

Cyber Security Policy Inventory of Cyber Continuous monitoring

• Board approved Cyber Risks (SOC)
Security Policy •Inventory of cyber threats • Setup Security operation
and mitigating controls Centre (SOC)

Cyber Crisis Cyber security indicators Cyber-security

Management Plan •Assess level of risk/ KRI awareness Trainings
•Board approved CCMP •Awareness among staff at all
16 levels
Cyber Risk - 2 Day Training Programme content
& Schedule
Risk & Cyber Risk : Introduction and leading
Day 1
Frameworks Cyber-Risk Management Process
- Emerging cyber risks, trends and challenges - Information maturity, costing, value, Prirotisation.
- IT Policies,-Internal Controls and ERM
- ISO 27000, 1,2,3,4,5,17 & 18 Frameworks
- Cyber Risk Assessments (Identification, Risk
- ISO 31000 Framework
Assessment, Cyber Risk impact / probability)
- COSO 2013 Cyber Risk Principles
- Cyber Risk mitigation perspective
- India 2016 RBI circular on Cyber security
- Risk Appetite, Risk Tolerance and Risk Limits
- Cyber-Security. Security on the cloud. IoT & m2m Security.
- Risk Monitoring ,Reporting and Risk Management

Comprehensive Training on Cyber Treats and related Security

Day 2
Cyber-risk factors Cyber Risk Theory vs Applied Cyber Risk
- Emerging Risks - Implementing Cyber Risk Response Strategy
- Regulatory, Compliance and Political Risks - Cyber Risk in your organisational culture.
- Risk from SCM & CRM. Demand & Supply - Project vs Process cyber risk management
- Reputational Risk - Cyber risks in your industry.
- Risk from growth, scale, M&A & integration - Cyber risks unique to your business.
- Tactical direction & Operational decision making.
17
Vendor Risk Management
✓ Vendor Contracts and Agreements, Business Arrangements
✓ Review of SLA
✓ Sub Contracting arrangements
✓ Right to Audit / Reviews
✓ Non Disclosure and Confidentiality
✓ Review of Information Security of Vendors
✓ Level of Data Sharing with vendors
✓ Access management of IT infra by vendor staff
✓ DLP Policies
✓ Revocation of physical and logical access
✓ Return of assets

18
GDPR, CCPA and other data privacy consulting

✓ Executed over 45 GDPR consulting engagements that includes Gap Assessments,

Contracts, Policies and procedures and data inventory
✓ Executed 4+ CCPA Engagements
✓ Consulted 2 clients on BSI 10012
✓ Other consulting engagements include gap assessment and implementation of
policy framework to comply with requirements of Privacy Shield, CCPA and GLBA
✓ 10+ ISO 27001:2013 implementation/ consulting and preparing companies to be
ready for ISO 27001

19
GDPR - How Riskpro can help
• Review current practices •Develop a roadmap to • You may already be doing
against GDPR smoothly implement a lot more than you think.
requirements GDPR once the gaps are • Mapping of current
• Full data audits known framework with GDPR
• Establish frameworks to •Privacy policy • We will integrate GDPR
address GDPR framework with ISO
• Align to Best practices 27001, Privacy practices,
PCI DSS etc

Integration with
GDPR Maturity GDPR
other
Assessment Transition Plan
Frameworks

•Carry out a self • We can provide data • Riskpro can perform one
assessment review of your protection officers on a time or periodic Privacy
GDPR implementation retainership basis to help Impact assessment as
against the requirement with the implementations required by law
and issue a review / • Recruit a full time DPR if
certification report needed

GDPR Self
Data Protection Privacy Impact
Assessment /
Officers Assessments
Certification
20
Data Protection / GDPR Retainership

Description Commercials
Retainership Model

3 days (Approximately 24 hours) of Senior Management engagement on a quarterly basis to

provide Data Protection advisory on the following points.
• Providing offline advisory support via phone/emails.
• Research on specific scenario or situation as per client need.
TBD
• Review personal data collection or processing activities and providing
recommendations
• Review of core business processes and product design and suggest
recommendations.
• Sharing key developments as the law comes into force

• Updates on Data protection send by email

• One round of 2 hour Privacy Training in office/web based to company staff.

21
Data Protection / GDPR Periodic Audits

Description Frequency Commercials

• Completion (through interview) of Self Assessment Checklist covering the
complete Data Protection Regulation.
• Interview with Business and IT team to determine if new processing of
personal data is carried out. - Refresh of Data Mapping and Data TBD
inventory Initially monthly and
• Communication of privacy notice then Quarterly
• Audit of implementation of retention policy using sample data
• Review of privacy policies and procedures 3-7 days effort
• Review of IT security controls (Firewall, network, DLP, etc)
• Access control high level reviews
• Sharing key developments as the law comes into force
• Review of Data Subject Rights requests received and proper disposal of
the same.
• Review of HR controls
• Third party contracts, DPA and new onboardings.
• One round of 2 hour Privacy Training in office/web based to company
staff.

22
GDPR Project Approach – Baseline Offering

2. Data Mapping 3. Data

1. Gap
& Privacy Protection
Assessment
Assessment Framework
Evaluate the Privacy Data Inventory - Identify Privacy governance and
Culture and control personal data across privacy policy
environment business processes and IT
systems
Security Policies and
Assessment of Data Procedures
Protection Maturity Review of data Inputs,
processing and Outputs
Tag Data Assets Training and awareness
Gap Review against GDPR
regulation and articles
applicable Data Breach Handling and
Client contracts, retention Reporting processes
policy review
Recommendations and
roadmap Privacy risk assessments
and controls
Review of information Use of third party vendors
security framework / Ability and data transfers Reporting and Monitoring
to protect data Controls
23
Riskpro also does SOC Audits – SSAE 18

SOC 1 SOC 2 SOC 3

• Previously • Trust Principles • Trust Principles
called SSAE 16
• Defined list of • Can be shared
• Mainly financial criteria to general
reporting and public and on
operations • Restricted use website
related controls

24
Type of HIPAA Compliances

Extended Compliance Simple Compliance

Exposed to Electronic protected health information Just develop/sell the software that is used by clients
(ePHI). in HIPAA processes then the software & its
Have to implement a lot more process based as well implementation has to have certain technical controls
as technical controls from the security/privacy rules.. to be HIPAA compliant
Riskpro also need to see the physical location since For assessing a software system to be HIPAA
physical safeguards are also involved and hence a compliant, Riskpro can do a checklist approach after
visit is often required. understanding the situation.

25
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

*Any trademarks or logos used throughout this presentation are the property of their respective owners
26
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

*Any trademarks or logos used throughout this presentation are the property of their respective owners
27
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

28
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

29
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

30
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 IT Companies / SSAE Clients
Riskpro Clients

“Performed SSAE 18 /
SOC 1 /SOC 2 audits
for Indian Software
Companies / ITES/BPO
firms etc. Riskpro has
done more than 500+
SSAE 18 audits”

31
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 Corporate / MNCs
Riskpro Clients

“Provided - Risk & IT

Advisory Services like

Legal Compliance
Audits, Internal Audits,
SOPs, IFC, Cybersecurity
Regulatory reviews, Anti
Bribery & FCPA and
many more”

*Any trademarks or logos used throughout this presentation are the property of their respective owners 32
 Banking / Insurance
Riskpro Clients

“Helped banks to

implement Basel II
covering credit risk,
market risk,
Operational Risk, cyber
security and many
more”

*Any trademarks or logos used throughout this presentation are the property of their respective owners 33
 NBFC
Riskpro Clients

“Helped banks to

implement Basel II
covering credit risk,
market risk,
Operational Risk, cyber
security and many
more”

*Any trademarks or logos used throughout this presentation are the property of their respective owners 34
 Banking - International
Riskpro Clients

“Riskpro helps a mid

sized Bank in Abu
Dhabi implement Basel
II covering credit risk,
market risk and
Operational Risk. The
project was carried out
for over a year”

*Any trademarks or logos used throughout this presentation are the property of their respective owners 35
 GDPR Clients
Riskpro Clients

“Served Market

Research, Analytics,
SaaS platform
companies and more
with compliance to
GDPR”

36
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 GDPR Clients
Riskpro Clients

“Served Market

Research, Analytics,
SaaS platform
companies and more
with compliance to
GDPR”

37
*Any trademarks or logos used throughout this presentation are the property of their respective owners
 Software & Training
Riskpro Clients

“Through our partner

firms have implemented

Various GRC softwares in
several Corporates and
Conducted Online and
Classroom trainings in
the field of Governance,
Risk and Compliance for
various Corporates”

38
*Any trademarks or logos used throughout this presentation are the property of their respective owners
New decisions bring new risks and to manage them
better, connect with one of our team members!
39
 Manoj Jain Casper Abraham Laxmikant Gupta Rita Shewakramani

Co Founder and Director Principal EVP – Internal Audit &

Founder and Director Risk Advisory
▪ PGD (Electrical & Electronics & ▪ CA, CMA, CS, FRM,
▪ CA, CPA, MBA-Finance (USA), FRM ▪
Computer Programming) Laxmikant has over 15 years ▪ Chartered Accountant, a Certified
(GARP)
▪ 30 years of experience in Information experience in risk management, Internal Auditor (CIA) and a
▪ Over 10 years international governance, compliance, ethics,
& Communications Technology (ICT) Certified Risk Mgmt Professional
experience – 6 years in Bahrain and 4 control, internal audit.
Solutions for Retail, Garments, (CRMA).
years USA
▪ 18 years exp in risk management
Manufacturing, Services Industries. ▪ His experience has been across ▪ She has around 15 years of post
▪ Has created Companies, Divisions, areas like operational risk, market qualification experience into
consulting and internal audits,
Products, Brands, Teams & Markets. risk, settlement risk in addition to Internal Audits, Risk, Application
Specialization in Operational Risk,
▪ Consulting in Business, Technology, SEBI Compliances, internal Reviews, Operations / Process/
Basel II, Sox and Control design
Marketing & Sales & Strategic compliances, governance norms Internal control reviews, Fraud
▪ Worked for Ernst & Young (Bahrain),
Planning. based on new Companies Act, new Investigations.
Arab Investment Company (Bahrain),
▪ Advisory, Training, Workshops & Insider Trading laws etc.
Navigant Consulting(USA), Kotak ▪ She has worked with consulting
Implementation in Systems Thinking, ▪ He headed risk management /
Mahindra Bank (India) and Credit firms like Baker Tilly Singhi
Systems Modeling & Balanced compliance function for Franklin
Suisse(India) Consultants Pvt Ltd, Price
Scorecard Templeton, Tata TD Waterhouse,
▪ Sox Compliance project for Fannie Waterhouse Coopers, EY, Aneja
▪ Worked with TIFR, Mahindra, Birla Sun Life, ICICI Venture,
Mae, USA ( $900+ Billion Mortgage Associates and Corporates like
Ambience, Communico-Graphique & NCDEX. He also worked with I-Sec,
Company) Reliance (Internet Exchange), GE
Ionidea In A F Ferguson & Co. Capital, CMS Computers etc.

manoj.jain@riskpro.in Casper.abraham@riskpro.in Laxmikant.gupta@riskpro.in rita.s@riskpro.in

98337 67114 98450 61870 98330 00436 98204 85504
40
 Shriram Gokte Vivek Dixit Sucheta V. Upendra Ashok K Agarwal

EVP – Risk Management SVP – Risk Advisory

EVP – IT Risk Advisory SVP – Information Security
and Governance Advisory ▪ CISA, CRISC, ISO27001, ISO/ IEC
▪ BTech MBA (USA)
20000 qualified
▪ 22 years of work experience, 16 of B.Com; DFM. Numerous Work ▪
▪ MCA, CISA, ISO 27001:2013 LA ▪ 25 years of work experience in IT
which were in risk management related and Leadership trainings in Risk Management and Assurance, of
domain, 11 years of global Corporate World. ▪ Information security and data which 3 years of global experience.
experience in USA & UK Experienced, multi faceted, techno
▪ privacy professional with over 20 ▪ Worked in multiple Banks (Punjab
▪ Ex Chief Risk Officer of Birla Sun Life functional corporate professional years of experience in IT sector National Bank- Delhi, AXIS Bank, DCB
Insurance & CMS Info System . with 30 yrs in the industry. Worked Bank – Mumbai and Bank Dhofar –
▪ Managed Risk & Compliance for two in top notch organizations viz. Dell, ▪ Experience in implementation of Muscat) heading Technology Audit.
UK based insurance KPOs Microsoft, IBM, Atos (Origin), systems to comply with ISO 27001, ▪ As principle project assurance lead,
(Paternoster India & JLT India) Ingersoll-Rand, Siemens. Global GDPR, Privacy Shield and GLBA, done project review of Core Banking
▪ Core expertise in ERM, Capital judge for certification of YB and GB conducting ISMS audits, security & Solution upgradation and data
Valuation, Operational Risk, Six Sigma projects in Dell. privacy risk assessments as well as migration adopting big bang
Information Security, BCM, ▪ Associated with PMI significantly. SOC 2 audits. approach.
Governance & Internal Audit Initially Vice President of PMI-Pearl ▪ Core expertise in Cyber and Cloud
▪ CISA, CIA, CMA, FLMI, MBCI City Chapter when it was started. ▪ Worked for leading firms such as TCS Security, Concurrent Audit of Data
qualified. Invited as a Speaker for various PMI and Siemens Technology Services Centre and Privilege User Access
events. review.

Shriram.gokte@riskpro.in Vivek.dixit@riskpro.in sucheta.upendra@riskpro.in ashok.agarwal@riskpro.in

98209 94063 88066 73322 98456 48521 96199 22010
41
 Priti Sikdar Ankit Manglik Kedar Tokekar Sidhartha Sharma

Senior Vice President SVP – Information Security

EVP – Risk Advisory and and Data Privacy VP – IT Risk Advisory
▪ CA, CIA, CFE and CISA
Training ▪ Ankit has over 15 years of risk
management and internal audit ▪ BE, CISM, LA (Trained) - ISO
experience, SOX & SSAE compliance, 27001:2013, ISO 22301:2012, BS ▪ MCM, CISSP, ISO 27001:2013 LA
• FCA, CISA, ISO 27001:2013 LA, CISM, 10012:2009, ISO 14001, EU GDPR
fraud reviews, regulatory compliance ▪ Cybersecurity and Technology
BCCS, CRISC, BS 25999 LA, PRINCE 2 FC Foundation Course, Six Sigma Black
reviews, external professional with over 15 years of
• Information security and Data privacy Belt
▪ He has headed the audit function for experience.
professional with over 25 years of ▪ A qualified Information Security and
a midsize financial services company ▪ He has extensive technology
experience in IT sector Privacy professional with 20 years of
and the captive offshore unit of ANZ experience working on world-leading
• Experience in implementation of rich experience in ISO 27001, SSAE
Bank one of the big 4 Australian cybersecurity solutions along with
systems to comply with ISO 27001, 16 / ISAE 3402 Type I & II, Data
banks. He has also worked in PWC global teams for Email and Content
GDPR, Privacy Shield and GLBA, Protection Compliances, Privacy
for 8 years and Hewlett Packard for security, Identity and Access
conducting ISMS audits, security and shield and GDPR with leading
3 years. Management, NGFW, and Cloud
privacy risk assessments as well as organizations in HRO, BPO, IT and
▪ Ankit has extensive experience with security.
SOC 2 audits Manufacturing industry
internal audit in financial services ▪ Has worked for leading firms such as
• Worked for leading firms such as ▪ Worked for Hexaware Technologies,
and back office operations and has Cisco, Honeywell and Tata
Grant Thornton, KPMG London and WNS, Neeyamo and Mahindra &
setup internal audit functions for Consultancy Services
Sharp & Tannan Mahindra
captive units of four different
companies.

Priti.sikdar@riskpro.in Ankit.manglik@riskpro.in Kedar.tokekar@riskpro.in sidhartha.sharma@riskpro.in

99307 21992 98804 01236 99232 02685 81970 00113

42
 Niveditha Hampiholi Rekha Daga Ashish Kumar Swati Phadke

VP – IT Risk Advisory
AVP - Risk and AVP Risk Advisory AVP – Risk Advisory
Compliance ▪ A Science Graduate from Mumbai
University and a DSCI Certified
▪ Certified Internal Auditor, Certified • B Com (Hons) & C.A- Intermediate
Privacy Professional (DCPP).
▪ MBA (Finance) Fraud Examiner Levels (ICAI). He has 17 years of
▪ Rekha has over 12 years of experience which includes- ▪ She has around 18 years of
experience in advisory engagements Operational Risk, Sarbanes Oxley experience in the domains of Data
▪ She has over 14 years experience in
with global clients in areas of Compliance, Internal Audits & BPO Protection, Demand Generation, &
Risk Management and Internal
Internal Audit, SOX compliance, Operations. He has worked with E-commerce. She has post
Audits (mainly in Banking and
Quality Assurance. She has worked American Express, EXL Services, qualification experience into Data
Financial Sector).
extensively on Financial and Barclays Shared Services HCL Protection Implementation &
operational control evaluation, Technologies, KPMG (Melbourne) & Audits, Data Protection Impact
▪ She also has specialization in
Process mapping, documentation, Grant Thornton Assessment, Operations/Process
operational risk, Sarbanes Oxley and
testing & reporting. She has • He has experience in functions such Reviews, Data Protection Training
Internal Controls.
provided trainings on SOX, IA as- SOX Advisory; Internal Audit and & Awareness.
▪ She has prior experience with methodology, etc ERM; Data Analytics & Business ▪ She has handled multiple roles
Northern Trust, Ocwen Financial ▪ She has prior experience with Process Improvement & and BPO over the years at organizations
Services & ADC Telecommunications MetLife Global IA team, EY Risk operations of Accounts Payable like Arrka Consulting, Ugam
Inc. Advisory & EXL Consulting. process Solutions, Sterlite Foundation, and
Datamatics.

niveditha.hampiholi@riskpro.in rekha.daga@riskpro.in ashish.kumar@riskpro.in swati.phadke@riskpro.in

99001 00827 98103 80057 98111 96783 98192 77440

43
 Ritu Thakkar

Information Security
Consultant
▪ Certified Lead Auditor (ISO LA), CEH,
Six Sigma Green Belt/Black Belt, ITIL
Professional.
▪ She has around 15+ years of post
qualification experience into Internal
Audits, Enterprise Risk Management,
CMMi, SOC 2, ISAE 3402, GDPR, COSO,
NIST, ISMS, ITIL, Six Sigma, CMMi ML3,
QMS, Operations/ Process/ Internal
control reviews Banking & Financial
sector, ISO & System audit, Project
management, threat Intelligence &
compliance management etc.
▪ She has worked with Vakrangee
Limited, Network Solutions – An IBM
Company, CMS Computers, Ministry
of Defence etc.

Ritu.thakkar@riskpro.in
98206 59207
44
Key Contacts
Corporate Mumbai Mumbai Pune
Riskpro India Ventures (P) Limited Manoj Jain Laxmikant Gupta Vivek Dixit
Director Principal EVP- Risk and Governance
info@riskpro.in M- 98337 67114 M- 98330 00436 880 667 3322
www.riskpro.in manoj.jain@riskpro.in laxmikant.gupta@riskpro.in vivek.dixit@riskpro.in

B-44, Glaxo Building, Shriram Gokte Rita Shewakramani Devanshu Mishra

Near Mt. Mary’s Steps EVP - Risk Management EVP - Risk Advisory Manager – IT Risk Advisory
Bandra West, Mumbai 400050 M- 98209 94063 M- 98204 85504 96730 79323
shriram.gokte@riskpro.in rita.s@riskpro.in devanshu.mishra@riskpro.in

Bangalore Bangalore Gurgaon Delhi, NCR

Casper Abraham Niveditha Hampiholi Ashish Kumar Rekha Daga
Director AVP - Risk and Compliance AVP – Risk Advisory AVP Risk Advisory
M- 98450 61870 M- + 91 99001 00827 M- 98111 96783 M- 98103 80057
casper.abraham@riskpro.in E – niveditha.hampiholi@riskpro.in E – ashish.kumar@riskpro.in E – rekha.daga@riskpro.in

Sucheta Upendra Sidhartha Sharma

SVP- Information Security VP - IT Risk Advisory
M- 98456 48521 M- + 91 8197000113
sucheta.upendra@riskpro.in E – sidhartha.sharma@riskpro.in

Chennai Hyderabad Kolkata Let’s Innovate Together

Natarajan Mohan Devanshu Mishra Manoj Jain If you have substantial risk management
SVP – Risk Advisory Manager – IT Risk Advisory Kolkata@riskpro.in experience and want to join a growing
M- 97909 21820 96730 79323 consulting firm, send an email to
natarajan.mohan@riskpro.in devanshu.mishra@riskpro.in partners@riskpro.in and lets join hands and
innovate together.

45
Connect with Risk Professionals
www.riskpro.in
info@riskpro.in 46