Arun Raj

Global CISO at Workplace Options
Manage Information Security and Privacy Compliance including Risk Management, Third Party Vendor / Processor Assessments, Remediation, Incident Management and Audits
Foster the culture of privacy by design and default in association with IT and ensure best practices are implemented in DevSecOps Lifecycle and Infrastructure.
Point of contact for the information Security and privacy matters within the organization and with clients.
Define and monitor KPI and KRI and provide reporting.
Responsible for Information Security and Regulatory Compliance including GDPR, HIPAA and other regulations.
Manage escalations and analyze breaches.
Co-ordination with Data Protection Authorities
Works closely with Legal Counsel in matters related to Privacy Laws Compliance and legal proceedings.
Responsible for monitoring compliance of client contracts (Data Processing and Data Sharing) and ensuring appropriate compliance to vendor contracts.
Foster security and privacy awareness, consulting in development of trainings and communication materials for different stakeholders

Key Result Areas:
Spearheading a team of Information Security Consultants
Expert in information security policies & information security guidelines & other industry best practices
Evaluating internal control systems / procedures, preparing reports with a view to highlight the shortcomings and implementing / suggesting necessary recommendations
Guiding IT Security and Threat Management Teams and ensuring adherence to quality practices; implementing IS policies and procedures as per industry best practices and guidelines
Consulting with the business on new initiatives and providing information security guidance projects
Reviewing assessment activities including code reviews, site reviews, penetration tests and other internal risk assessments
Appraising technology releases impacting assets against risk assessments and identifying potential risk posture changes
Managing end-to-end secure application development and process migration projects from conceptualization to technology mapping and final execution of projects with excellent knowledge in secure SDLC and SecDevOps
Designing and executing test plans, test cases and test scripts/ procedures, GAP analysis to ensure that business requirements and functional specifications are tested and fulfilled

Key Result Areas:
Supervised Information Security of e-tendering platform of Govt. of Kerala and a part of CERT - K
Executed general controls oversight, reviewed compliance with internal audit controls and professional standards
Liaised between In-House Managers/ IT Department and external Operational Auditors, performed risk assessment
Administered day-to-day operational risk management activities such as risk and controls assessments, incident capture and analysis, and scenario analysis and planning
Managed Mobile Governance, State Service Delivery Gateway & Innovation Warehouse projects for Government of Kerala.
Managed and Participated in review and implementation of complex high value government projects
Conducted general controls oversight, reviewed compliances with internal audit controls and professional standards

Highlights:
Provided standing and recurring Operational Risk deliverables such as business unit operational risk profiles, operational risk incident summaries and results of scenario analysis to business partners
Led a team of 7 people that included System Support and Application Developers

Key Result Areas:
* Managed information risk assessment and compliance testing for overseas clients
* Monitored vulnerability assessment, network scanning and penetration testing - Backtrack and Acunetix Web Scanner
* Performed computer forensic analysis and proficient in tools such as EnCase Forensic, AccessData FTK, SANS Forensic
Investigation Toolkit (SIFT)
* Conducted internal network testing and exploit analysis, network, host and application security analysis
* Acted as a consultant for ISO 27001 Audit and Implementation

Highlights:
Managed various IT Infrastructure/ Networking and Security Projects for public and private sector organizations; provided consultancy in information security domain
Installed and maintained security infrastructure, including IPS, IDS, log management and security assessment systems
Designed and implemented Passive Networking Projects
Contributed in designing, installing and maintaining Standalone and Blade Servers, SAN & NAS Storage Systems, Network Access Control Physical & Wireless Networks