Tejas Bhagat, CISM, CISA, MBA
Details
- Assess, and prioritize potential information security risks and develop strategies to mitigate them.
- Effectively communicate information security risks and policies to business and security executives, and other stakeholders in the organization
- Understand cloud's business objectives and operations, and align information security policies and procedures with these goals.
- Analyze data and identify threat patterns & trends that may indicate potential security threats or weaknesses
- Effectively respond to security incidents, and develop and implement solutions to prevent future incidents
- Think strategically about information security risks and threats, and develop long-range plans to mitigate these risks
2021 : Present
Salesforce
Business Information Security Officer
• Leading teams across complex business transformation projects for diverse clients, designing and implementing information security and risk management programs to ensure privacy and integrity.
• Developing strategy and implementing cyber security programs including vulnerability assessment and penetration testing to ensure clients have robust information security infrastructure to adapt to ever changing cyber threat landscape.
• Designing cloud computing security architecture for public and private cloud environments that were scalable without impacting business operations or speed of delivery while addressing security and regulatory concerns.
• Delivered 5 business transformation projects for clients across diverse industries, 2 clients within Fortune 100, engineering business processes that were faster, efficient, secure and compliant.
2019 : 2021
Deloitte
Senior Manager in Cyber Security & Risk Services
• Served as technical program manager with primary focus on project planning, staffing, analyzing budget vs. actuals, tracking key milestones as well as communicating status and issues to ensure successful delivery of projects.
• Implemented Identity and Access Management (IAM) programs incorporating best practices while adhering to industry regulations to manage user access, securing critical and sensitive organization, customers and vendors data from internal and external threats.
• Assisted clients in developing security policies and procedures to establish enterprise wide best practices and security awareness programs that reduced information security risk.
• Designed internal controls framework for key business applications helping clients assess and address financial and operational risks.
• Automated compliance programs for customers using SAP GRC tool by developing analytical model and adopting exception based monitoring reducing compliance cost by 30%.
• Developed and facilitated application security and GRC training programs for Deloitte practitioners and clients to ensure they have right functional and technical expertise to support programs on day-to-day basis.
2014 : 2019
Deloitte
Manager in Cyber Security & Risk Services
• Designed, built and tested Role Based Access Control (RBAC) security model for business applications to ensure user access was defined and restricted by job responsibilities.
• Implemented SAP GRC tool to automate user access management processes for information systems, improving efficiency, decreasing manual efforts, and reducing cost to organization 15%.
• Developed audit procedures and led testing of internal controls to identify potential gaps and worked with stakeholders to address gaps and ensure regulatory compliance.
• Served in the capacity of external auditor responsible for developing audit procedures, executing test plans and reporting findings.
2010 : 2014
Deloitte
Senior Consultant - Cyber Risk Services
• Performed risk assessments to categorize financial and operations risk and help clients design mitigating strategies.
• Developed and implemented risk and controls frameworks for enterprise applications to address financial, operational and regulatory risks and reduced internal cost of compliance by 10% through streamlined processes and automation.
• Performed pre, as well as, post enterprise resource planning (ERP) software implementation assessment ensuring business and technical requirements were addressed.
• Developed audit procedures to test internal controls and identify gaps associated with regulatory requirements.
2008 : 2009
Ernst & Young
Technology & Security Risk Services - Senior
About
Strategic and innovative leader leveraging 10 years of expertise in technical program management, leading global teams and collaborating with business leaders to design and implement enterprise wide information security, governance, risk and compliance programs.
BUSINESS GROWTH & LEADERSHIP HIGHLIGHTS
➤ Consistent Superior Quality – Achieved 99% successful delivery of 5 business transformation
programs implementing application security framework and Governance Risk and Compliance (GRC) tool on budget and on time through transparency and clarity of end objectives.
➤ Excellence Through Innovation – Established center of excellent for SAP GRC tool and developed 10 tools and accelerators delivering client centric solution through customer engagement, collaboration, innovation, continuous improvement and training.
➤ Strategic Collaboration – Developed trusted relationships with key stakeholders and staff across the organization to secure new clients and retain existing clients while driving focus on strategic initiatives and optimizing project delivery.
TECHNICAL SKILLS
SAP ERP | SAP GRC | RPA | SOX | COBIT | HIPAA | PII | NIST | ISO | PCI
CONTACT
email: tejasbhagatcism@gmail.com
Profile Photo
