Cyber Security Analyst
TIAA
Total des années d'expérience :8 years, 5 Mois
Cloud, IOT and Infrastructure security risk assessments.
Cloud IAAS, PAAS, SAAS security risk assessments.
Secure cloud migration assessment
Application controls risk assessment.
API security assessment.
Network Architect review.
Supplier/Vendor risk assessment
Technical Risk based audit.
IT Control mapping with various regulatory standards (NYDFS/ FISMA/ FFIEC/ FedRAMP/ COBIT 5) and
identified GAP.
Enterprise exception management and its compliance review.
Working with BISO on risk acceptance and validating mitigation plans.
Help stakeholders to perform Risk Control Self Assessment and also educate based on requirements.
Review IT Security control, standard, policy, procedure and guideline documents and perform GAP
assessment.
Preparing IT risk reports weekly, monthly, quarterly based on business requirements using different analytics
tools
● Cloud, IOT, Infrastructure security risk assessment.
● Public, Privet, Community and Hybrid cloud security risk assessment.
● Cloud IAAS, PAAS, SAAS security risk assessment.
● Cloud application security risk assessment.
● API security risk assessment.
● Network security risk assessment.
● Third party/Vendor risk assessment.
● Technical risk assessment.
● Enterprise risk assessment.
● Cloud hosting security risk assessment.
● PIM/PAM security risk assessment.
● Mobility security risk assessment.
● Product risk evaluation.
● Physical and logical environment security risk assessment.
● Cloud & IOT security framework creation and GAP assessment.
● Cloud & IOT security policy review.
● Prepare of Policies, Processes and Guidelines for Cloud and IOT.
● Conduct web, Mobile, Cloud, Web services-API, Thick client application security assessment and assist in closure of Vulnerabilities.
● Critical server’s vulnerability assessment.
● Network security device level audit and rule base audit.
● Basic of cloud security assessment.
● ISO 27001:2013 ISMS internal audit.
● Prepare of Policies, Processes and Guidelines for ISMS.
● Conduct Gap analysis for ISO 270001 ISMS.
● Qualitative and quantitative risk assessment.
● Risk Assessment, Risk treatment for ISMS.
● Vendor risk profiling and country risk assessment.
● Prepare training Plan, train the stakeholders, conduct mock audits, assist in ISO 27001.
● Banking interface payment system, payment gateway, SWIFT IT security audit and risk assessment.
● Understand the data flow architecture for network segmentation and conduct network architecture review.
● Conduct security device/server hardening review for IDBI Bank.
● Conduct a review of business functions / process (BRD) from security point of views and implement security controls for Internet Banking, Mobile Wallets, Channels, Rural Banking and cards.
● Involve in simulation drill such as IDRBT, DDOS, Phishing and other cyber security assessment.
● Vendor management for all security projects on VAPT, App-Sec, SDC, IT audit etc.
● Conduct and manage the portfolio of vulnerability assessment and penetration testing for the entire internet/intranet facing infrastructure of the bank and its group companies.
● Work on RBI/CERT-IN/NPCI/NCIIPC/IDRBT Advisory for the implementation of cyber Security framework for the Bank.
● Design and roll out of Information Security awareness framework for internal employees and external customers - Online e-learn training, posters, mailers and newsletters.
● Create & deliver presentations on security awareness to the banks users which include details about the latest threats, net banking, phishing, wishing and social engineering.
● Web application security assessment
● Android OS application security assessment
● Server OS vulnerability assessment
● Firewall/IDS/IPS/Web proxy gateway incident monitoring
● Security product implement and migration
● Log analysis
I studied Cyber Security and Incident Response.
Computer Engineering