Information Security Manager
TCS
Total years of experience :20 years, 10 Months
Designing and managing implementation of Information Security Policy and Procedures.
Conducting internal security audits.
Maintaining Vendor/supplier security governance and audits.
Doing Information Security Incident Management.
Doing entitlement and role based access management.
Designing secured BPO ODC Models.
Answering the RFP Questionnaire and Security Questionnaire for the new proposals.
Maintaining Information Security Compliance tagged with ISO 27001, PCI DSS as applicable within TCS BPS landscape at my region.
Reviewing account level vulnerability assessment as well as penetration testing reports encompassing IT infrastructure as well as applications.
Has got the privilege to work with clients from multiple domains be it Government, Telecom, BFSI, Aviation etc.
Driving Information Security Awareness across the organization level.
Worked as a project lead for a government client (ISO 27001:2013 implementation) in Bangladesh as well as for an ITGC audit project within a leading aviation industry in India.
Done consultancy and business developments for various areas of Cyber Security practice.
Bringing thought leadership within the team to yield better “ Turn Around Time” and “ value-add Services”
Performed business process review to identify gaps and suggesting mitigation strategies to fill in those gaps for the different clients.
Building MSS (Managed Security Services) framework in terms of the security services being delivered to the clients.
Has got the privilege to work with clients from multiple domains be it Government, Telecom, BFSI, Aviation etc.
Information Security Risk Assessment and Treatment plan for various Line of Business
Provision of Information Security Risk and Compliance Management
Doing Information Security Audits
Doing external Information Security Audit readiness activities
Maintaining Stakeholder relationship Management
Doing Information Security Consultancy for various Line of Business and external clients
Conducting and framing Information Security Awareness program for Regular employees/Contractors and Third Parties
Leading information Security projects pertaining to implementation of ISO 27001:2013 for various Line of Business PAN India or across different geographical locations
Answering the RFP Questionnaire and Security Questionnaire for the new proposals
Reviewing MSA/SOW of the contracts for IT Security requirements and coordinating with IT teams for the required Security Infrastructure as per the statements
Bringing thought leadership within the team to yield better “ Turn Around Time” and “ value-add Services”
Mentoring the junior resources within the team and allocating tasks to them based upon the three business alignment criteria namely Assurance, Business as usual and commercialization
Maintaining compliance as well as implementation of PCI DSS for some particular LoBs.
Driving Information Security Awareness across the organization level.
Providing end-to-end security solutions to corporate clients based on the client’s security requirements
Answering the RFP Questionnaire and Security Questionnaire for the new proposals
Reviewing MSA/SOW of the contracts for IT Security requirements and coordinating with IT teams for the required Security Infrastructure as per the statements
Participating in Product Evaluation and POC and suggesting Management for the product based on ROI/TCO
Handling internal/External/Customer Audits from IT Security perspective to meet the compliance requirements
Maintaining compliance with ISO27001, PCI DSS standards and coordinating the External Audits for the same
Coordinating for closure of incidents/Gaps/NC reported by the customer/External audits
Preparing for client audits by collecting evidences and reports and providing presentations during audits
Identifying threats and vulnerabilities in the existing heterogeneous environment
Risk assessment for new Engagements/New Sites
Interviewing and surveying relevant stakeholders and business functions to identify the risks and single point of failures
Working for timely closure of Vulnerability Assessment findings along with VA stakeholders by working with application owners
Coordinating Vulnerability Assessment, Network Scanning, Internal Auditing, Compliancy check, Gap analysis and planning for Security architecture
Providing Information Security Advisory services
Assessing IT related changes and Approving/Disapproving it
Providing IT Security reports on the current compliance levels
Ensuring compliance to Information Security Policy
Evaluating and implementing security controls
Recommending changes for improvement adhering to the guidelines
Ensuring perimeter security by safeguarding the information resources of enterprise to maintain integrity, confidentiality and availability of data and technology
Periodic analysis of Security logs and action on security issues
Liaising with other Infrastructure Teams for timely closure of Incidents /Problems and Changes
Leading, mentoring & monitoring the performance of the team to ensure efficiency in process operations & meeting of individual & group targets
Served as a “IT Security Lead/ Officer” for Asia Pacific region
Capably reviewed the IT Security Waivers (Business Cases) in order to evaluate the risk of Organization Assets/ Information and approve/reject accordingly
Conducted periodic reviews of company policies and procedures governing corporate security, emails, internet usage, and access control and incident response
Accountable for training end users and vendors on “IT Security Awareness Program” within my geography
Responsible for monitoring internet usage as well as performed IT Security Investigation, IT Security Event Management and Compliance
Managed the enterprise external DNS administration at global scale
Served as point-of-contact for information security implementation and non-compliances to ensure that an effective process for implementing and maintaining the security controls is in place within the assigned region
Instrumental in developing and implementing business continuity and Disaster Recovery (BCP &DRP) for corporate sites within Asia Pacific region
Participated in Architecture Review Board meetings from IT Security for evaluating Security Risk for new Application/ Infrastructure and providing consultation for appropriate security control
Served in “Internal Audit Team” for conducting first party “Information Security Audit” within Asia Pacific Region as per selected Controls and Statement of Applicability (SoA) in accordance with ISO27001: 2005
Oversaw the operations of enterprise's security solutions through management of organization’s security analysts within Asia Pacific Region. The tools used for Vulnerability assessments were Qualysguard, Shavlik, Nessus, Appdetective, Nexpose
Conducted vulnerability assessment of servers (Windows and UNIX based) hosted at client data center and their disaster recovery sites using various tools like Qualys, Shavlik, App-detective and Nessus
Managed various Information Securities, IT Security, Network Security and IT Infrastructure related projects for various clients
Capably led offshore team of “Threat and Vulnerability Management of PwC India” to ensure project deliverables are met for client (PwC US)
Gained experience in building operations and service delivery team as well as proven technical ability and hands on experience in building IT Infrastructure, IT Security Infrastructure and Monitoring Infrastructure
Looked after the Data Network Management of Pricewaterhouse Coopers multi-locational US offices comprising of Cisco and Nortel Routers, Switches, Firewall (Cisco Pix & Cisco ASA), Cisco Wireless AP/ WLAN
Administered the troubleshooting routing (OSPF & EIGRP) and switching issues for PwCUS offices’ data network topology Capacity analysis of WAN links of PwC US
Supervised vendor management as and when required for WAN links (with Sprint, AT&T) and for Cisco Network equipments (with Cisco) of PwC US
Analyzed syslog messages of all network equipments hosted at client site using Cisco works and conducted the root cause analysis of any problem associated
Conducted “BCP” and “DRP” and “Information Security and Network Security Audit” projects of various other clients
• Designed and implemented the IT disaster recovery data center for the Sahara India in Kolkata with its primary data center in Lucknow.
• My Job included Network management, Network security management, Vendor management, Strategy planning for optimum output from this disaster recovery site, making administrative policies in co-ordination with senior management for the smooth functioning of the disaster recovery site.
• Conducting Information Security audit in the whole eastern region in co-ordination with the central IT team of the Head office.
• Implemented the Information Security Management System within Sahara in accordance with ISO27001 standards and framework. Worked as Team Member for this project which was spearheaded by Information Security Manager of Sahara India.
System and Network administrator, February, 2006 - December, 2006
Designed, Implemented and maintained Networks and Systems (enterprise level) based on the following products:
• Cisco 2600 router, Cisco Pix 515E firewall, Nortel 8600 passport, Cisco 3606 and 4503 switches.
• Lotus domino server and lotus notes client 6.5
Ramco Systems Limited -Kolkata, India
Network Engineer, October, 2005 -January, 2006
Designed, Implemented and maintained Networks for various clients based on the following products:
* Cisco Routers, Cisco Switches.
* Nortel ASN and ARN Routers.
Airtel Enterprise Services- Kolkata, India
Project Engineer, January, 2003 - September, 2005
I was responsible for implementation of Point to point leased line, frame relay circuits, ISDN, VSATs for various clients. Configurational management of routers switches and firewall of various clients was also part of my scope of work. Worked with many prestigious clients like PwC, Wipro, TCS, CTS, Exide, ITC, Haldia petrochemical, Eveready, L&T etc.
Location Preference
Anywhere in India & Abroad
Other Key Information
Passport: I hold a valid passport. Valid till August 2024
B.E (Electrical and Electronics Engineering) - REC Silchar (Year 2002) with 71% marks Professional Training Attended • Quality management and Six Sigma processes Courtesy: Bharti Telecom • Project Management Courtesy: Ramco Systems LTD. • Information security Audit Courtesy: Sahara India. • External Penetration testing Courtesy: Pricewaterhouse Coopers Pvt. Ltd. • Disaster Recovery Planning Courtesy: Pricewaterhouse Coopers Pvt. Ltd • Cisco works Courtesy: Pricewaterhouse Coopers Pvt. Ltd • Certified Ethical Hacker Additional Hacking Tools Courtesy: Lexmark with Brainbench exam. • CISSP Second Edition (Comprehensive) Courtesy: Lexmark with Brainbench exam