Sanjay Shah, Assistant Manager – Information Security Team

Sanjay Shah

Assistant Manager – Information Security Team

Standard Chartered Bank (Scope International) : July 2004 onwards

Location
India
Education
Diploma, IT Risk Management - CRISC
Experience
32 years, 1 Months

Share My Profile

Block User


Work Experience

Total years of experience :32 years, 1 Months

Assistant Manager – Information Security Team at Standard Chartered Bank (Scope International) : July 2004 onwards
  • India
  • My current job since July 2004

• To comply with security policy & control procedures & ensure that security policy and control procedures are followed by staff under supervision.
• Review security-related access rights practices, directives and guidelines.
• Ensure compliance of suppliers of DP services, to access rights policy and guidelines.
• Define, implement, administer and maintain the security administration to control access to the Bank’s databases and application systems.
• Undertake periodical review and other exercises in relation with application security for compliance to current procedures/processes and implement enhancements to address non-compliance and security requirements.
• Participate and recommend user security administration approach / requirements at the development stages of new application systems to ensure the group policies including IT Policies and Group standards are being complied.
• Ensure all requests and changes are conducted in accordance with agreed service standards \[SLA\], agreed procedure and approved security matrix.
• Ensure privileged passwords/other documents are controlled as per process.
• The administration of user accounts and access rights, across Application within the enterprise
• To administer and institute application systems’ security and controls in ensuring integrity and confidentiality of the Bank databases and transactions processing systems against unauthorized access and deliver a quick and quality service to all end-users.
• Serve as a corporate focal point on matters of Application Security
• Recommend corporate access rights policies, and establish access rights objectives and goals for SCB, in support of overall corporate security policies, objectives and directives

Senior Manager, Internal IT Audit at Riyad Bank
  • Saudi Arabia - Riyadh
  • My current job since June 2009

 Perform risk assessment and prioritize high, medium and low risk areas to form the basis for annual audit plans
 Participate in the development of the annual IT audit plan and the mechanism to track and report progress against the plan on a regular basis.
 Implement the strategic audit plan by leading, performing or supporting, as appropriate, the planning, fieldwork, and reporting of internal audit engagements to deliver agreed assurance objectives to established policies, procedures and IIA standards in the capacity of a team leader.
 Identify areas of improvement and communicate non-compliance to key stakeholders
 Write “Audit Reports” and debrief senior management on key risk issues
 Provide assistance and support to business auditors in the IT aspects of business audit assignments
 Perform special audit assignments or investigations as mandated by regulatory authority
 Team management roles, such as recruitment of junior auditors, conduct regular performance reviews and mentor/coach team members at all stages of an audit.
 Promote and enhance risk culture in the bank by acting as a “Change Leader”
 Establish and develop effective working relationships with various stakeholders.

Principal Consultant with Information Assurance Group (IAG) at Computer Sciences Corporation
  • India - Chennai
  • December 2007 to May 2009

 Performed ISMS Audits based on the Information Security Policy and applicable elements of ISO\IEC 27001.
 Conducted verification of client Contracts/MSAs for all Internal Projects/support groups as part of Verification of Corporate ISMS Policy Compliance.
 Participated in external audits and independent audits by the clients.
 Tracking audit findings; verifying & closing the remediation measures taken.

Lead Consultant at CSC Netherlands
  • Netherlands
  • December 2006 to November 2007

 Performed gap analysis of various legacy applications of the bank with IRM baseline controls and operations security guidelines to ensure compliance.
 Planned, coordinated, conducted, and directed audit engagements that were predominantly IT in nature. Types of audits included Infrastructure audits, ITGC reviews, application control reviews, and network security assessments.
 Prepared and reviewed audit work papers prepared by other internal audit staff.
 Identified the gaps and communicated with senior management and obtained their agreement on the non-compliance and action plan to mitigate the risk along with a due date.
 Prepared audit reports and disseminated the reports at appropriate level.

Team leader Information Security Team at Standard Chartered Bank (Scope International)
  • India
  • April 2003 to June 2004

• To comply with security policy & control procedures & ensure that security policy and control procedures are followed by staff under supervision.
• Responsibilities include implementation and control a centralized IT Security Operations
• Ensuring quality services as per pre define service level agreement and constantly improving service standards
• Managing centralized IT Security operations of over 15000 users spread across many countries like U.S.A., U.K., UAE, SriLanka, India & Africa.
• To manage the team resources to optimize effectiveness and performance levels, recommending training, development, and reward as appropriate.
• Prepare security MIS and ensure the service delivery as per the pre-defined SLA
• Analyze the security problems, Identify the risk involve and mitigate the risk to the acceptable limit

Information Security Officer at Standard Chartered Bank
  • India
  • June 1999 to March 2003

• Responsibilities include implementation and control a centralized IT Security Operations
• Handling day to day security related problems
• Custodian of high privilege ids
• Ensuring quality services as per pre define service level agreement and constantly improving service standards.
• Ensure the compliance of security policies, procedures and standards define by the group and identify control weaknesses and minimize risk.
• Hold thorough knowledge of Operating System and Application exploits and vulnerabilities
• Research damage control measures to minimize downtime after security violations within the network

Officer Cash Management Operations at Standard Chartered Bank
  • India
  • July 1997 to May 1999

• Was responsible for all supervisory functions supporting all the critical business processes in the operations department & front office desk.
• Handled all front office functions like Customer Services, liaise with couriers & other correspondence banks & outsource vendors etc.
• Responsible for day to day centralized operations controls and process & liaise with the other branches of the banks, cheques collections Processing.
• Participated in Users Acceptance Test & Operators Acceptance Test in relations to Application Software Cashin Used by Cash Management Services.
• Monitoring of day to day data center operations like start of day / end of day operations and taking data backup and liaising with software and hardware vendors for fixing problem fixing and to ensure maximum system availability.

Officer Message Center at Standard Chartered Bank
  • India
  • July 1996 to June 1997

• To supervise the operation of the message system and to ensure the expeditious handling of message traffic by the staff.
• To comply with all administrative & control procedures & ensure that administrative and control procedures are followed by staff under supervision.
• To manage the connectivity between the Bank and SWIFT
• To make recommendations for improvement of auto-routing, utilization of SWIFT, reduction in telex usage, and other work practices.
• To authorize and verify for release messages created or amended in Message center.
• To ensure business continuity plan (BCP), disaster recovery plan & SWIFT lines connectivity fallback plans are up to date and tested regularly.

IT Officer at Standard Chartered Bank
  • India
  • April 1992 to June 1996

• Primarily responsible for System Administration / Maintenance of PC-LAN and standalone system & Data Center Operations.
• Responsible for Processing of Data on daily, weekly & monthly basis, Start of day / End of day procedures, and Data/System Backup functions,
• Performed a comprehensive systems and EDP supervisory role. Co-ordinate with 100-150 branch level users and liased with software and hardware vendors to provide day to day system support for the branch.

Education

Diploma, IT Risk Management - CRISC
  • at Information Systems Audit and Control Association
  • June 2012

 Certified in Risk and Information Systems Control (CRISC) (June, 2012).

Diploma, Information Security Management
  • at Information System Audit and Control Association
  • December 2005

Certified Information Security Manager

Diploma, Project Management
  • at Project Management Institute
  • September 2005

Project Management

Diploma, Information Security
  • at BSI
  • January 2005

BS7799 implementation

Diploma, IT Infrasturcture
  • at ITIL
  • October 2004

ITIL Foundation

Diploma, Information Security ,Auditing , Risk and Controls
  • at Information System Audit and Control Association
  • June 2004

Certified Information System Auditor

Diploma, Practice and law of Banking , Foreign Exchange , Management Accountancy
  • at Indian Institute of Bankers
  • November 1987

Certified Associates of Indian Institures of Bankers

Bachelor's degree, Accountancy , Auditing , Taxation
  • at Bombay University
  • November 1983

Bachelor of Commerce

Specialties & Skills

IT Audit
Information Security Management
Internal Audit
IT Security
IT Governance
Information Security
Technology Risk Management
Internal Audit
Compliance
Auditing Change Programs

Languages

English
Expert
Hindi
Expert
Gujarati
Expert
Arabic
Beginner

Training and Certifications

ISO27001 Lead Auditor (Certificate)
Date Attended:
November 2011
Valid Until:
November 2011

Hobbies

  • Reading and Playing Tennis