Senior Specialist
HCL
Total years of experience :5 years, 7 Months
Designing of unified compliance framework for the organization to provide a standard centralized repository which can be used to measure the compliance status of the organization.
Developing audit checklist for internal assessments based on PCI DSS and ISO 27001:2013.
ISMS assessment based on Organizational Information Security Policies, procedure and ISO 27001:2005 standard requirements and preparation of audit reports with risk treatment plan.
Provide trainings to the end user over information security best practices.
Conducting internal client audits and domain audits. Coordinating with the management to suggest best practices to close the gaps identified the gaps during the audit.
Review of internal controls across various processes such as user access control, Backup and restoration, Incident Management etc. and identification of closing of gaps.
Highlighting and reporting the key performance indicators to the management.
Vendor Assessment: The project involved the vendor assessment for one of the client; outsourced the various processes to different vendors. Vendors were assessed on their support functions and related process areas in scope.
Designing of unified compliance framework for the organization to provide a standard centralized repository which can be used to measure the compliance status of the organization.
Developing audit checklist for internal assessments based on PCI DSS and ISO 27001:2013.
ISMS assessment based on Organizational Information Security Policies, procedure and ISO 27001:2005 standard requirements and preparation of audit reports with risk treatment plan.
Provide trainings to the end user over information security best practices.
Designing and implementation of unified compliance framework for the customer.
Conducted domain audits for Antivirus, incident management, access management etc.
PCI DSS: Internal assessment of the PCI controls for a BPO client for their various customers and preparation of Self-Assessment Questionnaire (SAQ -D), providing recommendation and control implementation as per the PCI requirement. Facilitating (around 20 external PCI DSS audits) for various customers across globe.
Reporting the status updates during the projects for monitoring the overall execution. Coordinating the various stakeholders and holding meetings to oversee the overall project execution status. Conducting negotiations/discussions with the external auditors for successfully closing the audits
Responsible for doing external audits, internal audits based on ISO 27001. Involve in implementing ISO 27001 in various organization such as banks, finance organization and auto mobile industries.
ISMS assessment based on Organizational Information Security Policies, procedure and ISO 27001:2005 standard requirements and preparation of audit reports with risk treatment plan.
I have done Cyber Law and Information Technology from IIIT Allahabad.
I have done btech from Computer Science.