SUMMARY:

• 13+ years of successive experience in IT Industry with strong experience in Information Security, Risk Management & Vulnerability Assessment ,Compliance Auditing, Data Privacy, Business continuity , Network & System Administration.
• Expertise in Implementation and Audit ISO 27001, ISO20K,COBIT, ITIL, BS 25999, HIPAA ,PCIDSS & SAS 70 Security Standards and industry standard domains of information security.
• Proven Data Networking architecture and design experience with a special focus on Data Centers and Network Security
• Conduct compliance review of Network / Security devices, Windows & Linux servers and Data Centers
• Perform Risk Assessment / Gap Analysis and recommend corrective and preventive actions.
• Experience ISO and ITIL Processes (Incident, Problem, Change, Capacity, Configuration and Release Management).
• Implementation of patch management initiated Vulnerability Scans, IT Risk Assessment and Firewall/Server/Network devices baseline reviews.
• Knowledge of Information Security technology / testing methodologies
• Strong Understanding ofThreat and Vulnerability Management at enterprise level and familiarity with common information securityvulnerabilitytesting methods
• Experience in the implementation of Archer Technologies security GRC Software and security tools
• Manage all aspects of IT projects through the entire project life cycle – deliverables, quality, etc.
• Work with the other business units to examine and test the security posture of the IT systems
• Conduct Business Impact Analysis & Risk Analysis, Business Continuity Drill and IT Contingency Plan testing
• Expertise in Implementation of Security Needs: Audits, planning, design, implementation, testing, and management
• Overall knowledge of Enterprise architecture design to enable audits and building audit templates.
• Knowledge of Information Security technology / methodologies particularly including web server security /VPN / Encryption/ active directory / firewalls / networks / encryption / PKI / TCP/IP / Linux/ UNIX / Windows
• Manage security infrastructure projects & drive to completion
• Manage Project schedule, scope control, change management and performance
• Experience in designing and implementing security solutions to meet business needs.
• Strong experience in various phases of IT Operations & good understanding ofinfrastructure requirements and technologies
• Manage dependencies & activities with other business units and ability to run multiple projects simultaneously
• Driving information security awareness to ensure employees are aware of their responsibilities toward information security
• Strong knowledge of Security Fundamentals, Network protocols, Topology\\\'s and Traffic Analysis
• Strong understanding of all current technologies and good understanding of emerging technologies

EDUCATION:

• PG Diploma in Cyber Laws & Intellectual Property Rights
• B.TECH Electronics & Communication Engineering

CERTIFICATIONS AND TRAININGS

• Certified Ethical Hacking and Countermeasures (CEHv6)
• COMPTIA Security+ Certification
• ISMS ( ISO 27001:2005 ) Certified Lead Auditor
• BSI - ISO 27001-Internal Auditor
• COBIT Foundation Exam v4.1 Certified
• BS 25999 IRCA Certified Lead Auditor
• ITIL V3 Foundation Certification
• Cisco Certified Network Professional CCNP
• Microsoft certified Systems Engineer (MCSE)
• Corporate Training on CISSP & “COBIT” Framework and Implementation Training

TOOLS KNOWLEDGE:

• Antivirus Management: Symantec, TrendMicro, McAfee, Fore Front
• Vulnerability Management: ISS Internet Scanner , NMAP - Network Mapper , eEye Retina, Tenable Nessus- SecurityCenter Vulnerability Assessment Scanner
• Host Intrusion Detection Systems: Desktop Proventia
• Security Information and Event Management (SIEM) : ArcSight ESM
• GRC: RSA Archer

EXPERIENCE:

Confidential, Sep 2011 – Till Date
Security consultant
Minneapolis, MN

Responsibilities:

• Design and develop security patterns that help mitigate security risks within IT and ensure effective development of IT Solutions
• Driving security & compliance audits and assessments. Implement sustainable security compliance program, which includes regulatory requirements and conducts assessments to identify non-compliance.
• Create and manage requirements specifications, test plans, and transition
• Assist in security related audits, risk assessments and access reviews by working with peers and security specialists
• Driving the development of security specifications, standards, and processes to ensure adequate protection of the corporate network
• Prepare system & network security reports by collecting, analyzing, summarizing data and trends.
• Plan security systems by evaluating network and security technologies
• Work closely with Security Technical Leads & other teams in the enterprise to guide decisions on solutions and best practices.
• Review network deployments , security architecture, requirements, and exceptions
• Implementation of enterprise vulnerabilitymanagementsystem and perform threat & vulnerability management processes.
• Risk evaluation and mitigation strategies,enforcement of defined vulnerability management processes
• Implementation of Securityvulnerabilitymanagementmethodologies, remediation planning and prioritization.
• Integration & Implementation of security technologies
• Work with security subject matter experts to understand and document vulnerabilities discovered or reported internally and manage a database of vulnerabilities that need to be addressed keeping abreast of latest security issues.
• Experience with automated computer vulnerability scanning tools such as eEye Retina, Tenable Nessus- Security Center Vulnerability Assessment Scanners
• Integrate Archer GRC solution framework into business processes
• Capture business requirements and translate into enhancements to Archer eGRC
• Experience with Archer suite of compliance tools ,configure Archer for content data feeds
• Document new and update current program procedures providing guidance of process reviews and enhancements
• Improve the organization\\\'s security awareness and understanding of business impact

Confidential, August 2007 – Aug 2011
Sr.Security Analyst
Atlanta, Georgia

Responsibilities:

• Implementation & maintenance as per BS25999, ISO27001, ISO 20K, SAS70 , HIPAA , PCIDSS standards
• Implement and maintain Security policies, standards, procedures, guidelines and automated processes to enforce, measure, track, and report security compliance status and metrics, as required by applicable compliance standards and corporate requirements
• Performed series of internal reviews & audits to ensure security compliance in accordance with SAS 70, SSAE 16, ISO 27001 ,ISO20K ,BS25999 , Operational & Security standards
• Implementing & Managing ISO Standards and ITIL Processes (Incident, Problem, Change, Capacity, Configuration, Service Continuity & Availability and Release Management).
• Drive security assessments ( includes enterprise infrastructure , third party vendor product /services ) and provide recommendations accordingly
• Gather and document the customers technical, functional and business requirements
• Handling the Security operational processes for compliance checking and validation
• Work with the operation team on resolution of the security incident, RCA & Documenting
• Ensure effectiveness of security controls of IT Infrastructure, assessing the risks performing risk assessments and developing security plans to minimize potential threats.
• Network Security architecture Implementation: includes compliance review of Network firewalls (Netscreen , ASA & PIX), IDS, Routers, Switches rules review & Data Centers assessment
• Conduct site security reviews periodically which includes Wireless & Modem Scan (War Dialing),
• Site Assessment includes ( Servers system security , Security devices , Network Architecture & security , workstation security , Human behavior and physical security ) , Process Overview and Firewall Rules Assessment , generate Plan of Actions and Milestone , track closure , consolidate the status of Conformance/Non Conformance and update the management.
• Experience with automated computer vulnerability scanning tools such as eEye Retina Network security scanner , NMAP - Network Mapper , Nessus vulnerability scanner ,Attack recognition and response systems such as Snort and Ethereal
• Lead all aspects of internal /vendor system implementation projects, in close collaboration with various business units, IT groups, Security Architecture, Security Operations, and other departments.
• Exceptions are analyzed according to the business justification and are handled in a controlled way through appropriate approval.
• Create and maintain detailed project plans, schedules, and other key documents that keep the project on track for successful execution and on-time delivery.
• Perform Risk Assessment and Gap Analysis and recommend corrective and preventive actions
• Ensure effective security controls, assessing the risks and developing plans to minimize potential threats.
• Participate in automation and roll out of tools for the security processes and Risk forum meetings
• Perform Risk Assessment on the needs of infrastructure, Assess the overall risk level and identifying and recommending appropriate controls to manage the risk.
• Conducting security awareness sessions related to Information security management, policies & key security concerns
• Internal Reviews & audits are conducted to ensure compliance with the Certification standards
• Technical documentation , reporting to ensure records are up to date in accordance with the certifications, to comply with the certification standard
• Understanding & Implementation of Business Continuity and Disaster Recovery testing methodologies. Maintenance of business continuity requirements
• Document client compliance requirements through contract compliance framework and conducting periodic audits & Table Top tests to assess the current stage of implemented controls
• Creating & Testing of Project and function specific Business Continuity Plans (BCP).
• Business Impact Analysis , Risk Analysis , Incident Response Plans and testing IT Contingency Plans.
• Conduct and participate BC Drill ( includes the Call tree Table top test , Stress test and MCD Exercise/s )
• Conducting periodic Security Awareness program on security plan, policies and procedures and assist in maintenance of user security awareness.
• Newsletters on security topics are mailed across the organization periodically to enhance user awareness on security policies and best practices.

Confidential, August 2005 – July 2007
Senior Software Engineer (Security & Network)
Linden Utah

Responsibilities:

• Implementation of security policies , procedures and processes
• Coordination of Security / vulnerability assessments & in conducting enterprise risk assessment
• Assist in coordination of third-party annual vulnerability tests, ISO 27001 ,SAS 70 audit and IT security assessment
• Managing the Network team in Configuring, Troubleshooting, and Maintenance of the Network Infrastructure
• Execute security / vulnerability assessments and conducting enterprise risk assessment
• Implementing & Managing the Release, Incident, Change and Patch Management Processes.
• Define , implementation and Coordinate with IT groups , Security Operations, and other departments in streamlining baseline standards for the Network & Server devices
• Perform system acceptance tests as per the baselines
• Frequent Drills are conducted to check the Security Plan devised such as the Port Security Testing, Compliance of Operating System of Server & Workstations and Network devices towards the baselines, Datacenter security stds , Media safe , Privilege Access , Patch Mgt , Security Incident , System Acceptance , Media handling & disposal , Network / Server Inventory and Rack & Key management register.
• Facilitate change management to receive RFCs ,ensure that they are properly recorded , assist the Change Management Lead in CAB meetings and to perform all the administrative activities
• Log Analysis is done for security violations in Domain Controller and network devices
• Creating reports for Management Information Security Forum , reporting control effectiveness
• Planning, Coordination & implementation of Network Migration Activities
• Administrating a network comprising activities on various networking brand of products like Cisco, Nortel, Hp, 3 COM, Sonic wall, FortiGate, Netgear, Linksys ,Windows Servers, and Lotus Domino email clients
• Maintain and Administer Firewalls, responsibilities include Planning, Implementation and Administration of Firewalls, Routers, Switch Stack, Wireless Access Points.
• Installing, Configuration, Troubleshooting and implementing Firewall as per network design.
• Configuring site-site, client to site VPN , NAT . Back up & up gradation of the hardware

Confidential, February 2003 - August 2005
Senior Engineer Projects, India

Responsibilities: Network Security & Administration

• Administrating a network comprising of Routing activities on CISCO, 3COM & Nortel Routers and Switches, Windows 2000 Server, DHCP Servers, Lotus Domino
• Responsible for Installation and configuration and maintenance of CISCO (3745, 3631, 2600, 175 1) , 3 COM , Nortel Routers ( Access Stack Node , ARN and Contivity 100 ) and CISCO & Nortel Switches ( Bay stack 420 and Passport 1424 ) for Internet and Intranet connections using E1 link and ISDN line
• Responsible for Installation and Commissioning of CPE and Activities Including the System Integration and Network Migration
• Integration of WAN with Costumers LAN and End-to-End Connectivity Testing.
• Installation, Configuration, administration of DHCP Server & File Server on Red hat Linux 7.x
• Vendor Management, Technical documentation and Reporting

Confidential, May 1999 - January 2003
Senior Network Engineer, India

Responsibilities: Network Security & Administration (Firewall Administration & Support)

• Managing a team of technical assistants to plan and implement the projects.
• Providing support in planning, Implementation, configuring and troubleshooting of the Network elements and the Network Infrastructure.
• Provide support in installation, Trouble shooting and Configuration of range of L2 & L3 Hp Switches & Sonic Wall Firewall Model
• Coordination and Escalation of the Network Issues to the L3 Support
• Up gradation of IOS for Switches and Firewalls .Configuration & Maintenance of Wireless Access Points
• Provide support in installation, Trouble shooting and Configuration of range of Sonic Wall Firewall Model
• Coordination and Escalation of the Network Issues to the L3 Support
• Involved in product demonstration and presales activities and technical Documentation

Confidential, February 1998 – May 1999
Systems Administrator, India

Responsibilities: Network Security & Administration (Firewall Administration & Support)

• Administrating a Corporate network comprising of Windows NT Domain and Windows 95 work groups.
• Configuration and administration of Remote Access Servers on Windows NT, and maintaining security.
• Administration of Microsoft post office mail server with clients such as Microsoft mail, MS outlook, Outlook express.
• Scheduling and performing regular Backups for data Redundancy.
• Installation and maintenance of networking applications. Responsible for network management, backups and data recovery.
• Installation, configuration and maintenance of Windows NT Server with DHCP, Exchange server 5.5 and managing Domain user accounts
• Installation, Configuration of CISCO 1751 Router, Cisco Switches 2500 /1900 & Nortel Contivity 100 Router & ARN Router and Tyco Switches
• Installation of IBM, COMPAQ, HP, HCL, PCS Computers.
• Handling the Network Structured cabling.