Chief Information Security Officer (CISO)
Girnar Insurance Brokers Pvt. Ltd., Gurugram
Total years of experience :18 years, 5 Months
• Implementation general data protection and regulation with Oto.com
• Implementation of Non-banking financial companies (NBFCs) in CarDekho Gaadi Store.
• Conduct the ISNP audit based on IRDA guidelines for InsuranceDekho.
• Implementation of Insurance Self Networking Platform (ISNP) based on IRDA guidelines in
InsuranceDekho.
• Completion of UIDAI Internal Information Security audit based on COMPENDIUM OF
REGULATIONS, CIRCULARS & GUIDELINES FOR UNIQUE IDENTIFICATION AUTHORITY OF INDIA
(UIDAI).
• Imported the awareness of UIDAI information security policies based on Compendium of
Regulations, Circulars & Guidelines.
• Implemented and conduct the workshop Risk Assessment (RA) and Rusk Treatment Plan (RTP)
based on ISO standard.
• Implemented the risk-based cybersecurity framework (CSF) based on the National Institute of
Standards and Technology (NIST).
_____________________________________________________________________________________________________
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Mohammad Iqbal AHMAD Page 3 of 5
• Mapping cybersecurity frameworks (CSF) and Information Security Management System
(ISMS) controls.
• Implemented GDPR for UKIDAP project in France.
• Visited the France - Paris for current project understanding and ISMS implementation.
• Completion of process implementation for ISO 27001:2013 and successful external audit for
new location (Kolkata Data Centre of Ricoh India Limited) within 3 months.
• Implemented the Business Continuity Management for New Delhi and Kolkata locations.
• SOC 2 Type II assessment in coordination with AICPA for Kolkata Data Centre.
• Implemented Information Security Controls within Ricoh India Limited for IT and Cloud
Services (New Delhi and Kolkata locations).
• ISO 27001:2013 Re-certification audit for New Delhi and Kolkata locations through new
certification body SGS.
• Completion of CMMI ML5 and ML4 Appraisal (External Audit) for Ricoh India Limited.
• Completion of CMMI ML3 Appraisal (External Audit) for Software Data India Limited (SDIL)
Noida.
• Analysis of Effort Variance with the help of D.M.A.I.C.
• Excellence award for SEPG work in CMMI Appraisal.
• Special award from external body Software Data India Limited (SDIL) for working as external
Appraisal Team Member (ATM)
Information Security & Compliances
Roles & Responsibilities:
• Implementation of ISMS Processes, Policies and Guidelines for Information Security
Management System (ISMS)
• Review the organization wise potential issues and consult to team.
• Incident Reporting, Consulting to team for closure of incident with RCA, CAPA
• Perform the Root Cause Analysis of Incident and closure
• Prepared the GDPR key policies and project implantation with UKIDAP project
• Conduct the Data Privacy Impact Assessment (DPIA)
• Define technical and business requirements for data privacy and information governance
solutions.
• Implement data privacy, information governance, IT, and information security related
technology products.
• Implementation of ITSM Processes, Policies for Service Management System (SMS) standard
• Ensuring Cybersecurity of internet-connected systems, including hardware, software, and
data, from cyberattacks
• Ensuring PCI-DSS security standards with application Team
• Implementation of QMS Processes, Policies and Guidelines for Quality Management System
(QMS)
• Defining the control effective measurement guidelines for IT, HR, and ISMS functions
• Conducted internal audits and consulting to team for closure of findings.
• Ensuring Risk Assessment and Treatment implementation of current projects
• Ensuring ISMS KPI (Control Effective and Measurement Guidelines) for current projects
• Promoting ISMS awareness amongst the employees/vendors.
• Dealing and participating in Information security Change Advisory Board (CAB) with various
offices of IDEMIA worldwide, such as France
Implementation of ISMS Framework
• Publishing ISMS Manual
• Defining specific roles and responsibilities of information security across the DATA CENTRE,
RICOH INDIA LIMITED
• Co-ordination with Information System Security Council, Co-ordination Group (Information
System Security Coordination Team) and departmental coordinators on all activities
identified as a part of group responsibility.
• Organizing security reviews and audits, with internal and external resources
• Ensuring implementation and tracking of ISMS plan
• Coordinating with different security coordinators within the company
• Organizing management reviews of ISMS
• Promoting ISMS awareness amongst the employees
• Review and prioritize significant information Assets and security threats
• Incident Reporting
• Worked on RFP and providing necessary inputs for RFP's to the potential supplier and
customer
• Identification of IT and Cloud services risk and discussed with council meeting
_____________________________________________________________________________________________________
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Mohammad Iqbal AHMAD Page 5 of 5
• Carry out Risk Assessment and prepare Risk Treatment Plan
• Implementation of HIPAA process for DC located as New Delhi and Kolkata
• Co-ordination with CPA as ISMS compliance officer of Ricoh
• Identification of trust principles and controls to be included in SOC2 Type II report
• Defining QMS / CMMI process framework
• Conducting QMS / CMMI Orientation and Induction and Imparting Training
• Review and verify the identified controls internally
• Facilitating the testing of effectiveness of SOC 2 Type II controls by CPA
• Dealing (and participating in Information security forums) with various offices of Ricoh
Worldwide, such as Singapore, Hong Kong, Japan and India
Information Security, Quality & Compliance
Information Security, Quality and Compliance)
Quality Assurance) - ISO 9001:2008
.,
,
URL removed due to policy violation. Please contact support for further information.