SUMMARY:

• Effectively analyze various standards of security operation programs; perform risk assessments to manage implementation of safe environment in the organization for both Organization and client.
• I am an Information Security professional with extensive experience in managing and executing projects in system security, Risk assessment, vulnerability assessment, penetration testing, physical security audits and implementation.
• I have acted as a single point of contact for most of the security projects.
• Experience of more than 8 years in Information Security with strong focus on audits, assessments, budget and people management, Expert in Audit and Enterprise Risk Services.
• Currently managing about 10 professionals worldwide skilled in security Assessment.
• Leading Application security assessments across the globe through industry standards ISO27001, SAS70, etc., also heavily involved in ventures & acquisitions and compliance reporting activities.
• Managing global teams, planning, budgeting and coordinating various types of assessments globally.
• Publish 15 white paper in Confidential for Security assessment, technique and approach.
• Participates in Security Conference line OWASP, Black Hat, DefCon.ect
• Apply excellent professional oral and written communications in order to establish working relationships with client personnel and communicate engagement results
• Apply problem - solving skills and deliver Organization methodology on engagements
• Exercise professional judgment on engagements and provide proactive solutions and recommendations
• Application Security Assessments/ Penetration testing Acquisition/ Client Data Protection/Supplier Security Assessments ISMS audits/ Cloud security reviews Security standards/ Remediation plan consultations Evaluating and recommending reasonable security controls to mitigate identified threats
• Designed and implemented external vulnerability scan process/ Security audit process Monitor and ensure application modification if requirements are not met Provide certification to the approvers/sponsors for application purchase and/or use within Organization Deliver assessments within budget and schedule Provide advice, guidance, and assistance to global customers (SDM, IS, Operating Groups) relative to application security matters, Coordinate other engagement activities, such as status reporting to the client, issue tracking, etc. Evaluate new security technology & trends, providing recommendations to strengthen Organization information security environment. Adhere to the project's processes and standards
• Plan and manage internal audit reviews/projects of business (i.e., financial, operational, compliance, etc.) and/or Information Technology (IT) processes and infrastructure, as well as SOX readiness reviews and testing Includes planning of the audit approach and scope, preparation of an audit program, determination of the auditing procedures to be used, identification of specialists needed, etc.
• Provide recommendations for improved and enhanced controls and business efficiencies to client

IT RELATED COMPETENCY:

• Strict adherence to governing polices, principals and Practices in delivering of all IT services Meticulous evaluation and Management of high complex and technical information to implement necessary security services measures
• Proven effectiveness in interfacing with customer at all levels to gather requirement in order to build and deliver comprehensive solution based on their technical need.
• Keen assessment of Organization and costumer need to identify necessary technical assistance or services need, while focusing on delivering top quality costumer services.
• Dissemination of comprehensive information to stakeholder while talking in coordination the audience and nation of the information Outstanding ability in communication with staff, client colleagues and other stakeholders to ensure proper coordination of work process while ensuring alignment with establishing goals and objective
• Thorough data analysis, including system and network Performance to identify issues, threats and other complexities; as well as to make sound recommendation on necessary action
• Expertise in mitigating potential risk through identification of required changes on IT security based on new technology or threats and execution of measures of ensure IT security awareness/compliance

AREAS OF EXILANCE:

• Risk assessment
• Application security assessment
• ISO27001 LA
• Penetration Testing/Tools
• Vulnerability assessment
• Supplier security assessment
• ISO27001 LI
• Hacking concept
• Process management
• Client data security assessment
• SSAE16, SOX, HIPPA
• Business logic security
• Compliance management
• ISMS security assessment
• OWASP/SANS/CVE
• Root cause analyses
• Security standard management
• Biometrics security assessment
• Hosting site security assessment
• Ventures & Acquisition Security assessments
• Process/Design Review
• Cloud security reviews
• Web Application /Mobile application/ Thick client Penetration

TECHNICAL SKILLS:

Commercial Testing tools: IBM App Scan, HP-QAInspect, HP Web Inspect, Acunetix.

Open source/freeware testing tools: Paros, ZAP, Webscrab, Burp, SSLdigger, SSLscan, Echo Mirage, Mobile hacking tools

Data base Scan Tool: NGSSQuirreL, Imperva’s Scuba.

Code review tools: Hummurapi, Pmd, Findbugs, IBM appscan source code, Checkmarx

Test Management Tools: Quality center 9.2/10. Archer

PROFESSIONAL EXPERIENCE:

Confidential

Standard: ISO27001, SSAE 16, SAS 70 Type 2, OWASP, PCI DSS, HIPPA, COSO, Confidential security standard (Application, Enterprise, Infrastructure security standard and Policy )

Tools: IBM Appscan, HP Web Inspect, Archer, Burp suit, ZAP, Fiddler, SOAP Panda Mobile device Jailbreak, Rooting Tow factor authentication, PKI, End Point Protection, Mobile Device Management, Cloud based application security, salesforce, Microsoft, Active directory federation services authentication

Responsibilities:

• Managing about 10 professionals worldwide skilled in security Assessment. Leading Application security assessments across the globe through industry standards ISO27001, SAS70, etc., also heavily involved in ventures & acquisitions and compliance reporting activities.
• Security Assessments which am expert of Application Security Assessments/ Penetration testing
• Acquisition/ Client Data Protection/Supplier Security Assessments
• ISMS audits/ Cloud security reviews
• Security standards/ Remediation plan consultations
• Evaluating and recommending reasonable security controls to mitigate identified threats
• Designed and implemented external vulnerability scan process
• Evaluate application procurement, development and implementation activities for possible vulnerabilities;
• Monitor and ensure application modification if requirements are not met
• Provide certification to the approvers/sponsors for application purchase and/or use within Organization
• Deliver assessments within budget and schedule
• Provide advice, guidance, and assistance to global customers (SDM, IS, Operating Groups) relative to application security matters, Coordinate other engagement activities, such as status reporting to the client, issue tracking, etc.
• Evaluate new security technology & trends, providing recommendations to strengthen Organization information security environment.
• Adhere to the project's processes and standards
• Plan and manage internal audit reviews/projects of business (i.e., financial, operational, compliance, etc.) and/or Information Technology (IT) processes and infrastructure, as well as SOX readiness reviews and testing Includes planning of the audit approach and scope, preparation of an audit program, determination of the auditing procedures to be used, identification of specialists needed, etc.

Confidential

Platform & Skills: HP Web Inspect, IBM Appscan Enterprise edition, Paros-Proxy, Open source security Tools, Scuba.

Responsibilities:

• Global point of contact for ETS IV&VS Security testing across 400 customers & Geos.
• Sole responsible to implement and improve application security posture of the organization across all offices.
• Incorporated security controls in each phase of SDLC.
• Conduct Design review and security requirements review for the existing and new developed products.
• Performed application security assessment, code review, Data Base scan and Manual penetration testing.
• Information Security awareness through Newsletters, Voice sessions, control recommendations and training programs across the organization.
• Perform Quarterly Vulnerability assessment at application level for internal application (Production, development and staging environment).
• Creation, maintenance and improvement of all information security policies at the organization level. Analyzing security requirement of the organization and recommending security tools, third party vendors, - products to achieve the required security benchmark Involving in final report writing and present to the client.

Confidential

Platform & Skills: Paros. IBM appscan enterprise & standard edition, HP Web inspect & Cenzic HP Fortify, Checkmarks, PMD, Hammurapi - code review.

Responsibilities:

• Automated Penetration testing of Applications, web services, Databases.
• Vulnerability analysis by manually validate the tool findings & explore vulnerabilities unidentified by the tools.
• Understand application Architecture & Design of the application and map for Threat modeling Root cause, Report & Recommendations.
• Individual contributor in the security assessments to execute, Analyze, Eliminate false positives, Root cause, Recommendations and custom Reporting.
• Quality deliverables. Setting up the practice.
• Tool capabilities, A Mentor, Solution building with reusable components for web, mobile & DB for the diamond customers, succor customers at technical and business level Building go market strategy & planning for pre sales & sales team. Proof of concepts, RFP/ RFI’s, kick-offs, estimations, planning, Preparation, Quality, Customer & Vendor management.
• Consulting, Program management, End to end project delivery- entire project life cycle from requirement/ info gathering to delivery