Information Security Engineer
Michelin
Total years of experience :7 years, 3 Months
Responsible for the implementing and maintain of the ISMS within UASC IT Operations & Service Line with ISO 27001 standard
• Assist in achieving the ISO 27001 certification by facilitating organization requirements during Internal/External Auditing happening for IT
• Maintain the information security to ensure that strategic information assets are correctly identified & protected with focus on security
• To maintain an asset register for all IT assets owned by the UASC, procedure & guideline documents, reviewed GRC structure of organization.
• Roll-out the information security risk management by conducting risk assessment, gap analysis, risk treatment plan & mitigation.
• Collect KPI from functions, maintain and publish the security KPI to Management team.
• Communicate the vulnerabilities identified to the technical team & ensuring all Critical & Severe vulnerabilities are fixed in given time.
• Gathering information from different process, identify critical process (BIA) & create business continuity/DR for process, conduct tabletop.
• Managing MRM monthly, quarterly meetings to highlight gaps identified in process review & current status with Management for InfoSec and achieved goals.
• Create summary of infrastructure & web application vulnerabilities of level critical/Severe, and remediate vulnerability & record open/closed.
• Reviewed Vulnerability reports from Qualys (web & infra VA) & Nessus (windows & network VA) and sorted critical & action plan.
• Conduct Risk Assessment for different process and discuss pact & probability. Mitigation plan by applying controls & checked effectiveness.
• Closely working & handled the SOC team on emergency security incident escalated to IT & RCA, follow up till closure.
• Qualify report on security incidents & ensure Root Cause Analysis is produced and shared with BU Mgmt.
Monitoring Information Security controls in IT datacenter & network. Ensuring compliance to internal and customer security requirement.
• Developed & maintain the documents like: Crisis mgmt. plan, communication plan, Emergency response plan, call tree, DR teams, SEMP plan, Fire evacuation drills, table top, MRM minutes, Kickoff presentation, internal audit calendar & checklists, NCCA tracker, weekly status report, etc.
• Conducts security awareness programs like newsletters, email campaigns, quiz, online test & user interactive sessions
• Support Information Security Manager as backup inabsence of manager due to other commitments.
TECHNICAL:
• Used monitoring like SIEM (LogRhythm) for traffic of logs, malware analysis, virus remediation and security threat investigation.
• Create/working with IT team on open and closed security incident like configuration modified alerts, Malware, virus detected activity, logs not receiving, unauthorized access, authorized access, traversal attack, suspicious activity.
• Hands on vulnerability mgmt. tools Nessus, SecurityCenter & Qualys. Check for patches applied & antivirus updated.
• Monitored the UASC networks for security breaches and investigate a violation when one occurs.
• Monitoring the organization compliance with change management, logical and physical access, IT operations and other control procedure.
• Generate reports of KPI’s, open and closed security incident tickets & conduct monthly meeting with SOC & network team to followup.
• Assist staff in mitigating the Vulnerability Detection & threats by providing the remediation
• Familiar with security devices like Palo Alto firewall, TrendMicro, cisco ASA, IDS/IPS, datacenter, Monitoring logs, security incident, knowledge of security architecture design.
• Monitor the firewall activity and perform traffic analysis includes vulnerabilities, exploit detection, virus detection configuration modified an
Information security