Consulting

We support organizations, across their three lines of defence, to help establish a resilient and trusted digital world, as we bring to you, team of professionals, with deep technological expertise, and experience across the entire spectrum of cybersecurity

IT Governance Risk and Compliance

  • IT Risk Assessments
  • Data Privacy
  • Policy Procedures Development
  • Training and Awareness
  • IT Compliance Assessments
  • ISO 27001/ ITILGDPR/ HITRUST
  • HIPAA, COBIT, NIST, CSA/ PCI DSS3.2.1, CCPA
  • Other regulatory frameworks/ laws
  • Integrated Compliance Framework
  • IT Compliance Managed Services
  • IT Governance Reviews

IT Internal Audits

  • IT SOX
  • IT Contractual Review
  • Cloud Security Assessments
  • BOT Assurance
  • IT Strategy Reviews
  • IT Dipstick Reviews
  • BCP Reviews
  • ITGC Process Analytics and Automation
  • Automated ITGC Testing

IT Attestations

  • Service Organization Report Review
  • Project Insight
  • Pursuits and Proposals
  • SOC1/ 2/ 3 Readiness
  • SOC2+ Readiness and Support
  • Agreed Upon Procedures

Financial Audit Supports

  • ITGC , ITAC, Interface Testing
  • Regulatory/Compliance Control Assessment
  • Post Implementation Support
  • SOD Analysis and Reviews

Go beyond The Traditional Offshore model

Factoring the enigma of CyberSecurity….

Last 5 years, the concept of Information Security has evolved and transformed, from being small teams working towards data protection and loss prevention, to now, staying on top of the ever evolving cyber security risks, regulatory requirements, and effect of the emerging technological disruptions, while at the same time, be prepared to handle the worse. Cybersecurity is no longer used to just manage cyber risks, but use it as a source of growth and market edge. The responsibility to protect information is now spread across the three lines of defence. Further, the uncertain situations in very recent times, have forced organizations to enhance and upskill their capabilities and resources, in no time, due to remote working challenges.

Contra- parallel Situations

  • Scattered Geographies
  • Professional Uncertainty
  • Economic Instability
  • Increased support on third parties
  • Everchanging Regulatory
  • Requirements
  • Technological Disruptions
  • Exponential rise in targeted
  • Cyber-attacks
  • Need for a strong market edge

Need for Cybersecurity Teams

  • Continuous upskilling of 3LoD professionals
  • Enhance efficiencies by multiple folds Analyse data patterns and recognize cyber trends
Case Study

IT GRC and Vendor Due Diligence | A growing Technology player in the Cybersecurity space

A growing technology organization, founded by Information Security veterans, who productized vendor security due diligence,that delivers the depth and accuracy necessary to make sound security decisions at the speed of business, was aspiring to build a cost effective offshore center of excellence to add significant value to the structure of the program and support the growing scale and speed of operations.

 

Gaussians partnered with the client to assist in establishing IT Governance, Risk and Compliance processes, driving IT Risk and Compliance program and supporting day to day IT GRC activities , as well as provide third party security risk
management assessment and program support services.

Scope of work and key activities performed

IT Governance Risk and Compliance
Third Party Risk Assessments
  • Establish IT GRC processes
  • Spearhead IT Risk and Compliance program and support day to day IT GRC activities
  • Be the single and centre point of contact for all internal/external IT Compliance
  • Develop Information Security policies and procedures
  • Develop risk/control framework aligned with policies, procedures and best practices
  • Assist in implementation of the above controls
  • Perform control and process validations and perform internal assessments for SOC2 readiness and subsequently SOC2 audit report
  • Report gaps to management and track remediation process
  • Execute third party risk assessments across industry and sectors
  • On-board clients and their vendors on the platform
  • Regular communication with clients and vendors to obtain required supporting documentation and audit reports
  • Classify and validate vendor supporting documentation
  • Follow up on issues/ exceptions/ concerns
  • Perform final technical and quality review
  • Liaison with auditor and engineering teams to enhance intelligence, automation, standardization, efficiency in the tool, as well as perform quality testing and report technical bugs and issues
  • Develop audit procedures for each of the TPRM assessment phases
  • Off –shore India operations management
About us

Gaussian Consulting LLP

Gaussian’s is a team of experienced certified information security experts, who understand the ever changing
complexities in the Technology GRC/ Cyber space and key differences between each framework and what
they mean to your organization. Our goal is to help organizations maintain a secure ecosystem by achieving
compliance quickly and with minimal disruption to their daily business. Our service delivery models are
designed to provide an unparalleled client service experience and our friendly audit team takes a
collaborative approach towards helping our clients maximize the long-term business value of their audit
and compliance activities

Associate Director, Business Consulting

Megha Bakshi

CISA certified, information security professional with more than 13 years of demonstrated history of working in the Financial Services, Telecom, Technology and Healthcare space, across global locations. Carries broad experience on IT assurance and advisory engagements, with rich experiences in building and overseeing IT Compliance function and teams allowing organizations to scale from start-ups to mid –size multi-dollar organizations, outsourcing advisory and audit engagements, client relationship management, third party risk management, IT Audits and assessments (SOX/ SOC1&2, HIPAA, PCI DSS, CSA STAR, NY DFS, COBIT, GDPR, ISO 27001), Data Privacy and Security, System
Implementation reviews.

image
Call to ask any question

+91 9711283991

image
Connect via Email

[email protected]

Professional & Educational Background
  • Associate Director, Business Consulting
  • CISA Certified Professional
  • Total Experience: 12+ years
  • Worked with big four consultancies across the globe
  • Also worked in Fintech Industry in the US
  • B.Tech in Electronics and Communications
  • Based out of Gurgaon, India
Key Skills and Expertise
  • Setting up new IT Compliance processes, considering best practices and standards (COBIT, NIST, PCI, GDPR, CCPA, CSA, NY DFS, ISO 27001)
  • Client Relationship Management
  • Project Management
  • Outsourcing advisory and audit engagements
  • IT SOX (Internal and External Audits)/
  • Financial Audit Supports
  • Third Party Risk Management
  • SOC 1/ 2 Reviews and Readiness
  • ITGC and ITAC testing
  • IT GRC Activities
  • Integrated IT Compliance Framework
  • Data Flow Mapping and Inventory
  • Sales/ Business Development content development
  • Experience in working with clients across industries, with international working experience in United States, and with teams in South Africa, UK, Netherlands
Experienced in:
  • Concrete knowledge of, and experience in preparing organizations for SOX, SOC1, SOC2, NIST, ISO-27001, HIPAA, CSA-Star, GLBA,
    PCI, NYS DFS, and Global Privacy regulations, processes and standards.
  • Highly adept in identifying gaps and collaborating with business units to develop and implement strong, continuous governance
  • Identifying markets and prospective clients, proposal preparations and solution development.
  • Managed teams of diverse and geographically spread individuals to deliver high quality advice, assessments and audits.
  • Managing multiple Sarbanes Oxley attestation engagements and internal audit clients for large, global, and complex SEC filers .
    (including a big bank in United States).
  • Managing IT Audit Support / SOC 2 / IT IA and IT GRC related engagements. Key responsibilities included engagement planning/budgeting, management, client deliverables review and management presentations.
  • Developing Data Privacy Framework.
  • Developing Integrated IT Compliance Controls Framework.
  • Developing InfoSec and IT Compliance program, including ownership of IT controls matrix, development of controls framework aligned with applicable security best practices, regulations and requirements, as well as validation and assistance with remediation.
  • Developing data discovery, data flow and data asset inventories mapping for Fintech clients.
  • Performing vendor due diligence for IT Risk and Compliance areas for multiple vendors.
  • Supervising Information Technology control assessments of complex ERP systems. Also, performed and supervised System. Development Life Cycle (SDLC) assessments for new system implementations.
  • Performing SOC1, SOC2 attestation and readiness procedures for clients in Technology and Financial Services industry sectors.

Let’s talk your business to move forward.

Leverage agile frameworks to provide a robust synopsis for high level overviews iterative approaches.

Megha Bakshi

Associate Director, Gaussian Consulting LLP

image

Email us

[email protected]

image

Call us

+91 9711283991

image

Address

Unit-314, Suncity success tower, sec-65, Gurgaon, Haryana, 122001

Request a call back