PROFESSIONAL SUMMARY:

• Over 14 years of IT experience with proven track record covering Information Security Program Development & Management, Audit programs, Infrastructure & application security assurance, PCI DSS & ISO 27001 implementation, Penetration testing, Confidential and IT Governance.
• Excel at designing enterprise - wide networking and security solutions that substantially enhance performance with minimal investment.
• Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, OWASP ZAP proxy, NMAP, Nessus, HP Fortify, Confidential App Scan enterprise, Kali Linux, Metasploit.
• Highly skilled in implementation and management security programs - Threat and vulnerability management, RED Team, Third party risk management.
• Strong understanding about control objectives and PCI DSS Compliance requirements.
• Experience in Threat Modelling, Secure SDLC and application Security assurance.
• Experience with Security Risk Management & Governance.
• Experience with TCP/IP, Firewalls, Network and Infrastructure security.

KEY SKILLS:

• Enterprise security management programs
• Standards & Compliance Audits
• PCI DSS compliance assessment and Implementation
• Risk management program
• Confidential
• Infrastructure Security Assessment
• Vulnerability Management programs
• Application security assurance programs
• IS Awareness and Training

TECHNICAL SKILLS:

ISO27001, PCI: DSS, ISAE3402, ITIL

Security Audit: Infrastructure, Compliance, Client/Domain specific, Internal controls, Certification & Process oriented audits

Confidential Tools: Penetration Testing Backtrack, Metasploit, SAINT exploit, Core Impact, AppScan, WebInspect, Acunetix, Tripwire, Brub suite Vulnerability Assessment

SAINT, Nessus, GFI Lan: guard, Nexpose, Qualys, IP 360

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Performed gap analysis and developed information security policies and procedures.
• Introduced, Implemented & continuously monitored the key security controls.
• Identified & tracked the organization’s Key Risk indicators & key performance indicators.
• Conducted Security audits for various business processes & technologies and key risks had been identified and showcased to senior management. I placed the right strategy according to industry standards & benchmarks which resulted in rigid governance approach & process improvements.
• Led the organizations towards their goals in achieving audit certifications.

Confidential

Responsibilities:

• Defined the Policies and created Enterprise security baselines.
• Implemented vulnerability assessment scanning setup using all the industry recognized scanners.
• Implemented patch management and remediation programs.
• Implemented test labs, CoE environment & monitoring setups.

Confidential

Responsibilities:

• Application Penetration Testing
• Infrastructure/Network Penetration Testing
• Security Configuration Reviews
• Performed Gap assessment against PCI DSS control requirements and prepared a detailed report for technical and management teams.
• Prepared and published the remediation action plans along with solutions & appropriate products.
• Implementation of Confidential .
• Preparation of SAQ and all supporting documents adhering information security policy. Security processes documents had been reviewed & released.
• Review of access control and implemented security incident management process.
• Continuous monitoring of remediation project and ensure all the action plans implemented precisely aligning with project plan.
• Successfully achieved the PCI DSS compliance by QSA audit and control implementation which was well appreciated by QSA.
• Govern the PCI DSS zones and ensured 100% compliance continuously.
• Led the certification/re-certification programs and successfully obtained the PCI DSS certification.

Confidential

Responsibilities:

• Performed Confidential for more than 5000 IT assets which includes servers, Network devices & Security products and guided them to harden.
• Prepared industry competitive Confidential methodologies, approach, baselines, T2 & T3 policies and standard operating procedures.
• Successfully rolled out risk management program for leading BPO and software development company and the activities includes conducting Risk assessments, maintained risk registers, preparation & monitoring the remediation action plans.
• Developed enterprise wide security management programs and successfully implemented processes & technologies based on ISO27001 for leading software Development Company.
• I have also executed the various security program implementation projects for more than 40 customers which include banking, production, BPO & software development industries.
• ISMS implementations.
• Security products implementations and management.
• Vulnerability management programs.
• Security assurance programs.
• Internal audit programs and Compliance & Certification programs - ISO27001, ISAE3402& PCI- DSS.
• Vendor assessment programs.
• Risk management programs.

Business information security officer

Confidential

Responsibilities:

• Redefined the existing program and created brand new unified security assessment frame work.
• Created standard operating procedures and socialized the program with respective stakeholders.
• Conducted Entity Security assessment (EAS) to validate vendor‘s Infrastructure security and Software Security assessment (SSA) to validate vendor’s application security. Conducted more than 500 vendor Confidential and identified various threats and security control gaps.
• Hardcore security controls negotiation with the vendors considering their risk rating and the residual risk had been documented in vendor contracts.
• Created new workflow to on-board the vendor with a quick turnaround.
• Implemented application security assurance program.
• Managed security operation for Business unit and guided the business users on policies, technologies & solutions.
• On-boarded more than 250+ vendors over a year’s span and identified Security controls weakness.
• All the high risks, degree of business & financial impact had been demonstrated to senior management. Created formal processes for acceptable risk appetite and risk acceptance.
• Setup Quality Assurance validation program for Confidential . Governed the overall vendor risk assessment process using GRC platform.

Principle Technologist

Confidential, DC

Responsibilities:

• Conducting vulnerability assessments for entire infrastructure and transportation devices.
• Conducting application penetration testing for all the external facing business sites.
• Implementation testing lab, Governance Docs, Risk assessment and writing test cases.
• Conducting regular Confidential to fulfill PCI-DSS requirements.
• Remediation consulting support and tracking.
• Conducting onsite security assessment to ensure regulatory requirements.
• Program compliance management & matrix management.

Application Security Architect

Confidential, NJ

Responsibilities:

• Implementing & Managing bank’s internal penetration testing program.
• Implemented brand new penetration testing program which include lab setup, Governance Docs, Risk assessment and writing test cases.
• Conducting Penetration testing for Banking & Financial applications.
• Conducting Security due diligence on Network security.
• Conducting security assessment for IT & security initiatives.
• Program compliance management & matrix management.

Technical Architect/Program Manager

Confidential, NY

Responsibilities:

• Re-defined the Vendor Security Assessment Program for leading insurance client.
• Implemented Secure SDLC Program.
• Worked as a Business Information Security Officer (BISO) delegate activities including liaising, advising, advocating, and facilitating to identify and reduce information security risk.
• Ensured the information security management program is in compliance with applicable laws, regulations, contractual requirements, and policies.
• Performed security risk assessments on potential vendors and business partners (including cloud service providers) to evaluate infrastructure controls.
• Developed business relevant metrics to measure the efficiency and effectiveness of the company’s information security management program, forecasting appropriate resource allocation and increase the maturity of the program.
• Guided the management on industry developments in business practice, technology, security issues and legislation that impact the company’s security policy.
• Implemented and Managed the Security portfolios.
• Implemented governance approach in the existing processes to protect from latest threat and vulnerabilities.

Manager

Confidential

Responsibilities:

• Strategized and managed corporate compliance management program includes PCI-DSS, ISO 27001 and SSAE 16.
• Headed the Global Information Security Certification Programs. Managed Governance of internal security controls and consistently improved overall security.
• Implemented the Centre of Excellence (COE) for Confidential and Secure SDLC.
• Lead the technical team for security consulting across global location.
• Performed Web application Penetration testing more than 200+ applications.
• Prepared mobile penetration testing methodology and test cases.
• Implemented Vulnerability Management and Penetration Testing programs.
• Implemented Enterprise wide Risk Assessment and Management Program.
• Headed the Internal Audit team and automated the Internal Audit Program.
• Conducted annual reviews for BCP and DRP program.
• Reviewed and Updated the Enterprise policies and procedures.
• Identified and Managed information security Organization KRA’s and KPI’s.
• Lead Log and Monitoring Arcsight project.
• Initiated and effectively lead new Security products Implementation which includes DLP,2 factor Authentication, Single Sign On, End point Encryption, Cloud Security, D Confidential base Monitoring, Blackberry Server Security, WiFi, Email Monitoring, Security Operation Center, MDM,GRC & Advanced Persistent Threats.
• Redesigned Enterprise Security Architecture.
• Lead security Incident Response Management Program and Investigations.

Senior Technology Analyst

Confidential

Responsibilities:

• Provided Security Consulting to implement a defense in depth strategy to protect infrastructure from latest threat and vulnerabilities.
• Implemented Confidential and Penetration Testing.
• Lead the SAS 70 audit activities.
• Conducted vulnerability assessment for more 3000 assets using Nessus. Performed Penetration Testing on internal and external developed websites using Web Inspect. Vulnerabilities were tracked and reported.
• Successfully designed and implemented security solutions architecture for different business processes.
• Prepared and reviewed Information Security Policies and procedures.
• Active Directory Baseline policy implementation.
• Conducted regular Internal Audit for ISO27001, SAS 70 and PCI DSS.
• Performed web attacks analysis, and reporting
• Performed Enterprise IT Risk Assessments.
• Created and verified security standards for network devices and servers.
• Implemented Websense Content Filter Server.
• Performed firewall reviews on regular intervals.
• Performed Internal control assessments, application reviews, security and IT management and operations for multi-site global operations.
• Presented audit findings, Risk reports and strategized the mitigation plan with senior management.
• Fostered security awareness training to employees and management team.
• Security Consulting for External /Internal Vendors.

Security Consultant

Confidential

Responsibilities:

• Performed internal and external IT audits covering IT Infrastructures and Applications.
• Prepared detailed audit plans, executed the audits, control testing, evaluation and reporting. Conducted second party audit to several external vendors.
• Conducted Vulnerability Assessments and Penetration testing for network devices and servers.
• Conducted IT general controls Review.
• Implemented enterprise secured network systems including perimeter and internal network solutions, access lists, traffic logging, monitoring and security auditing.
• Developed network security/Hardening procedures and policies.
• Developed and implemented the enterprise security risk managements based on ISO 27001.
• Conducted Compliance Assessment against BS / ISO 17799.
• Designed and installed network and host based IDS sensors to monitor malicious activities.
• Implemented IDS (Intrusion), Checkpoint (Secure Platform) and IPS (Raritan).
• Implemented Inventory control and IT asset management software across the organization.
• Designed, implemented and tested disaster recovery procedures and system designs for 24 x 7 operations to increase availability and uptime
• Performed audit tracking, network assessing and reports on vulnerabilities.

System Administrator

Confidential

Responsibilities:

• Implemented and Managed Microsoft Active Directory Domain controllers.
• Implemented Checkpoint, Zywall, Fortigate, ISA Firewalls.
• Implemented and monitored backups.
• Implemented windows software update services.
• Implemented numerous AD group policies.
• Implemented antivirus corporate edition server.
• Implemented SFTP, DHCP, Wireless controllers and Print Servers.