Harsh Kharera

• Offer security advice to Shell and suppliers to assist in resolving questions and issues around risk management. • Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program. • Work with the architecture community to review new technology and architecture innovations. • Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services.

• Established company-wide security best practices and protocols to mitigate risk of data breach. • Performed risk analyses to identify appropriate security countermeasures. • Working within the ISO 27000 series framework for information security risk management to deliver the IT security program and operate an Information Security Management System (ISMS). • Managing of services using established industry best practices such as CIS (Center for Internet Security) critical security controls.

• Security risk assessments of infrastructure projects and major changes to existing infrastructure in the APAC/UK region. • Provide risk assessment reports which include findings, risk and recommendations for issues noted during assessment. • Security consultancies to different stakeholders for advice, guide and enhancement of the security posture of the bank.

• Responsible for providing daily client support to Aladdin Clients. • Vulnerability management - ensuring vulnerabilities are identified and addressed for closure in a timely manner. • Security Administration - managing security controls such as antivirus, DLP controls to ensure compliance with IT & IS security standards. • Incident Management - Analyze and investigate IT security incidents to identify its root cause and to assist in resolution & mitigation actions.

• Group policy objects creation and management. • Evaluation and compliance with security measures such as Disaster Recovery and Emergency operating procedures etc. • Worked on user access/identity management. • Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.