CPS 234 Controls Uplift

• Set up Rally to simplify the complex structure of the engagement. • Mapped 195+ controls, policies and artefacts to APRA Prudential Standard CPS 234 paragraphs. • Facilitated 10+ client workshops with risk owners and SMEs to understand the IT infrastructure, systems, asset ownership and current controls status.   • Uplifted insufficient controls and control gaps to improve security posture. • Developed five Malware Incident Response Plans (IRPs), improving Incident Response processes. • Designed three security controls as part of the uplift program.   • Reconciled the third-party supplier lists from multiple sources, including the procurement team and the third-party risk assessment team. • Reviewed the risk levels of the third-party suppliers based on service criticalities and information confidentiality levels. • Tracked the compliance plan weekly and raised issues timely.