Senior Manager, Technology Risk Management – Cyber Security
Cognizant Technology Solutions
مجموع سنوات الخبرة :21 years, 4 أشهر
• Established IT Risk Management framework for business transformation and security programs, performed IT risk assessments and remediation support for business/corporate applications (on premise/on-cloud), third party technology integration, cyber security architectures, mobility & virtualization deployments, security investigations and during operational system changes.
• Risk advisory delivered to business and technology stakeholders for mitigation planning and remediation support to address identified information & technology risks, and performed reassessment to validate the control assurance post implementation.
• Cloud based SaaS platform review covered multi-tenant application architecture, data segmentation/security, external service interfaces & data flow, SAML/SSO integration with tokenization, process automation controls and technical assessments.
• Cyber security architecture assessments covered ERP/CRM integration with partner systems, IDAM & PKI infrastructures, SMAC platforms, secured computing and DMZ architectures including perimeter security controls.
• Managed secure SDLC consulting for threat modelling, RBAC design, API security, code analysis and penetration testing for both in-house and/or acquired applications. Risk reviews performed during new product evaluation and changes to operations.
• Security advisory delivered on corporate security program, policy improvement, business process re-engineering, and technology transformation programs that include external hosting and storage of corporate application data.
• Managed consulting engagements for information security risk assessments and penetration testing of web application desktop applications, mobile native applications, SAP applications, source code audits, database security, external and internal network infrastructures, including device configuration security reviews to global clients across several industry verticals.
• Penetration testing covered black-box and grey-box approach with a combination of automated tools and manual techniques to eliminate the false positives and determine the exploitable vulnerabilities in applications and infrastructures, and formally report the identified security risks to the senior stakeholders in client organizations.
• Delivered IT risk advisory service to mitigate information disclosure risk in security architectures and data flow paths. Assisted client’s in determining the compliance level with applicable regulations and standard such as PCI DSS and ISO 27001.
• Consulting provided on formal governance of risk treatment plans at divisional risk board meetings and IS steering committee meetings. Delivered information security awareness sessions covering both the technology risk and process security.
• Led information security risk assessments with penetration testing to manage the data security and technology risks in Banking platforms and operational processes for compliance with Group’s ISMS policy and regulatory requirements.
• Risk reporting on assessment findings identified during new technology adoption, changes to business systems or operations, security investigations & forensics and regulatory updates by collaborating with business and system owners.
• Led penetration testing and security audits for banking applications, databases, systems and perimeter networks covering SWIFT Payment & Settlement service, Telephone & E-Banking services, Oracle ERP platform, AML system and TeamMate AMS.
• IT Security consulting delivered on cyber security initiatives, supplier risk, improvement of ISMS policy & standards and security improvement program that cover control risks in PKI deployments, IAM & privileged access, SIEM solution, cloud security, mobile security, physical security and perimeter protection infrastructures for Data Leakage (DLP), Malwares & DDoS.
• Management consulting to senior stakeholders on risk remediation planning, and assisted in registering risks with GRC tool for formal governance of action plans and policy exceptions at divisional risk board meetings and IS steering committee meetings.
• Compliance assessments conducted annually on PCI Card Data Environment, SOX security process, ISO 27001 controls and Security Code of Conduct for UK Payment & Settlement services that were jointly reported with Internal or External Auditors.
• Information risk advisory delivered on business acquisitions & divestments programmes, banking application & technology migrations and supplier engagements to mitigate the risk of information exposure in data flow path and security architectures.
• Delivered corporate level trainings on information security policy awareness and risk awareness sessions to all staff.
Recognition: Rated as Top Performer of the year 2013 at RBS Group, Risk & Security Division.
• Management consultant for network security equipment vendors in North America and Western Europe. Responsible for security consulting & business development with a revenue target from security software engineering services.
• Managed the Technical Service Accounts with P&L responsibility, handled presales & RFI/RFP responses for account growth and ensured project delivery to Security UTM & Lawful Intercept product vendors as per services agreement & NDA.
• Responsible for project management of In-house security R&D projects with approved Business Cases to develop service enablers such as Linux based multi‐core UTM framework and DPI based L4-L7 Signature-Library to drive new business.
• Consultation on Security Product configuration/compliance assessments and, black-box assessments with hacking toolkit.
• Performed market research on security technology trends and, presented at global events like New York Interop’2008 & Paris BBWF’2009 for prospective CXO’s and VP/PLM’s. Developed Business Plan to meet the forecasted security services revenue.
• Assisted internal ISMS program activities including critical asset profiling, technical risk reviews and control self-assessments including vulnerability assessments for Information Risk Management, representing the services business unit.
• Performed Business Continuity risk assessments for operationally critical services to develop IT continuity plan for key resources based on the budgeted revenues from multi‐year services contracts.
• Delivered trainings on information security awareness, customer Intellectual Property protection requirements.
• Augmented Cisco’s Access Routing and Security Technology group’s product teams, supported multi-service product lines.
• Assisted Product Managers on Cisco's secure enterprise router (ISR) product line in defining the product roadmap based on business justification. Prepared Product Requirements (PRDs) based on Business Case, Market Research and Field Inputs.
• Worked closely on the worldwide ISP lab certification process for Common Criteria EAL 2-4 and FIPS 140-2 certified Secured Router products. Performed validation of IPSec VPN/DMVPN/EasyVPN with PKI deployments, zone-based firewall, Inline IPS, SSL offloading functionality along with performance & scalability measurements for customers in BFSI and IT/ITES sectors.
• Handled technical RFP/RFI responses and, actively probed account teams & customers for technical needs on sales cycle.
• Product presentation during Cisco Roadshows on product updates/launch and visits to large-enterprises & service providers. Created product collateral such as Application Notes, Configuration Guides, Solution guide, FAQs & technical presentations.
• Collaboratively worked with Cisco’s Engineering teams during software/feature SDLC for Security Enterprise Router to track and ensure the compliance with System Functional Spec (SFS) and, supported various customers’ Early Field Trials (EFT).
• Products and solutions support to account/sales teams in APAC region, with network security solution testing for DMVPN with MPLS-L3VPN, VRF-aware Firewall, Network Access Control (NAC) functionality with Trend Micro server database and prepared competitive reports against Juniper, Fortigate, Checkpoint, Sonicwall and Watchguard along with demos.
Network Support Specialist - for Alcatel Internetworking, Inc (from 9th Feb, 2004)
• Associated with Alcatel’s Technical Support Division, supported Enterprises, Universities, Hospitals and ISPs in North America.
• Consulted on advanced LAN and WAN designs, supported converged enterprise networks with security wireless deployments.
• Advanced configuration for unicast/multicast routing, multi-layered Switching, Stateful Network firewall, IPsec VPN site-to-site deployments (with Timestep VPN, Fortigate products) with tunnel mode over IP and IPoATM.
• Deployed Large-Enterprise WLAN Solution (Airespace) L2/L3 roaming with WEP/WPA2 and EAP-802.1x for secured access.
• Collaborated with Alcatel Engineering to report/track bugs. Created applications notes and technical documents.
Application Engineer - SMC Networks (till Sept, 2003)
• Designed and implemented several small or remote office networks with VPN, Firewall and basic security features.
• Configuration support to Microsoft & Redhat servers based deployments for medium enterprise and remote office networks. Prepared network presentations for IT Manager and teams.