Senior Manager
Wipro Technologies
Total des années d'expérience :24 years, 9 Mois
Compliance Management
Examine and evaluate compliance (Technical & Process) adequacy and effectiveness with respect to Information Security Controls that have been established to protect the Integrity, Confidentiality and Availability of enterprise Information/Data across organization
Compliance checks as per Standards (ISO 27001), Regulations (SOX, HIPPA, PCI-DSS) and Customer requirements to ensure protection strategies are adequately designed and implemented
Design and development of compliance programs based on Risk, Threat Scenario, Management inputs
Technical Compliance check constitutes Network, System, Application Audit and Ethical Hacking
Ethical Hacking activity framework simulates external hacker’s intent and covers organizations critical infrastructure such as perimeter, backbone systems. (SAP, CRM, Voice Network, Blackberry, Payroll, AD, Messaging)
Design and recommend preventive, corrective, and compensating controls to ensure appropriate level of protection to adhere overall information security strategy
Responsible for design and development of, Policies and procedures for Audit and Regulatory Compliance Checks
Hardening guidelines for Systems, Network and Application Check based on ISO27001, COBIT, NIST, PCI-DSS, FISAP
Security Awareness & Education
Responsible for building and sustaining information security awareness and education programme. Framework covers all segment of employees
To impart awareness among employees based on reported SIR (Security Incident Reporting) & disciplinary action
Class room based training for business units and support \ service functions
To validate security awareness maturity among user community using social engineering drills
Responsible for design and development of security awareness, Mailers based on Wipro security policies & procedure, personal security and prevailing threat scenarios
Generation of user awareness statics and prepare trend reports for continuous improvement
Responsible for design and implementation of Customer Offshore Development Center (ODC)
Responsible for implementation of real-time network monitoring and scanning using intrusion detection systems, security incident management and resolution, as well as policy enforcement.
Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures
Responsible for internal auditing, gap analysis, remediation projects, re-testing after remediation efforts, and control re-alignment
Lead Security Architect for major IT Risk and Compliance projects
Risk assessment of Partners & Customer network
Responsible for gathering customer technical requirements and documenting Information Security specification document
Implementing security policy to protect external/internal network against unauthorized access, and to making provisions for disaster recovery in the event of successful intrusion/attack
Responsible for designing and hosting ISMS (Information Security Management System) Portal including policy, procedure, guidelines and checklist maintenance & version control
Participated in creation of Network Operations Center (NOC) for the company, which maintained hundreds of systems and applications spread throughout the world
Network design and preparation of system requirements
Installation, configuration and maintenance of the networking and systems
Troubleshooting and coordination with the local Telco and ISP company
Design and implement migration policies as the network had to move location
Configuring VLANS according to work-group and configuring inter-vlan routing
Using diagnostic tools such as the Network Associates Sniffer V3.05 to analyse data packets while troubleshooting
Implement Quality of Service through Custom Queuing
Interconnect the two networks through the Internet and apply Network Address Translation (NAT)
Harvard Business School (HBS) Trained and Certified in Growth Harbinger Program