I HERE BY DECLARE THAT ALL THE INFORMATION FURNISHED BY ME ABOVE ARE TRUE AND TO THE BEST OF MY KNOWLEDGE
Total years of experience :22 years, 0 Months
Knowledge of DevSecOps
•20 years of contribution in the entire gamut of Cyber Security Operations, Network Security, Risk Management, InfoSec Strategy & Governance, Project/Program Management, Service Delivery, Implementation and Support in eight different global companies
•Extensive experience in Cyber Security Operations and IT Risk Management Practice with Banks in India, Southeast Asia and Middle East. Worked with Central Banks like RBI, IRDA, MAS, QCB etc. to ensure compliance with Technology Risk
•Managed very complex network security projects for Banks, Telcos and other industries
•Spearheaded InfoSec Architecture, Cloud Risk assessment, Security controls for migrating to MS Office 365/Azure cloud
•Technology risk identification, risk assessment, risk mitigation, response and risk reporting. Creating & managing the IT Risk framework for the company, Key Risk Indicators for all the areas of IT risk and Regulatory compliance
•Possess broad competence in strategic management of technical/business matters (especially in the banking and financial sector) with the distinction of launching and driving new Information security initiatives and managing multiple concurrent complex projects, achieving organisational objectives within specified timelines
•Comprehensive expertise in developing and implementing an Enterprise Information Security Program with deftness in Security Strategy, Security Architecture, Technology Risk assessment & mitigation, Data Privacy, Technology Audits, Security Reviews, Incident management, Security Governance and IT Compliance management
•Adept at leading and managing a team for running successful process operations & experience of implementing a robust information security architecture, GRC framework, technology risks, business continuity plans, information security policies and procedures, also worked on GRC tools like Archer & SAS, also did consulting for GRC tools, SOC and other Information Security services
•Spearheaded the implementation, maintenance and renewal of ISO27001:2013 and PCI-DSS projects at major Banks in INDIA, Southeast Asia and Middle East
•Compliance to COBIT, ITIL & NIST frameworks across all the regions of global banks
•Developed Information Security & Business Continuity strategy for large companies including banks
•Designed and implemented Data security program for the bank including data discovery, classification, policy development and applying the policies in the Data Loss Prevention (DLP) solution
•Successful design and implementation of security controls for Online Banking, Mobile Banking apps and 3D secure system
•Designed security architecture and implemented security controls for SWIFT system, ATM & POS environments etc.
•Vulnerability management & Security Testing of IT infrastructure and Banking applications like E Wallet
•Managing Penetration testing and Red & Blue team exercises
•Implementation & Day-to-Day operations of Identity & Privilege Access Management
Career Timeline
BFSI Sector: 13+ years
IT/ITES Sector: 5 Years
Reporting - CRO
Meeting the expectations of the Board & Senior Management by developing Information Security Strategy and managing Cyber Security Operations for the bank. Detecting & responding to new threats, IT Risk Management, Project Management, People/Vendor management, annual IS budget planning & spend, ensuring regulatory requirements are met, managing Internal, External & Regulatory Audits.
My team’s day-to-day activities
•Developed enterprise IT Risk strategy that consists of strategically integrated elements of NIST risk management and Cybersecurity frameworks, SANS Critical Controls, ISO 27001/27002, PCI DSS, GDPR & other Regional standards like NIA, FIFA World Cup Cyber Security Framework 2022
•Design and manage the entire Lifecycle IT Risk management by continuous Risk Assessments, Risk Mitigation, Reporting & managing the residual risk
•Revamping the traditional SOC to Managed Detection & Response Center
•Managing day to day Cyber Security Operations
•Continuous Risk Assessments of all the critical IT Applications and Infrastructure
•Ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization
•IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements
•Ensuring Data Privacy by implementation of National Data Privacy laws, GDPR etc.
•Managing the Information Security Budgeting every year in alignment with the IS Strategy & Bank’s Vision
•Ensuring Bank’s Information Security Compliance across different regions/countries
•Working closely with Regulatory audit bodies like Central Banks & CERT teams
•Collaborate with Regional CISO’s to keep abreast of any changing trends
(One of the market leaders in the telecom software domain in India and having a client list of almost all the major players in Telecom Equipment manufacturing, vast presence in India, Europe & U.S.)
Designation -
- Information Security Specialist for client - GE Money,
Responsible for all the Information Security operations and projects across GE Money India.
providing support for implementing, troubleshooting and supporting high-end Enterprise/Mid-Range/SOHO level Firewall VPN
courses: Certifications •CISSP (Certified Information Systems Security Professional) •CISA (Certified Information Systems Auditor) •CEH (Certified Ethical Hacker) •ISO/IEC 27001:
in