Anil Chopra

Senior Director - Enterprise Information Security / Business Information Security Officer (BISO):

An executive level manager with the responsibility of directing strategy and operations for the protection of the enterprise information assets and along with the management of the cyber security program. The detailed KRAs are as follows:

• Security Governance - Maintain a current understanding of the IT Threat landscape.
• Security Architecture Management - Direct and approve the design of security systems including Cloud Security & API Micro services security management.
• Security Policy Management - Review and approve security policies controls.
• Cyber Defense operation and engineering - Security Operations center (follow the sun), Threat Management (threat hunting), Insider Threat (DLP-DIM/DAR/DIU), Data Forensics & Security Incident Response. Translate threat knowledge to identification of risks and actionable plans to protect the business.
• Regulatory Compliance - Ensure compliance with the changing laws and applicable regulations.
• Security Audit - Schedule periodic security audits and act as a single point of contact for all security audits. (RCSA/SIAI).
• Security Awareness - Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced. Communicate best practices and risks to all parts of the business outside IT.
• Stakeholder Management - Brief the executive team (including 7 business technology CIO groups) on status and risks, including taking the role of champion for the overall strategy and necessary budget.
• Program Management - Manage all teams, employees, contractors and vendors involved in IT security, which includes hiring as well.

Senior Vice President & Head - IT Security, IT Risk and Disaster Recovery Mgt.: Joined the Bank in 2012 as foundation batch to define a strategy for implementation, management of robust IT & Cyber Security, Technology Risk & BCM programs for Indian operations for the bank. At present managing a multi-stakeholder relationship involving head office, regional office, internal customers and multiple regulators to ensure compliance to all facets of regulatory requirements.
Key responsible areas are as follows:

• Owner for driving Technology Compliance, Cyber Security, IT Risk Management and IT Disaster Recovery Management.
• Information Systems Control Design and Implementation: Design and implement Information Systems and related controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives. Driving Cloud First strategy.
• Information Systems Control Monitoring and Maintenance: Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of IS controls. Perform control self-assessment, record potential issues and ensure remediation. Co-ownership of organization risk-register for technology issues.
• IT Policy Governance and Compliance: Coordinate the development and ongoing maintenance of IT policies and procedures. Ensure that all IT policies & procedures are compliant with relevant Head office guidelines and regulatory requirements. Maintain a schedule of policy reviews and approvals.
• Audit & Reviews Preparation and Facilitation: Serve as a bank’s liaison to auditors, consultants and the bank’s compliance committee regarding documentation and review of information compliance. Ensure Issues are addressed and corrective actions are implemented. Keep a tracking action list of all audit issues.
• Disaster Recovery Coordination: Maintain the IT DR plan including periodic reviews. Oversee the regular testing of the plan and update for major changes in the information equipment or regulatory requirement. Coordinate testing and reporting of data backup restorations in accordance with KPIs.
• Stakeholder Management: Convening Strategy and steering committee at country level with key stakeholders as Management, head office, regional office and key departments such as Legal & Compliance, Risk Management, Human Resources and various business functions.
• Team Leadership/People Management.

Lead Information Security Operations for Bank of America.
Drive Business growth, innovation and process improvisation projects to strengthen quality of service, timely delivery and staff capabilities while improving reliability and control cost reduction.
Leading a 80+ people strong team of Information Security professionals.

Functions directly under control:
- Vulnerability Management-Remediation
- Security Operations Center
- Application Assessment
- Cyber Threat Analytics
- Automated Web Scanning
- Insider Threat & Behavioral Analysis (Data in Motion, Data at Rest and Data in Use)
- Information Security Consulting Desk

Process Management:
- Information Security-Risk & Control Self Assessment
- Project & Change Management
- Program Management.
- Security Architect
- Customer Relationship Management
- IT Service Management
- Team Management
- Offshore Process Management.

Program Management.
Solution Architect, Data Center Migrations & Management
Customer Relationship Management
Vendor Management
IT Service Management - Service Desk, SLA management.
Technology & Team Management
Infrastructure & Transformation Projects

Led IT strategy and new initiatives critical to achieving corporate objective and goals. Planned/executed business and operations strategy as member of Business Systems team reporting to CIO. Executed projects within budget and led 35 people strong technology team of projects and operations.


Key Responsible Areas
Information Security & QA
 RCSA (Risk Control and Self Assessment) of Business System
 Internal Audit of CitiFinancial Business Units.
 TPISA (Third Party Information Security Assessments) & Information Security Administration (ISA)

Project Management:
 Evaluation of new technologies and playing critical and active role in defining enterprise solutions to address critical and strategic business requirement.
 Delivering projects in the field of platform technologies including data center rationalizing studies and consolidation.

Infrastructure Operations.
 Manage production, UAT and COB (DR) infrastructure which include Enterprise servers, middleware and presentation servers.
 Maintain uptime and response time of the servers as per SLA agreed with the business.
 Problem Management - Effective management of request, problems as per severity and defined TAT.
 Uphold the highest level of quality around physical state of the data center systems.

Intranet and Application Change Management:
 Ensure Change Control by effective configuration, release and deployment management.
 Ensure changes are effectively planned, tracked and scheduled.

Posted at a vendor location - Associates Financial Services Pvt. Ltd., (now known as CitiFinancial Consumer Finance India Ltd.) as a Team Leader-IT Networking Team. Key responsible areas included:

 Management of Data Center Operations.
 Facility Management.
 Infrastructure Operations & Administrations.
 Branch User/Network Support.
 Asset Management.
 Vulnerability and Threat Management.

Programming using Visual basics.

Freelancer - application programmer

Software Development
- Visual Basics 5.0
- ASP
- SQL Server