Sheela Kinhal
Education:
B.A
Environmental Science
University of California, Berkeley
M.S.
Computer Science
San Diego State University
Experience:
- Lead GRC function and establish “2nd line of defense” oversight strategy for Information Security. Oversee and execute all risk, audit, and compliance initiatives on behalf of Information Security (SOX, SOC 1/2, PCI, GLBA, FFIEC, CCPA etc.).
- Lead Third Party Risk function and oversee overall strategy, risk profiling, and due diligence for third parties.
- Lead Model Risk Management function and oversee risk profiling, strategy, and due diligence for applicable statistical models.
- Assess and benchmark IT control design, strength, and effectiveness through security frameworks. Manage policy framework for IT and Information Security. Produce board-level metrics for Information Security.
- Collaborate with executive leadership on strategic and programmatic direction for Information Security. Drive GRC automation through process and tooling.
- Establish qualitative and quantitative (e.g., “FAIR” – Factor Analysis of Information Risk) criteria for evaluating information risk. Oversee policy exception management. Execute risk assessments as needed based on policy exceptions, Information Security risk register, and other business drivers.
- Advise business and IT stakeholders to support informed product decisions that mitigate information risk. Promote a security-aware culture through policy, training, and enforcement across the company.
- Lead security and data privacy due diligence process for third parties, including questionnaires, risk profiles, contract advisory, and ongoing monitoring. Execute customer security and privacy assessments.
2019 : Present
Green Dot Corporation
Senior Director, Information Security GRC, Third Party Risk, & Model Risk
- Established Kinhal Shah, LLC, a premier woman and minority-owned advisory services firm specializing in customized, enterprise solutions for clients’ Cybersecurity, Privacy, and Governance, Risk, and Compliance initiatives.
- Lead business development, client relationship management, subject matter experts, business operations, and logistics.
- Lead successful engagements with several major companies (Leidos, Inc., NuVasive, Inc., FTD Companies, Honda Corporation, and Green Dot Corporation, Inc.) in various sectors (defense, health/medical device, e-commerce, banking, commercial).
- Enable clients to reach strategic goals by providing management support relative to strategy and planning, program management, resources, and capabilities. Specialties include :
- Regulatory Compliance (SOX, PCI, DFAR, GDPR, HIPAA, FDA)
- Technical Program Management (Applications and Infrastructure)
- Governance/Internal Control Framework Development based on industry standards (NIST, CMMI, ISO27001, COBIT)
- Asset Inventory Review, Vulnerability Management, Incident Response, Identity and Access Management, Disaster Recovery, Risk Management and Third-Party Risk Management Strategy, Planning, and Implementation.
- Security Assessments, Pre-Audit Readiness, Audit Support and Remediation.
2016 :
Kinhal Shah, LLC
President
- Function as overall team lead and liaison to Fortune 100 client. Supervise a team of consultants and provide daily guidance.
- Perform new business development and provide oversight for new clients.
- Perform product security reviews (especially for cloud-based services) from a Cybersecurity/PCI/HIPAA perspective and provide recommendations.
- Provide contract advisory services from a Cybersecurity, PCI, and HIPAA perspective and provide recommendations.
- Provide guidance on industry best practices relative to GRC (Governance, Risk, and Compliance Initiatives.
- Provide program management support to Cybersecurity management for Fortune 100 client. Create solutions as needed to resolve issues.
- Perform Cybersecurity and risk assessments as needed for various applications, infrastructure services, internal and external contact centers, and third party vendors in support of PCI and HIPAA compliance initiatives for a Fortune 100 client.
- Identify gaps and manage remediation efforts.
2013 : 2016
RiSK Opportunities Inc.
Senior Manager
- Owner/principal for consultancy with expertise in business applications, infrastructure, and security governance, risk, and compliance
- Consultant to premier Manufacturing Company based in San Marcos, CA (February 2012-March 2013)
- Primary customer liaison to Human Resources team.
- Identified gaps and defined technical solutions to support Human Resources business initiatives including core HR services, Disaster Recovery, Benefits and Compensation, Payroll, Health and Safety.
- Built in-house SharePoint-based Absence Management tool
- Built in-house MS Office based organization chart tool
- Configured and maintained employee master data in Emergency Notification tool
- Built several reports for HR analytics
- Provided integration support with various 3rd party vendors
- Provided senior project management, analysis, and compliance related advisory services for Human Resources and Information Systems teams.
- Established Kerani Performing Arts
2011 : 2015
Independent Consultant
Principal Owner
- Successfully managed large-scale application deployments on several platforms including SAP CRM, Costpoint, Common Data Environment/Data Warehouse, Integrated Services Platform, Informatica, and PeopleSoft-XML Publisher.
- Served as primary customer liaison to Corporate Financial Services and Human Resources. Acted as steering committee chair.
- Managed 10-20 matrixed, cross-functional, team members.
- Managed technical analysis, requirements, design, development, test, and deployment phases in accordance with SAIC's PMRB (Portfolio Management Review Board) and SDLC (Software Development Lifecycle) methodologies. Facilitated end user surveys (1000+ end users) and workshops as part of analysis and requirements gathering. Successfully leveraged offshore IT team based in India, thus reducing effective costs.
- Established post-deployment processes and procedures related to operations and maintenance.
2007 : 2010
SAIC
Senior Program Manager
Company: Green Dot Corporation
Years of Experience: 24
Spoken Language: English, Kannada, Spanish
Information Security capability development includes: Policy Development, Security Awareness Training, Enterprise and Third Party Risk Management, Vulnerability Management, Asset Inventory Management, Identity and Access Management, Incident Response, Disaster Recovery, and Product Security. Also well-versed in Program Management for large-scale initiatives.
Certified Information Systems Security Professional (CISSP), Certified PMP (Project Management Professional), CISM (Certified Information Security Manager), CDPSE (Certified Data Privacy Solutions Engineer), and CISA (Certified Information Security Auditor).
For additional details on advisory/consulting services please visit: www.kinhalshah.com