Rumpa Mukherjee

ISO Certification:

• Collaborate with the global team to conduct scheduled internal ISO audits as the lead or secondary auditor globally for ISO 20000, ISO 9001, ISO 27001, ISO 14001, and ISO 45001, in accordance with the certification program.
• Provide training to employees on ISO 20000, ISO 9001, ISO 27001, SOC, best practices, and other applicable standards.
• Ensure the implementation of quality management and effective corrective action techniques as necessary, sharing best practices with teams to ensure proper governance.
• Coordinate and participate in external ISO audits, as outlined in the certification program.
• Conduct internal audits for customers on required ISO standards, as needed.
• Lead risk-based compliance assessments across key business areas to identify gaps and action plans to foster continuous improvement.

SOC Certification:

• Serve as the Entity Audit Leader, responsible for coordinating and following up with control owners to review and update the entity control list, ensuring effective audit preparation and compliance.
• Collaborate with the OBS Global Program Manager on overall scope planning, program content, and customer impact.
• Facilitate communication and coordination with various internal stakeholders and external auditors for the ISAE 3402 and SOC 2 audits, as required for the audited scope.
• Work with CSO management and OBS GPM to ensure adequate budgeting and resource allocation.

Consultation and transversal management:

• Focus on governance for key projects, including, but not limited to, ISO 20000, ISO 9001, ISO 27001, ISO 14001, ISO 45001, ISAE 3402, and SOC 2.
• Provide guidance on overall improvement strategies, and appropriate reporting through the project tracking system and management/project reviews.
• Support business leaders in aligning business processes, as necessary.
• Identify improvement projects across various operating units, assess their impact on systems, tools, interfaces, business interlocks, processes, procedures, and working instructions, and define projects that prioritize business objectives while clearly stating their benefits.
• Proactively identify emerging risks through horizon scanning, and provide actionable insights for leadership.
• Analyze the current operational model on a project basis, and assist stakeholders as a subject matter expert (SME) in transitioning to the future operational model, in alignment with ISO and SOC standards.
• Ensure that a project plan is followed and maintained, and manage project execution.
• Work jointly with the Global Quality Team and act as an interface with the Global Process leaders, Local India Management, and operational stakeholders to implement best practices on various projects.
• Ensure communications are actively managed as and when required.

ISO Certification:

• Independently conduct scheduled internal ISO audits as the lead auditor globally for ISO 22K, ISO 14K, and ISO 45K, as per the certification program.
• Coordinate and accompany the external ISO audit, as defined within the certification program.
• Respond and conduct internal customer audits on required ISO standards as needed.
• Contribute to the program reference documentation maintenance.

Risk Management Program

• Develop and deliver training, and communicate global risk policy to embed a culture of compliance, aligned and connected to our Global Risk framework.
• Synthesize complex regulatory topics into actionable, business-friendly narratives for region-wide dissemination, where required, aligning with the legal and compliance team.

Additional Role:

• Work as a GRC point of contact for raising any risks and issues with higher management.
• Regularly reviewing the open issues, as well as the inherited and residual risks.
• Conduct meetings with the Risk Owner and remediation owner for the open issues and risk items biweekly.
• 5. Quarterly, create a risk report for Board meetings.

• Conducting a Risk and Control Self-Assessment program for businesses to ensure controls are embedded into processes.
• Performing gap analysis for risks, mitigation options, and implementation costs.
• Formulating KRIs for functions and tracking the status on a monthly basis.
• Implementing management operational risk tools: Loss Event Data Collection Tool.
• Ensuring the timely closure of the action plan agreed upon for process improvement.
• Highlighting findings, along with recommendations to higher management, to enhance process efficiency.
• Undertaking regular sessions with functions to identify gaps, and performing Root Cause Analysis.
• Developing scorecards and yearly reports for the Head Office.
• Extending support for creating, updating, and maintaining relevant policies and guidelines.
• Plan and execute financial, regulatory, compliance, or operational reviews/audits [PCI DSS, SOX 404].
• I have experience in establishing and managing the internal assessments and compliance function to audit all the functions of the organization.
• Maintain the dashboard and monitor progress on corrective actions to ensure they are concluded within the given timeframe.
• Facilitate risk identification and risk discussions within the business unit, including operational risk, product/project risk, and strategic risk.
• Monitor and assess current projects for compliance risks and requirements.
• Work with the security architecture team and the production support team if any issues are identified.
• Evaluate all business activities relating to compliance, including policies, investments, and partnerships.
• Present audits, data, and procedures to other teams; advise on compliance issues across the company.
• Work with company leadership to review potential future compliance red flags, or risks.
• Collaborate and create strong interpersonal relationships between departments and teams for total compliance monitoring and audits.
• Advise the business line on compliance requirement applicability for new businesses, products, and/or processes, and changes in law or regulation.
• Publish the quarterly business continuity plan as per the criticality, run the approved plan, and publish the report.
• Work with the global legal and procurement team to assess the third-party service providers according to different global standards and controls prior to onboarding the services.
• Single point of contact for the ISO external auditors and PCI QSA, as per the requirements.

• Plan financial, regulatory, compliance, or operational reviews/audits [PCI DSS, ISO 27001].
• Coordinate work with functions for control-related activities, and with others within Internal Audit.
• Conduct PCI DSS risk assessments, and identify controls in place to mitigate identified risks.
• Perform audit procedures to verify that controls are operating through testing and interviewing techniques.
• Analyze and map requirements to conclude on the effectiveness and efficiency of the control environment.
• Identify control gaps and opportunities for improvement.
• Document the results of the audit work in accordance with the audit department.
• Prepare timely audit reports for executive management and the Audit Committee. And the Board of Directors.