Specialist
Larsen & Toubro Infotech
Total des années d'expérience :9 years, 11 Mois
Part of Risk Advisory - Cyber Risk team
Projects Worked: leading public sector bank in India & Global oil & gas company in India.
Exposure in PCI-DSS compliance & consulting, PCI DSS Assesments, Findings Management, Process review and Data Privacy.
• Projects Worked: leading private sector bank in India, leading retailer in India, leading payment gateway in Thailand and a leading utility company in Saudi Arabia.
• Exposure on PCI-DSS, Merchant Compliance, ISMS Management, Cybersecurity Awareness Framework development, Data Flow Analysis, ISO 27001, Risk Assessment and NIST.
• Executed Merchant and Service Provider Compliance project for acquiring bank towards PCI DSS standard. Project involved understanding of end to end transaction flow of Bank’s applications to evaluate the PCI DSS applicability. Seek compliance status against VISA International Operating Guidelines /MasterCard/ RBI Guidelines, Policies and Practices. Identifying Merchants and Service Provider levels and their environment for PCIDSS Applicability and suggesting them suitable PCI DSS document/ SAQ. Reviewed PCI DSS Compliance documentation / evidences provided by merchants to Validate complete transaction process. Conduct Con-calls with merchants and service providers to communicate validation requirements. Hands-on experience on enhancement and development of PCI DSS portal hosted and by Paladion.
• Conducted QA signoffs to multiple PCI DSS engagements like merchants and service providers which involved understanding of PCI DSS requirements, cardholder data flow and controls in place. The activity involves evaluating the Report on Compliance (ROC) document, Attestation of Compliance (AOC) and the mapped evidences to verify completeness and accuracy of the observation in alignment with the PCI DSS v3.1 and PCI DSS v3.2.
• Implemented Data Protection Framework and conducted process audit for various business processes for Banking industry in India. Project Involved in identifying business critical and customer sensitive data in the business processes and sub-processes followed within the Bank. The activity involves
Page 2
preparation of Data Flow Diagram, Data Register and Threat Identification. Recommendations and follow up on remediation
• Understanding of ISO 27001:2013 standard and performing ISMS Internal Audit for an insurance Industry in India. Audit involved documentation and reporting of non-conformances. Provided recommendations for remediation of non-conformances. Ensured findings are reported to the Internal Audit Team and that action plans are documented and tracked
• Involved in implementation of Information and Cybersecurity Awareness framework for a retailer company in Saudi Arabia. Activity involved assessing the maturity level, Gap Analysis, Establishing an ICA Framework, Cybersecurity Awareness Plans, Awareness Material Development and Awareness Session.
• Projects Worked: leading private sector bank and leading Retailer industry in India
• Worked as a Security Analyst in 24/7 IT Security team. Performed troubleshooting of Networks and devices. Also involved in Service and Incident /Problem Management.
• Exposure on Malware Protection System i.e. WEB MPS, Email MPS, File MPS and Mandiant (FireEye), Firewall (Checkpoint and Juniper), Proxy (Cyberoam and ISA Server (Forefront TMG)), Antivirus (Symantec Endpoint Protection), SSL VPN (F5), SMG (Symantec Mail Gateway), IPS (IBM Proventia, Intel McAfee and HP Tipping point), Load Balancer I.e. Local Traffic Manager and Global Traffic Manager (F5), SFTP server and other security devices.
• Managed network and security devices at Tier 4 Certified Data Center and managed Bank's dealing application setup.
We had designed a product based on the Principle of colour temperature\[CTC\] in LED lighting known as mood lighting where we have used remote controller to change the colour of LED from yellow to white and to achieve all the shades between them.