SUMMARY:

• Delivering Enterprise level Security for organization across Telecom and banking sector on PCI, ISO 27001, ISO 9001, ISO 22301, SAS, Common Criteria standards and guidelines.
• 11 - Plus Years of Progressively Responsible Experience in IT Security Management & Handling complex IT infrastructure Operations

TECHNICAL SKILLS:

Technology and Tools: IT Leadership * Regulatory Compliance * Staff Leadership & Development Infrastructure Migration Projects Information Security Management * Computer Forensics Investigations * Incident Management Infrastructure & Security Architecture & Integration * Execution & Project Management/Budgets/Cost Controls Industry Compliance (PCI) (SAS)/Strategic Contingency Planning/Risk Assessment (ISO 27005) Business Continuity/Disaster Recovery Planning * ISO 22301 IT infrastructure design (Visio) and implementation Data Classification using TITUS Data Centre Management Backup Systems Acronis, Arc Serve, EMC - Networker Antivirus Programs McAfee Enterprise Suite, Symantec End Point Protection Service Delivery, Incident & Change Management Manage Engine Service Desk Plus & Matrix 42 Open Source Products Issue Tracker, Nagios, Redmine, OTRS, Squid

PROFESSIONAL EXPERIENCE:

Confidential

Chief Information Security Officer

Responsibilities:

• Implementation of ISO 27001 guidelines across Confidential India - production Sites in 2011
• Define High-level plan for achieving information security goals and objectives, including short- and mid-term objectives and performance targets, specific for each goal and objective, to be used throughout the life of this plan to manage progress toward successfully fulfilling the identified objectives
• Performed BIA & Risk assessment practices using corporate methodologies
• Implementation of PCI, NPCI (Master Card, Visa) standards for Banking Business - 2012
• Setup of Cyber Defense team in India to provide IT Security services to entire group worldwide
• Implementation of SAS standards for Telco business.
• IS Monitoring & Measurement Program
• Developing & Conducting Internal Audit program and its implementation and effectiveness measurement.
• Development of Internal and Awareness Program for employees.
• Vulnerability and Penetration testing program for business critical infrastructure (Nessus)
• IT Governance and Management of information and technology assets
• Understanding Stake Holders needs related to enterprise IT and providing them reliable and secure solutions.
• Handling the team of highly qualified professionals and providing them guidance
• Planning and designing High Availability & Disaster Recover strategies for business continuity
• Define and monitor KPIs that has business impact.
• Planning Capex and Operational expenditure for upcoming years
• Provide End User Services to internal staff
• IT Operational cost reduction us

Confidential

Project Manager

Responsibilities:

• GAP Analysis and Integration Planning & Design.
• To connect all sites across the world to central site in France for major services like, Active Directory, Exchange, Share Point.
• Centralize management and administration of network infrastructure (Firewalls, AD Integration.)
• User, Applications Migration and Email system migration along with associated services.
• Site compliance with respect to Corporate Guidelines and ISO framework

Confidential

Project Leader

Responsibilities:

• Standard understanding and GAP analysis
• Definition of Scope and Implementation Budget
• Initial BIA and Risk Assessment along with Mitigation Plan
• Coordination with HR and Other departments for implementation of controls
• Documentation as per ISO 27002 guidelines
• Define internal audit plan and audit guidelines along with procedures
• Design and Implementation of critical processes like, Change Management, Incident Management, Data Classification, and BCP.

Confidential

Pilot (Project Leader)

Responsibilities:

• In light of ISO 27001 Security standards and ISO 27002 best practices, I was in-charge to draft company’s first Global (ISMS) Information Security Management Policy in coordination with members from all across global sites, it required working with Business Owners, legal representatives and operations leaders.
• Determined special Data protection laws in different counties to adequately cover them in ISMS Policy.
• Defined RISK assessment methodology.

Confidential

Pilot (Project Leader)

Responsibilities:

• Defined and implemented ISO 27004 Standards, which provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001.
• Helped in automating KPIs to reduce manual effort and increase efficiency.

Confidential

Technical Project Member

Responsibilities:

• To assist local team in designing and implementing ISO 27001 controls on various topics like:
• Defined various security policies for site like, Change Management, Incident Management, Patch Management & Viral Update policy
• Implemented Service Desk Plus for Change, Incident, Assets, Software, CMDB, SLA, Project, and Problem Management using an integrated automation solution.
• Implementation of Altiris Solution for patch management for Microsoft & other vendors.
• Event log analyzer for SIEM implementation, Log aggregation and correlation.
• Implementation of AD Manager plus for auditing and compliance purposes relation to user activities and events.
• Implementation of OP Manager for Network Monitoring to ensure service uptime availability and alerting.