Syed Khaleel -, Senior Manager, Technology Risk Management – Cyber Security

Syed Khaleel -

Senior Manager, Technology Risk Management – Cyber Security

Cognizant Technology Solutions

البلد
الهند - تشيناي
التعليم
بكالوريوس, B.E (Honours) Telecommunications and Networking
الخبرات
21 years, 4 أشهر

مشاركة سيرتي الذاتية

حظر المستخدم


الخبرة العملية

مجموع سنوات الخبرة :21 years, 4 أشهر

Senior Manager, Technology Risk Management – Cyber Security في Cognizant Technology Solutions
  • الهند - تشيناي
  • أشغل هذه الوظيفة منذ يوليو 2014

• Established IT Risk Management framework for business transformation and security programs, performed IT risk assessments and remediation support for business/corporate applications (on premise/on-cloud), third party technology integration, cyber security architectures, mobility & virtualization deployments, security investigations and during operational system changes.
• Risk advisory delivered to business and technology stakeholders for mitigation planning and remediation support to address identified information & technology risks, and performed reassessment to validate the control assurance post implementation.
• Cloud based SaaS platform review covered multi-tenant application architecture, data segmentation/security, external service interfaces & data flow, SAML/SSO integration with tokenization, process automation controls and technical assessments.
• Cyber security architecture assessments covered ERP/CRM integration with partner systems, IDAM & PKI infrastructures, SMAC platforms, secured computing and DMZ architectures including perimeter security controls.
• Managed secure SDLC consulting for threat modelling, RBAC design, API security, code analysis and penetration testing for both in-house and/or acquired applications. Risk reviews performed during new product evaluation and changes to operations.
• Security advisory delivered on corporate security program, policy improvement, business process re-engineering, and technology transformation programs that include external hosting and storage of corporate application data.

Manager, Information Security Consulting Services في Happiest Minds Technologies
  • الهند - بنغالورو
  • نوفمبر 2013 إلى يوليو 2014

• Managed consulting engagements for information security risk assessments and penetration testing of web application desktop applications, mobile native applications, SAP applications, source code audits, database security, external and internal network infrastructures, including device configuration security reviews to global clients across several industry verticals.
• Penetration testing covered black-box and grey-box approach with a combination of automated tools and manual techniques to eliminate the false positives and determine the exploitable vulnerabilities in applications and infrastructures, and formally report the identified security risks to the senior stakeholders in client organizations.
• Delivered IT risk advisory service to mitigate information disclosure risk in security architectures and data flow paths. Assisted client’s in determining the compliance level with applicable regulations and standard such as PCI DSS and ISO 27001.
• Consulting provided on formal governance of risk treatment plans at divisional risk board meetings and IS steering committee meetings. Delivered information security awareness sessions covering both the technology risk and process security.

IT Risk Management Analyst في Royal Bank of Scotland
  • الهند - تشيناي
  • سبتمبر 2010 إلى سبتمبر 2013

• Led information security risk assessments with penetration testing to manage the data security and technology risks in Banking platforms and operational processes for compliance with Group’s ISMS policy and regulatory requirements.
• Risk reporting on assessment findings identified during new technology adoption, changes to business systems or operations, security investigations & forensics and regulatory updates by collaborating with business and system owners.
• Led penetration testing and security audits for banking applications, databases, systems and perimeter networks covering SWIFT Payment & Settlement service, Telephone & E-Banking services, Oracle ERP platform, AML system and TeamMate AMS.
• IT Security consulting delivered on cyber security initiatives, supplier risk, improvement of ISMS policy & standards and security improvement program that cover control risks in PKI deployments, IAM & privileged access, SIEM solution, cloud security, mobile security, physical security and perimeter protection infrastructures for Data Leakage (DLP), Malwares & DDoS.
• Management consulting to senior stakeholders on risk remediation planning, and assisted in registering risks with GRC tool for formal governance of action plans and policy exceptions at divisional risk board meetings and IS steering committee meetings.
• Compliance assessments conducted annually on PCI Card Data Environment, SOX security process, ISO 27001 controls and Security Code of Conduct for UK Payment & Settlement services that were jointly reported with Internal or External Auditors.
• Information risk advisory delivered on business acquisitions & divestments programmes, banking application & technology migrations and supplier engagements to mitigate the risk of information exposure in data flow path and security architectures.
• Delivered corporate level trainings on information security policy awareness and risk awareness sessions to all staff.
Recognition: Rated as Top Performer of the year 2013 at RBS Group, Risk & Security Division.

Asst Business Development Manager, Security Practice في Aricent
  • الهند - تشيناي
  • مايو 2007 إلى مايو 2010

• Management consultant for network security equipment vendors in North America and Western Europe. Responsible for security consulting & business development with a revenue target from security software engineering services.
• Managed the Technical Service Accounts with P&L responsibility, handled presales & RFI/RFP responses for account growth and ensured project delivery to Security UTM & Lawful Intercept product vendors as per services agreement & NDA.
• Responsible for project management of In-house security R&D projects with approved Business Cases to develop service enablers such as Linux based multi‐core UTM framework and DPI based L4-L7 Signature-Library to drive new business.
• Consultation on Security Product configuration/compliance assessments and, black-box assessments with hacking toolkit.
• Performed market research on security technology trends and, presented at global events like New York Interop’2008 & Paris BBWF’2009 for prospective CXO’s and VP/PLM’s. Developed Business Plan to meet the forecasted security services revenue.
• Assisted internal ISMS program activities including critical asset profiling, technical risk reviews and control self-assessments including vulnerability assessments for Information Risk Management, representing the services business unit.
• Performed Business Continuity risk assessments for operationally critical services to develop IT continuity plan for key resources based on the budgeted revenues from multi‐year services contracts.
• Delivered trainings on information security awareness, customer Intellectual Property protection requirements.

Product Management Lead, Cisco Enterprise Security Routing في HCL Technologies – Cisco Systems, Strategic Alliance
  • الهند - تشيناي
  • ديسمبر 2004 إلى مايو 2007

• Augmented Cisco’s Access Routing and Security Technology group’s product teams, supported multi-service product lines.
• Assisted Product Managers on Cisco's secure enterprise router (ISR) product line in defining the product roadmap based on business justification. Prepared Product Requirements (PRDs) based on Business Case, Market Research and Field Inputs.
• Worked closely on the worldwide ISP lab certification process for Common Criteria EAL 2-4 and FIPS 140-2 certified Secured Router products. Performed validation of IPSec VPN/DMVPN/EasyVPN with PKI deployments, zone-based firewall, Inline IPS, SSL offloading functionality along with performance & scalability measurements for customers in BFSI and IT/ITES sectors.
• Handled technical RFP/RFI responses and, actively probed account teams & customers for technical needs on sales cycle.
• Product presentation during Cisco Roadshows on product updates/launch and visits to large-enterprises & service providers. Created product collateral such as Application Notes, Configuration Guides, Solution guide, FAQs & technical presentations.
• Collaboratively worked with Cisco’s Engineering teams during software/feature SDLC for Security Enterprise Router to track and ensure the compliance with System Functional Spec (SFS) and, supported various customers’ Early Field Trials (EFT).
• Products and solutions support to account/sales teams in APAC region, with network security solution testing for DMVPN with MPLS-L3VPN, VRF-aware Firewall, Network Access Control (NAC) functionality with Trend Micro server database and prepared competitive reports against Juniper, Fortigate, Checkpoint, Sonicwall and Watchguard along with demos.

Network Support Specialist - Alcatel Internetworking في Cybernet SlashSupport - Alcatel, Strategic Alliance
  • الهند - تشيناي
  • يونيو 2003 إلى ديسمبر 2004

Network Support Specialist - for Alcatel Internetworking, Inc (from 9th Feb, 2004)
• Associated with Alcatel’s Technical Support Division, supported Enterprises, Universities, Hospitals and ISPs in North America.
• Consulted on advanced LAN and WAN designs, supported converged enterprise networks with security wireless deployments.
• Advanced configuration for unicast/multicast routing, multi-layered Switching, Stateful Network firewall, IPsec VPN site-to-site deployments (with Timestep VPN, Fortigate products) with tunnel mode over IP and IPoATM.
• Deployed Large-Enterprise WLAN Solution (Airespace) L2/L3 roaming with WEP/WPA2 and EAP-802.1x for secured access.
• Collaborated with Alcatel Engineering to report/track bugs. Created applications notes and technical documents.

Application Engineer - SMC Networks (till Sept, 2003)
• Designed and implemented several small or remote office networks with VPN, Firewall and basic security features.

Network Engineer في Bluechip PC Systems
  • الهند
  • أكتوبر 2002 إلى مايو 2003

• Configuration support to Microsoft & Redhat servers based deployments for medium enterprise and remote office networks. Prepared network presentations for IT Manager and teams.

الخلفية التعليمية

بكالوريوس, B.E (Honours) Telecommunications and Networking
  • في London South Bank University
  • يونيو 2002

Specialties & Skills

Information Security Management
Security
Risk Advisory
Information Security Consulting & Management
IT Risk Assessments & Management
Regulatory & Policy Compliance
IT Security Consulting & Risk Advisory
IT Auditing

اللغات

الانجليزية
متمرّس
الهندية
متمرّس
التاميلية
متوسط
العربية
مبتدئ

العضويات

ISACA
  • Professional Member
  • August 2010
ISC2
  • Professional Member
  • January 2010
DSCI (Data Security Council of India)
  • Professional Member
  • September 2010
Information Security Forum
  • Corporate Membership
  • October 2011