Information Security Manager
Infosys Ltd
Total years of experience :14 years, 5 Months
Implement and maintain Information Security standards such as ISO 27001, PCI DSS, HIPAA, SSAE 16 etc. in organization level and engagement level.
•Information Security Risk Management- Conduct assessment of risks to information assets and risk mitigation activities to safeguard organizational assets
•Participate in external audits and client audits providing information security related assurance
•Client SPOC for information security activities in one of the designated account
•Conduct engagement level information security reviews, audits and risk assessments against information security standards, customer specific information security requirements and Infosys information security policies
•Participate in security architecture reviews and provide inputs related to security requirements.
•Perform Vendor Risk management and third party security assessments.
•Conduct routine enterprise information security audits of accounts and projects against defined standards / policies in order to ensure compliance with the company’s information security policies / customer requirements and suggest areas of improvement.
•Participate ISC (Information Security Council) and discuss about trend analysis including latency and statistical derivations to derive deliverable value from security metrics.
•Handling Information Security related queries, requirements and activities in delivery centers in other countries.
•Creation of new Information Security related policies and procedures, periodic review and update of existing policy and procedural documents.
•Undertake review of all MSA’s, Contracts, Request for Proposal (RFP)/Request for Information (RFI).
•Participate in Pre-Engagement negotiations and discussions with prospects/clients from Information Security perspective.
• Worked as an Information Security Professional
Responsibilities: -
•Accountable for IT Security, Compliance & Risk of the whole organization’s IT infrastructure (Includes servers, network devices and other systems) and ensure end to end IT compliance with respect to ISO 27001.
•Implementation of
Responsible for client Servers and Network devices are compliant with Security Policy (GSD 331 & ISeC : Information Security policies, Standard Operating Procedures in accordance with ISO 27001:2005)
•Review of security checklist with respective departments like UNIX, WINTEL, ORACLE, CITRIX, Network & Service Management.
•Ensuring PCI compliance based on internal compliance calendar.
•Review all non-compliances (controls) are documented with deviation report.
•Review all risks were raised for non-compliances and perform periodic internal reviews and audits.
Installation & Configuration of various Linux, Windows Servers & desktops
•Creating and Maintaining User Accounts
•Installing and configuring new hardware and software
•Monitoring and Tuning Performance & troubleshooting any reported problems
•Configuring a Secure System
•Backing Up and Restoring Files
in