Kruti Vadjikar

• Engaged in writing test documentation for different sets of control
• Performed validation to close audit findings
• Assisted leads with planning audits which involved gathering data, creating presentations and closing planning steps
• Engaged with various stakeholders to coordinate closure of audit findings
• Drafted test steps for testing control operation
• Lead walkthroughs with clients during planning and fieldwork phase of audit

High Value asset Assessment (Aug 2022 – Nov 2022) -MD Anderson (University of Texas)

• Assisted in creation of kick off decks for meetings with SME to provide them with an idea about the engagement and its outcome
• Created various HVA profiles from the data provided in inventory by client to gauge the type of data stored and its sensitivity
• The HVA profiles consisted of various details regarding type of data, data retention period, size of dataset, data owner, custodian as well as how was the data was used
• Assisted in assigning levels of risk score factor for each HVA profile based on data sensitivity and retention period
• A complete inventory of high value assets as recognized by the team was delivered to the client which was to be updated regularly by client team

Strong Customer Authentication Assessment for Behavioral Biometric (May 2022- July 2022) - PayPal

• Coordinated internally with team members for project related activities i.e
• Creating status slide deck, data exchange as well providing any updates from internal team to client
• Engaged with team members to implement the logic behind calculation of False Acceptance Rate for client report
• Assisted team members in identifying the risks of not calculating the correct FAR rate
• Assisted team members with drafting letters to the regulator as a part of final deliverable
• The final letter included details about research, correct and effective methods to calculate FAR and future recommendations

US Compliance Project (Feb 2022 – March 2022) - TikTok

• Drafted test plans for different control families i.e., training and awareness, media protection, personnel security based on NIST 800-53 framework
• Once the test plans were finalized, they were shared with the audit team who would then start collecting evidence
• Assisted in drafting evidence list required for audit based on test procedures
• This list was shared with other internal teams to initiate interviews with stakeholders

Password Expansion Project (Aug 2021-Jan 2022) – Bank of America

• Identified distinct categories of applications which would require configuration changes to expand password policy
• Reached out to users via emails and assisted them with queries for password reset or login
• Initiated one to one meeting with application owners in absence of user pool for validation to understand application issue
• Executed queries in SQL to understand how many legacy systems were supporting old password policy which were currently were in use, as well as how many new systems supported the new password policy
• Created a final executive report for the project describing project details for password policy requirement, initiatives taken to incorporate new password policy for different user groups as well as timeline to incorporate new passwords for legacy system

• Performed quality analysis for remediation tasks to filter out gaps within control testing
• Followed up with the vendor for evidence and closure of findings identified in initial stages of audit
• Coordinated internally with different teams for collection of evidence
• Validated vendor provided evidence along with vendor responses to perform remediation
• Engaged in remediation to close audit findings as highlighted by client for respective vendor

• Analyzed vendor security questionnaires (based on NIST 800-53) for vendor environment deficiencies in control and identified areas which would require more information from the vendor
• Written executive summaries on different vendor cases to outline control deficiencies, highlight Bit sight details and provide outline for overall vendor environment to the client
• Worked as a part of academic group project to revise audit checklist from NIST 800-53 Rev 4 to Rev 5 which involved including new controls and revising or removal of existing controls
• This involved presentation of revised checklist to stakeholders in organization as well as technical documentation regarding comparison of NIST versions

• Conducted periodic internal Information security audits for projects as well as performed risk assessment prior to start of internal project
• Performed BCP (Business Continuity Planning) for internal projects to test for recovery time of critical resources
• Participated in external assessments like SOC, ISO 27001 k and GDPR within the organization and supported in updating current policies and procedures
• Drafted Statement of purpose for various business units in GDPR assessments
• Assisted external auditors with collection of evidence, facility walkthrough, internal meetings as well as sampling of information assets
• Closure of external and internal findings related to security testing as well as for different projects
• Filled RFE for different healthcare clients and provided relevant evidence as needed
• Facilitated information security workshops across different business units within the organization to educate and create awareness amongst employees