ADITYA PONKSHE

Senior Technology Risk Specialist | TraceLink Inc, Pune, India.

Contact : Profile :
: +91-9028424947 Aditya Ponkshe is a Cyber Security Professional with experience of 9+ years in
: adityaponkshe007@gmail.com conducting audits and assurance in Information Security domain. His work
: https://linkedin.com/in/adityaponkshe encompasses conducting audits, assessments, and Cyber Security trainings.
Certifications : Work Experience :
• Prince2 Practitioner
• CISA 1) TraceLink Inc June 2023 – till date
• CDPSE (Senior Technology Risk Specialist)
• ISO 27001 Lead Auditor • Supporting operation, support, and maintenance of TraceLink’s Information
Security Management System (ISMS), certified against ISO 27001 and supporting
• ISO 27701 Lead Auditor
SOC 2 attestation.
• ISO 20000 Lead Auditor • Helping develop plans to adopt and meet requirements of additional assurance
• C|EH v11 programs as needed to support the business.
• CPISI (PCI-DSS Implementor) • Help review and manage security policies, standards, procedures, and guidelines
Skills : to ensure complete coverage with relevant standards, frameworks, and
Project Management – Prince2 (Practitioner) regulations.
Work time optimization for efficient results • Handling controls inventory and alignment with relevant standards, frameworks,
and regulations.
Audits : • Participating in performing internal audits and risk assessments of functions,
processes, and controls to drive development of remediation or mitigation plans
• ITGC – Testing
to improve design and operational effectiveness.
• IT SOX (404) readiness • Liaising with Subject Matter Experts (SMEs) to drive continual improvement and
• SSAE 18 (SOC1, SOC2) attestations obtain required approvals.
• ISO 27001 (ISMS) compliance • Managing security exception process and tracking.
• ISO 27701 (PIMS) compliance • Managing remediation of nonconformities and corrective actions.
• ISO 20000 (SMS) compliance • Supporting and managing the independent certification and attestation audits.
• PCI-DSS • Supporting departments with security-related requirements for internal projects
or external vendors.
Assessments and Assurance : • Performing vendor risk assessments to support due diligence and oversight.
• Coordinating with vendor managers to ensure identified risks are addressed.
• Conducting Risk Assessment
• Supporting responses to customers and prospects for RFIs, RFPs, and
• Assessing GDPR Compliance
questionnaires.
• Assessing Data Privacy • Supporting privacy regulation compliance initiatives.
• Responding to Security Risk
Questionnaire 2) Deloitte Offices of the US (India) June 2022 – June 2023
• Responding Vendor Assessment (Senior Solution Advisor)
Questionnaire In Deloitte, I work on, and help manage engagements of following domains :
• Information Security Awareness Training • IT SOX (404) readiness
• Phishing Campaign Training • Risk Management Lifecycle
Education :
Optimizing work time to complete the task before the due date is my forte. Currently
Bachelors in Engineering – Mechanical working alongside project manager to manage client engagements from initiation to
University of Pune completion.

German Language – A2
3) Cognizant Technology Solutions May 2021 – June 2022
Goethe Institut
(Senior Security Specialist)
Language Proficiency : In Cognizant, I am assigned to a Life Sciences account, of over 900+ associates, as
English – Proficient an individual contributor for the role of Business Information Security
Marathi – Proficient representative. My responsibilities include the following functions :
Hindi – Proficient
Rewards and Recognitions : • Audits : Acting as a liaison between account team and external auditors for
Efforts were recognized for my role of Team ISO 27001, and ISO 27701 standards, and SSAE 18 Attestations (SOC1, SOC2)
lead at CompuCom and as an individual • Assessments : Risk Assessments, Physical Security controls testing.
contributor in Persistent & Cognizant. • Assurance : Risk based monthly project audits.
• Conducting Trainings : Bi-monthly information security awareness trainings
Work Permit – for new joiners to the Life Sciences account, and bi-yearly trainings for the
VISA Sponsorship required for locations current associates in the account, and designing and sharing monthly
outside India awareness mailers to the associated in the account.
• Operations Security : Responsible for processing policy exception requests,
firewall requests, and for conducting endpoint compliance checks for over
900+ endpoints in assigned account.
• Other tasks : Responding to RFP requests and vendor assessment queries.
• Management reporting : Quarterly connecting and sharing metrices and
Cybersecurity health of the account with management.
Taken an initiative to start a brain storming session within my department to
discuss new risks, threats and identifying new pathways as their treatment. Also,
I am responsible for tracking and monitoring exception requests and firewall
requests.

4) CompuCom Inc April 2020 – May 2021

(Senior IT Compliance Auditor)
CompuCom is a subsidiary of Office Depot, USA, with over 10,000+ associates.
Here I was a part of Internal Audit team for whole of the organization. I was acting
as a four-way liaison between external auditors, internal auditors, department
owners, and the organization, in the position of team lead, for audits related to
ISO 27001, ISO 27701, ISO 20000, and SOX – 404. Also acted as a team contributor
for SSAE18 attestations for SOC1 and SOC2.

5) Persistent Systems Limited January 2018 – April 2020

(Lead Information Security Analyst)
A trusted global solutions company, delivering digital business acceleration,
enterprise modernization and next generation product engineering services of
employee strength being 15,000+. Here I was responsible for conducting internal
audits for ISO 27001 for IT, Finance, HR, Legal departments, and for IT projects.
It was also my responsibility in position of team lead, to conduct SOC1 and SOC2
attestations for an account in Persistent.

6) AGC Networks Limited November 2016 – January 2018

(Executive Cyber-i)
Through AGC Networks I was assigned to Vodafone account where in my
responsibilities included, as a contributor to a team, for ISO 27001 audits for all
Vodafone circles in India. Prepared Information Security training decks and
awareness mailers to be send to Vodafone associates. I also reviewed and acted
upon Risk assessments, mitigation activities which were filled by stakeholders.
Proactive monitoring of Risk Management automated activities (reminders mails,
escalation mails, etc.) was also done by me.

7) R. R. Ponkshe & Co December 2014 – November 2016

(IS Audit and Security Audit Executive)
During my tenure at the company, I was working as a team contributor for ISO
27001 Audits, SSAE 18 attestations for SOC1 and SOC2. I was also a part of a
project in IT risk consulting for banks in India. It was also a part of my
responsibility to conduct Cyber Security awareness training sessions for banks.