information security consultant
CGI Inc
Total years of experience :17 years, 6 Months
Currently working with CGI Inc as Manager Consulting Expert / Information Security Consultant.
▪ Responsible for performing information security gap analysis, Risk assessments for various customer programs and helped
them in establishing effective information security governance and management controls based on ISO 27001, 22301, GDPR
etc.
▪ Responsible for Implementation and adherence cross check on PCI-DSS IT controls.
▪ Discussion with the client on Business requirements, outline the design, create the necessary documentation for Security
compliance. Enable the business with proactive security and compliance programs that implement appropriate controls and
protection
▪ Conduct periodic information security risk identification assessment with the Finland IPS service lines in Technology and
Infrastructure Services scope at the function heads level.
▪ Expert in devising Information systems security strategies, Governance and quality security functions. Monitor and support
adherence to Information Security, Risk and Compliance requirements
▪ Worked on Risk management processes & Control Matrix based on best practices such as GDPR and ISO 27K for Finland
IPs.
Position Handled:
1. Information Security Consultant and advisor for one of the major Energy-Utilities, Oil & Gas client. Cloud Services -
Azure Environment
2. Senior Security Officer - Responsible for handling overall Information security compliance adherence across all the CGI
Finland IPS.
Worked as Lead Consultant in Cloud Security for AWS & Azure environment, ISMS Audits, SOC-2 compliance Audits, Cloud
Infrastructure Delivery Model, Security Domain and in ISO Audits for Wipro Clients.
Handling ISO 27K Audits, SSAE-16 Audits, Data Center Audits, Supplier Audits, PCI-DSS, SOC-2 Compliance Audits, HIPPA,
Intellectual Property Compliance checks Audits at Infosys Ltd. with the Corporate Audits, Assessments and Certification Team,
which is an independent governance entity of Infosys Limited in Bangalore.
• Responsible for handling IP Audits across all the Infosys DCs, Units, Verticals, BEF’s and other legal entities of Infosys.
• Worked extensively on identification of Intellectual Property Commercialization Risks in the field of Information Technology.
• Worked on IP risk profiling for M&A (Mergers and Acquisitions), Digital Rights Management (DRM) Technologies and
identification of Infringement risks.
• Worked on the compliance checks related to Patents, Trade Mark/ Trade Name/ Logo Registration, FTO, IDFs, Copyrights
w.r.t. Infosys and its Client’s Intellectual Assets
• Sustaining to Integrated Management System (ISO 9001:2008, ISO 20000-1:2011 and ISO 27001:2013) for the Infosys and its
Clients.
Position Handled: Manager - Process Standardization & Compliance Group
Positions Previously Handled:
3. Technical Specialist --- Security Management
4. Incident Manager --- Security, Network and Voice Domains
5. Alert Reduction Manager - Event Management
6. Senior Engineer & Engineer - Security Management
Technical Responsibilities:
▪ Implementing Network Security for our clients across the world by remotely managing Firewalls, Creating Security
Policies/Rules and NAT Policies as per the company rules and requirements.
▪ Managing & administration of Firewalls like Checkpoint, Netscreen, Fortigate, Watch Guard, Cisco, PIX/ASA, Annex Gate.
▪ Managing & administration of Proxy Servers ISA, Bluecoat.
▪ Managing & administration of different types of Web Scanning/URL filtering Surf control, Trend micro IWSS, Web washer, Blue
Coat, ISS Proventia Web Filter.
▪ Managing & administration of Mail Filtering like Trend Micro IMSS, Iron port, Message Labs, Iron Mail, Symantec Bright Mail
gateway.
▪ Managing & administration of Authentication Tools like Cisco ACS, Knowledge on Monitoring Tools like Arc sight, RSA, SSIM.
▪ Periodically auditing the configurations of Security Products - recommend and implement the necessary Fine-tuning and
hardening of the Product configurations.
▪ Preparation and implementation of:
1) Risk assessment and mitigation registers
2) Service Improvement plans
3) Security Advisory
4) Major Incident Register and Mitigation plans
Service Delivery Responsibilities:
▪ Managed the Team Size of 60 plus members along with 7 Team Leads & Reviewing MIS reports with customers (70+).
▪ Ensure SLA performance, Process and Compliance are in place.
▪ Hands on experience in KAP process, Data collection of the IT infrastructure, analyzing the Security setup & providing the
recommendation to the customers for the observations made & handing over it to the Transition Phase, & then to
Monitoring/managing Phase-Live Phase.
▪ Customer & Delivery related Meetings.
▪ Vendor Coordination
▪ Alert Reduction Management
MBA
Bachelor of Engineering