associate director cybersecurity
MB Group
Total des années d'expérience :19 years, 8 Mois
information security risk management and governance
TOOLS/TECHNOLOGY EXPERTISE
•Vulnerability Management can for vulnerabilities and prioritize remediation efforts to protect critical IT assets with special emphasis on PCI regulatory requirements using leading tools like QualysGuard® and Nessus.
•Unified Threat Management (Cyberoam, Sonicwall, Fortigate)
Providing POC & configuration of comprehensive solution that includes Firewall, IDS, IPS, Content filtering, VPN, ISP Load balancing, Antivirus, Antispam, DNS & DHCP.
•Security Incident & Event Monitoring
Configure and Monitor for cyber security and compliance monitoring using market leading SIEM platform Sentinel (Novell Product)
LG, IIM Lucknow, JNU, BAG films ANI, Sheela foam, MITS, NIT Rourkela, MAX Healthcare, RITES, BHEL, JIIT, BHARTIYA VIDYAPEETH, PEC, IMT, Donaldsons, TIMES, NHPC, IIFM, Pathways world School, Times Now Channel, Hero Honda, JK Telesoft, Balrampur Cheeni Mill etc.
•Was actively involved in managing Presales for the UTM devices (Firewall, IDS, IPS, Content Filtering, VPN, ISP Load Balancing, Anti-Virus, Anti-Spam).
•Handling POC of the products.
•Preparing RFP/RFI of products.
•Preparing product documentation & maintain SLA for the post sale support.
•Implementation & comparison of different security product.
•Managing whole North & East India for Security support.
•Good knowledge on IT infrastructure technology, DNS protocol, Internet technology.
•Configuration and troubleshooting of Intrusion Detection and Intrusion Prevention Systems, Firewall, VPN, etc.
•Configuration of Anti Spam/Virus and Content Filtering products.
•Designing Companies Network.
•Provide Training to dealers & clients.
•Providing DR Plans for security products.
Consulting Practice team and supporting the business development & delivery of IT Advisory services.
•Define, maintain, enhance and recommend client's information security Policies & Procedures.
•End-to-End project planning, scheduling, Tracking, reporting and Communication to stake holders, ensuring scope management, adequate and efficient resource planning, activity sequencing, effort & cost estimation.
•Lead and Contribute to the design, development and implementation of winning technical solutions for customers to introduce and establish new technology solutions into their business and business processes
•Writing proposals, responding to RFPs, RFIs and quality client presentations. Work closely with OEMs and partners to support the development of winning solutions at optimum cost.
•High end solution architecting as well as managing implementation of large projects in the area of Network & Information Security
PROJECT DETAILS:
•Leading Bank - Cyber Security Assessment as per RBI Circular
Role - Project manager
Information Security Practice
PROJECT DETAILS:
•Essar - Improving Security posture of the organization
Role - Project manager
Project Description
•Perform IT current state assessment & submit gap analysis report with recommendations to the stakeholders.
•Identify critical third party vendors & conduct third party audit for Star India.
•Study the current policies & practices of the organization & perform the gap analysis.
•Perform role authorization process of critical application.
•Develop risk assessment of IT Infrastructure & configuration review of IT security devices (Firewall, IDP, Content Filtering, VPN etc.)
•Perform ACL review on Firewall & central switch and submit gap analysis with recommendations.
•Assess business continuity & disaster recovery process.
•Tata Steel - Process improvement
Date - 5 months
Project Description
•Study the existing processes & practices of the organization & perform the gap analysis.
•Identify operational threats & perform risk assessment.
•Assess the current state of IT general controls in the organization.
•Prepare IT risk management process & highlight the high risk to the stakeholders.
•Loylty Rewardz - PCI DSS Assessment/Audit
Role - Project Lead
Part of IT Risk & Compliance team. I am responsible for ensuring SLA adherence for Support incidents/requests and timely completion of ongoing Project activities for assigned clients.
•Helping practice team to design IT security solutions (IT security infrastructure, SIEM, Application security, Vulnerability & penetration testing, SOC designing) & responding RFP & RFI.
•Define, maintain, enhance and recommend client's information security and control governance framework, including policy, directives, standards and guidelines/best practices. Perform ongoing monitoring of continuously changing information security risks, threats and best practices. This includes managing the repositories of standards, security classifications and risk assessments.
•Develop Business Impact Assessments (BIA) based on operational risk assessments at the business and site levels.
•Ensure Business Continuity Management plans are tested, evaluated, documented and maintained accordingly. Make recommendations as appropriate and follow up on relevant corrective actions.
•Ensuring Standard Operating Procedures (SOPs) for BCM is upto date.
•Ensure all elements and deliverables within the Business Continuity Management System, including operational risk assessments and Business Continuity Management strategies, plans and budgets are reviewed, approved and signed off by relevant management.
•Establish and communicate management orientation and dissemination programs, and staff security awareness programs; adopting creative approaches to ensure that requirements and expectations are regularly/continuously reinforced.
•Interact with Change Management, Information Security Office and IT Forensic departments for day-to-day activities.
•Co-ordinate with Incident Management and Problem Management teams for Infrastructure related issues.
•Leading a team of 3 Security Monitoring & Implementation engineers.
•Implementation of bulge control and onsite rotation policy as per recommended guidelines.
•I am the single point of contact for the client regarding the current security services and would also be responsible for successful delivery of all future project endeavors.
•Coordination with Offshore team members regarding status of ongoing projects/Operations.
•Liasoning with client for coordination and delivery of presentations and maintaining a positive and professional relationship through co-operative interaction
Responsible for IT Security Governance, Managing security posture of client organization at global/local level, Management of Security process, policies, Compliance and new Infosec Initiatives.
•Responsible for Ericsson’s datacenter IT security.
•Managing vulnerability, Mitigation & gap analysis of various telecom devices like MSC, BSC, Voice mail, IVR, NIMBUS etc.
•Daily interact with SOC team for the security issues & maintaining the matrix of the same.
•Interact with other supervisor/managers across the globe to discuss and review new processes and also changes to existing processes.
•Establish and evaluate external "benchmarks" (including ISO, SOX, PCI, COBIT, HIPPA and other standards and guidelines) to ensure that client's information security and control governance framework remains responsive to risk and reflects the best current practices appropriate to the client's services and products.
•I was the functional lead for the support team and Problem Management tasks included escalating and co-coordinating open issues.
•I demonstrated excellent leadership qualities and people management skills, leading cross functional teams, good communication skills and exposed to various cultures. Interfacing with client, vendors, front end and back end teams.
•People responsibility included forming, mentoring and development of a team of 7 skilled engineers
in
in
courses: DSCI Certified Privacy Lead Assessor •System & Database Administrator from CDAC Noida (Includes Windows, Linux & Database Administration) •CEH certification from MIEL •Information Security Management System – ISO 27001 LA from BSI UK •Business Continuity Management System- BS 25999 LA from BSI UK •ITIL V3 from k- Secure PROFESSIONAL MEMBERSHIP •ISACA