Risk and Compliance - IT GRC
HCL Technologies
Total years of experience :16 years, 5 Months
• Managing Information Security domains, Risk Management, Governance and Compliances
• Develops, maintains, publishes and enforces corporate information security standards and guidelines encompassing data and intellectual security.
• Develops and implements security awareness program
• Develop and manage the implementation of corporation information security policies, programs and procedures
• Conducting Risk Assessment based on OCTAVE methodology
• Maintaining Data Protection, Fraud Management engagements across the organization according to UK - DPA 1988 and various consumer acts (OCC, OFT)
• IT infrastructure security, Security Operation Center management and monitoring, Capacity Planning activities
• Act as a central point of contact for internal and external customers on security issues, and Presales activities
• Monitors and evaluates internal and external security threats
• Researches security threats and implements appropriate changes to the security program to prevent data from being compromised. Upgrades security systems by monitoring security environment.
• Evaluate, test and recommend of new information security hardware, software applications and analyze its impact in the existing environment. Provide technical and managerial expertise for the administration of various security tools
• Providing SPOC for PCI DSS, PA DSS, ISO 27001 and SOX Implementation for Product and Entity level engagements
• Accomplished PCI DSS, PA DSS Gap analysis, End to End documentation
• Handling Internal and External audit (For PCI DSS, PADSS and ISO27001)
• Strong experience in implementing various compliance security controls
• Cloud security implementation and continual compliance monitoring
• Business Continuity Enhancements based on BS-25999 standards and BCP testing, Preparing Business Impact Analysis
• Expertise in Incident management, security log reviews(Firewall, IPS, Servers)
• Preparing Threat Modeling for various web applications, Application Security evaluation, Security testing coordination
• Performing Vulnerability Analysis and Penetration Testing by using various security tools
• Mentoring, Educating security awareness to various stake holders, team members
• Implemented Security Governance Practices across the organization
Significant Highlights
• Management of Application Security by using various security frameworks (OWASP, BSIMM, SAMM), PA-DSS, PCI-DSS compliance process and procedures within the Project Team.
• Web Application Assessments, Source Code Reviews, Vulnerability Assessments, Penetration Testing
• Conducting Risk Assessments, Threat Modeling for various web applications
• Reviewing Security Architectures, Policies and Procedures
• Architect and providing Consulting for various security projects - responsible for security technology roadmaps, strategy and ensuring compliance
• Reviewing Security architecture, requirements and policies, procedures
• Educate and create awareness for developers community, project managers, business analysts and testers on the application security and its importance
• Evaluate various security tools and deployed security tools such as Penetration testing, Source code analyzers, Web Scanners and log analyzers
• Conduct investigations and remediation of Information Security Incidents by SIEM tools
• Single Point of Contact for PCI DSS, PA DSS compliance documentations, testing and implementation
• Accomplished PA DSS Gap analysis, End to End documentation
• Preparing Business Scenarios for PA DSS requirements
• Threat monitoring, Threat analysis in PCI DSS environment and incident escalation
• Network security devices configuration (Firewall / IPS), network vulnerability analysis
• Reviewing all threat management systems, log management, log analysis using various tools
• Monitoring Encryption keys are properly implemented in the system
• Involving ISO 9001, ISO 27001 internal audits
Achievements
• Successfully deployed various PCI-DSS, PA-DSS applications and get Certified
• Appointed SPOC (Single Point of Contact) for various IT Security and PCI, PA DSS activities
• Conduct Information security projects & programs for PKI, Penetration Testing, PCI DSS, PA DSS.