? A competent professional with rich experience Overall 15+ years, 11+years of core experience in establishing and handling large entire in end-to-end management of Information Security, Cyber Security Data Privacy, Cloud Security, Governance, Risk Management, Internal Audits, Quality Management, Business Continuity Management, Disaster Recovery, Vulnerability Assessments and Penetration Testing, Investigations and Reporting.
? Information & Cyber Security: Strong functional and technical knowledge around Information & Cyber security domain areas including security architectures, Infrastructure security, Vulnerability Management, Penetration testing, Security Operation Centers, Governance, Risk and Compliance Using the digital next generation auditor capabilities, adoption of agile practices, and data analytics.
? Wealth of expertise entails: ISO 27001(ISMS), ISO 27017, ISO 27018, SOC-2, ISO 22301, ISO 20000-1, ITGC, ITAC, SOX 404, CSA STAR, OWASP 10, NIST RMF, NIST CSF V2.0, NIST SP 800 -53, CIS Critical Security Controls (CIS-Controls).
? Governance: Strong understanding of Governance frameworks, standards, methodologies, and regulations such as ITIL, COBIT5-2019, TOGAF, ensuring and deliver the SOW, Data Governance/Management, Availability Management, Demand Management, Capacity Management, Change Management, Performance management, total quality management, Monitoring and Reporting, Business Risk, Exposures, and Threats that can be addressed using Resources in time.
? Risk Management: In-depth Knowledge on ISO 31000, ISO 27005, COSO- ERM, NIST RMF, Fed RAMP, NIST 800-30, NIST 800-37, - Lead, Manage Designing and implementation of technology risk governance processes and management of Cybersecurity Risks., Develop and maintain Risk Appetite and tolerance controls. Third Party Risk Management (TPRM) / Vendor Management: Evaluate and manage third-party vendors and service providers to ensure compliance with security requirements and standards.
? Compliance & Privacy: Hands on Experience in drafting new and amend existing the data Privacy, data protection policies, guidelines, and procedures, in consultation with key stakeholders for the compliances - GDPR, California CPA, HIPPA-USA, DPDA, Data Protection Officer (DPO),DSCI-DCPP & DSCPLA, conducted training across the enterprise across different business units who are involved in data handling and processing,
? Cloud Computing and Security: Complete understanding of Cloud Security and Cloud Deployment Models (IaaS, PaaS, SaaS) and proficiently carrying out IT Cloud Architecture and Security Control audits, well versed with Cloud Architectures and Security of - Amazon Web Services (AWS), Google Cloud Professional (GCP) and Microsoft Azure.
? Successfully conducted more than 300+ multiple training and awareness sessions on Information Security, Data Privacy, Risk Management, BCMS, COSO, ITILv3 and ITIL4, COBIT5 and SOC2; Published multiple articles, working papers, and research papers on various International and National Publications.
Education
? Master of Computer Applications (M.C.A) Specialization in Cybersecurity from The Global Open University, India.
? Master of Business Administration (M.B.A) Specialization in Data Science (DS) from KL University.
? Bachelor of Commerce (B. Com) from William Carey University, India.
Certifications
? Certified Information Systems Security Professional (CISSP) from ISC2, USA.
? Certified Information Systems Auditor (CISA) from ISACA, USA.
? Certified in Risk and Information Systems Control (CRISC) from ISACA, USA.
? Certified in the Governance of Enterprise IT (CGEIT) from ISACA, USA.
? Certificate of Cloud Security Knowledge (CCSK) from Cloud Security Alliance (CSA).
? Certified Information Privacy Professional (CIPP/E) from IAPP, USA.
? Project Management Professional (PMP) and PMI-ACP from Project Management Institute (PMI), USA.
Technical Certifications
? Microsoft Certified: Cybersecurity Architect Expert
? AWS Certified Solutions Architect – Associate
? AWS Certified Security – Specialty
? Google Cloud Professional Security Engineer (GCPSE)
ISO Audit Certifications
? ISO 27001:2022 ISMS Lead Auditor (LA) from IRCA.
? ISO 42001:2023 Artificial Intelligence Management System (AIMS)-Lead Implementer (LI).
? ISO 27701: 2019 PIMS Lead Implementer (LI & LA) from ISACA.
? ISO 20000-1:2018 ITSM Lead Auditor (LA) from APMG.
? ISO 9001:2015 QMS Lead Auditor (LA) from IRCA.
? ISO 22301:2019 BCMS Lead Auditor (LA) from IRCA.
? CSA STAR Auditor from British Standard Institute (BSI).
Work Experience
Key Responsibilities/Tasks:
? Maintaining enterprise Information Security, Data Privacy, Cloud Security and other policies, technical standards, guidelines, and procedures necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.
? Project and Program Management: Manage programs within scope, quality, time, and cost constraints, and ensure any changes are documented and approved through a change control process. Manage projects across cross-functional teams, build sustainable processes and coordinate release schedules.
? Build strong project team relationships by leading, coaching, and motivating team members, and identifying and resolving blockers or conflicts. Track and report on project milestones and provide status reports to clients, project teams, and other project stakeholders.
? Internal and External Audits: Perform Internal Audits for the ISO 27001, TISAX, ISO 22301, ISO 20000-1, ISO 27701, GDPR for entire organization business units, Support and provide guidance to the regional IT and non-IT teams and branches on global wide in a standardized and systematic manner for external certification audits.
? Business Continuity and DR: Planning, development, program execution, maintenance and testing of Enterprise Business Continuity, Disaster Recovery, and Crisis/Incident Management programs Act as Disaster Recovery and Business Continuity Coordinator, responsible for planning and executing BC & DR Drills, BIA procedures and processes, with several Infrastructure systems on prem, cloud, high availability, component level, Application Failover.
? Conducting IT risk assessments, identify and assess IT risks, evaluate countermeasures, and recommend effective controls to mitigate IT risks., Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance Key Performance Indicators (KPI’s) and Key Risk Indicators (KRI’s) for reporting to second line of defense and risk management committees.
? Risk Assessment: Conduct IT risk assessments, identify and assess IT risks, evaluate countermeasures, and recommend effective controls to mitigate IT risks., Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance Key Risk Indicators for reporting to second line of defense and risk management committees.
? IT Infrastructure: Manage and maintain the company's IT infrastructure, including networks, servers, systems, and software applications. Ensure that IT systems are secure, reliable, and efficient to support business operations with best practices provided by Cybersecurity & Infrastructure Security Agency and CIS. IT Asset Management (HAM&SAM).
? Worked closely with the Data Protection officer (DPO) in conducting DPIA, TPIA, ROPA and drafting Data privacy agreements like DPA, SCC, capability of analyzing Data Privacy issues and drafting privacy clauses and redlining assuring global privacy compliance. Reviewing of RFI / RFPs with special reference to data protection clauses to deliver solutions.
Key Responsibilities/Tasks:
? Maintaining enterprise information security and other policies, technical standards, guidelines, and procedures necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.
? Support the development, review and reporting of key IT risk exposures and metrics (e.g., KRIs, KCIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g., second line of defense).
? Support and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST & SOC 2 Type 2, etc.) and tools, to enable them to manage their IT risks in a standardized and systematic manner.
? Collaboration with all relevant parties including Head Office, regulators, internal/external auditors, and subject matter experts. Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics.
Key Responsibilities/Tasks:
? Own and manage day-to-day Information Security, data security incident responses, data protection agreement consultation, and Internal Audits.
? Identifying key risk areas and prioritizing those risks assigning responsibilities for managing and monitoring risk providing practical solutions for risk mitigation.
? Conducting Due diligence, initial risk assessments for existing and new vendors and coordinate ongoing reviews, help resolve risk exceptions and escalations.
? Conducting risk assessments and Risk Based audits with respect to people, process, and technology. Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures, and standards.
? Develop, implement, and monitor risk-based governance programs to identify, assess and mitigate risks across lines of business and risk domains in multiple risk categories. review moderately complex. business, operational, or technical challenges that require an in-depth evaluation of variable factors
? Perform internal audits and support for external audits on compliances for PCI DSS, RBI Master Directives, IRDA, MITEY, SEBI cyber security frame works. Manage reporting, utilize risk knowledge to issue resolutions for moderate to high-risk companywide projects and initiatives.
Key Responsibilities/Tasks:
? Conduct internal audits and reviews across the different business processes and work back with respective business leaders to close the gaps, documented the results of audit, including internal control weakness and improvement opportunities.
? Establish & execute comprehensive analysis reviews for business continuity plans (BCP) including IT Disaster recovery, create test plans and execution and provide recommendations, where applicable.
? Reviewing the infrastructure & network and data architecture, ensure network security and connectivity Monitor network performance (availability, utilization, throughput, and latency) and test for weaknesses Set up user accounts, permissions, and passwords in network devices.
? Performed Internal Audits and support for External Audits (ISO 9001,27001), Worked with business units to help them in providing evidence and maintaining the policies, narratives, flowcharts, and SOPs. Support management in preparing Audit Plans, Conducting MRM, closure of Audit findings.
? Prepare policies and procedures Conducting proactive research to analyze security weaknesses and recommend appropriate strategies Configure, implement, and troubleshoot routers and switches with various account settings, permissions, and parameters including security firewalls.
Key Responsibilities/Tasks:
? Manage the day-to-day operations of Service desk and NOC team - working across multiple geographical locations providing phone, email, and live chat support in line with the agreed Service Level Agreements, serve as the service-desk liaison to major business-impacting initiatives.
? Collaborate and work with other teams within Information Security, Physical Security, Fraud and IT. Work in coordination with other IT security functions to determine requirements and opportunities for threat detection and policy / prevention recommendations.
? Monitor network performance, troubleshooting network problems and outages, scheduling upgrades. secure network systems by establishing and enforcing policies and defining and monitoring access. Undertake data network fault investigations in local and wide area environments using information from multiple sources. Manage network uptime and maintain SLA within permissible limits
? Support incident response activities, assisting with the artifact collection, triage and remediation processes while documenting lessons learned. Utilize key performance indicators to track analyst workloads as well as the efficiency of detection signatures/rules and associated monitoring technologies.
? Identify gaps and develop strategies for improvement, Responsible for mentoring and coaching of the Service Desk and NOC leads and teams. Understanding of technology domains, including governance and management of IT and information systems.
Key Responsibilities/Tasks:
? Lead a team of 25+ Engineers and 2 team leads in a fast-paced enterprise product support. Handled multiple projects in multiple locations, worked with technical teams, increased the customer satisfaction, and showed tremendous growth in up sale.
? Responsible for designing, Developing, and supporting Various daily, weekly, Monthly & Quarterly with reports Data & PPT presentations for multiple Zone & Regions.
? Installing, administering, and troubleshooting network security solutions. Configuring and supporting security tools, such as firewalls and anti-virus software, Email security. Installing, administering, and troubleshooting Core network LAN, WAN, VPN, Routing, switching.
? Configuring security systems, analyzing security requirements, and recommending improvements. Monitoring network traffic for suspicious behavior.
? Updating software with the latest security patches, Monitor Network bandwidth utilization and optimize for various application and services performance.
Operating Systems: Windows, Unix, Linux, Cent OS, Kali Linux
Databases: MS-SQL-DBA, Azure, DBA
Cloud Computing Amazon Web Services (AWS), Google Cloud Platform (GCP)
IAM & PAM SailPoint, CyberArk
DLP Symantec DLP, McAfee DLP, Microsoft Defender.
Programming Python (Intermediate level).
SIEM Splunk, Azure Sentinel, LogRhythm.
EDR CrowdStrike
Firewalls Palo Alto, Cisco ASA.
Data Visualization Tableau, Power BI
GRC Tools RSA Archer, Service Now GRC.
Project Management Tools JIRA, Microsoft Projects, Trello, Six Sigma, Kanban
Microsoft Office Word, Excel, PowerPoint, Visio, SharePoint, Office 365