Prabhuram Prabhuram

• Managing Information Security domains, Risk Management, Governance and Compliances

• Develops, maintains, publishes and enforces corporate information security standards and guidelines encompassing data and intellectual security.

• Develops and implements security awareness program

• Develop and manage the implementation of corporation information security policies, programs and procedures

• Conducting Risk Assessment based on OCTAVE methodology

• Maintaining Data Protection, Fraud Management engagements across the organization according to UK - DPA 1988 and various consumer acts (OCC, OFT)

• IT infrastructure security, Security Operation Center management and monitoring, Capacity Planning activities

• Act as a central point of contact for internal and external customers on security issues, and Presales activities

• Monitors and evaluates internal and external security threats

• Researches security threats and implements appropriate changes to the security program to prevent data from being compromised. Upgrades security systems by monitoring security environment.

• Evaluate, test and recommend of new information security hardware, software applications and analyze its impact in the existing environment. Provide technical and managerial expertise for the administration of various security tools

• Providing SPOC for PCI DSS, PA DSS, ISO 27001 and SOX Implementation for Product and Entity level engagements

• Accomplished PCI DSS, PA DSS Gap analysis, End to End documentation

• Handling Internal and External audit (For PCI DSS, PADSS and ISO27001)

• Strong experience in implementing various compliance security controls

• Cloud security implementation and continual compliance monitoring

• Business Continuity Enhancements based on BS-25999 standards and BCP testing, Preparing Business Impact Analysis

• Expertise in Incident management, security log reviews(Firewall, IPS, Servers)

• Preparing Threat Modeling for various web applications, Application Security evaluation, Security testing coordination

• Performing Vulnerability Analysis and Penetration Testing by using various security tools

• Mentoring, Educating security awareness to various stake holders, team members

• Implemented Security Governance Practices across the organization

Significant Highlights

• Management of Application Security by using various security frameworks (OWASP, BSIMM, SAMM), PA-DSS, PCI-DSS compliance process and procedures within the Project Team.

• Web Application Assessments, Source Code Reviews, Vulnerability Assessments, Penetration Testing

• Conducting Risk Assessments, Threat Modeling for various web applications

• Reviewing Security Architectures, Policies and Procedures

• Architect and providing Consulting for various security projects - responsible for security technology roadmaps, strategy and ensuring compliance

• Reviewing Security architecture, requirements and policies, procedures

• Educate and create awareness for developers community, project managers, business analysts and testers on the application security and its importance


• Evaluate various security tools and deployed security tools such as Penetration testing, Source code analyzers, Web Scanners and log analyzers

• Conduct investigations and remediation of Information Security Incidents by SIEM tools

• Single Point of Contact for PCI DSS, PA DSS compliance documentations, testing and implementation

• Accomplished PA DSS Gap analysis, End to End documentation

• Preparing Business Scenarios for PA DSS requirements

• Threat monitoring, Threat analysis in PCI DSS environment and incident escalation

• Network security devices configuration (Firewall / IPS), network vulnerability analysis

• Reviewing all threat management systems, log management, log analysis using various tools

• Monitoring Encryption keys are properly implemented in the system


• Involving ISO 9001, ISO 27001 internal audits


Achievements

• Successfully deployed various PCI-DSS, PA-DSS applications and get Certified

• Appointed SPOC (Single Point of Contact) for various IT Security and PCI, PA DSS activities


• Conduct Information security projects & programs for PKI, Penetration Testing, PCI DSS, PA DSS.