Information Security Advisor
IBM-India
Total years of experience :16 years, 0 Months
• Reporting to IT Head, in charge for Information Security Management System (ISMS) compliance and Audit activities.
• Lead the ISMS team and ensured the implementation of security controls in main and all representative office
in the middle east.
• Spearheaded the ISO 27001 implementation of information security policies and managed the sustenance of ISO 27001 certification
• Developed and maintained IT Security policies, procedures guidelines in line with management directives and international standards .
• Conducted Risk Assessment for all the IT assets and process in the organization with appropriate method.
• Prepare Risk treatment plan after the evaluation of the risk and mitigate the risk by ensuring appropriate controls are in place to mitigate risk.
• Ensured IT policies are in Compliance with Regulatory acts, ISO 27001, SOX and Headquarters ISMS guidelines
• Maintain and review the IT asset register Vendor list, SLA, contracts to see that the risks are properly addressed with respect to Security.
• As ISO Management representative (MR), conducted information security management review meetings.
• Updated Management and steering committee with Information Security related activities, Security Incidents, Awareness training requirements,
• Liase and interact with other department heads related to Information Security
• Involved in development, implementation and maintenance of Disaster Recovery (DR) procedures and infrastructure in relation to the Business IT Continuity Plan (BCP).
• Investigate all IT security incidents, find the root cause, analyze the severity of the incident and recommend corrective and preventive action to ensure the closure of the IT security incidents in time.
• Recommend and follow up on the actions for the risks identified
• Audited ISMS controls and coordinated with internal and external auditors, IT and business staff.
• Conducted Security Awareness training to all the staff.
• Developed Security Metrics and periodically analyzed the effectiveness of the controls. Report to IT head based on the analysis.
• Review the effectiveness of the processes like Logical Access management (ID and Access Management), Change management, Incident Management, program migration
• Plan and conduct risk based IT security related audits such as, SOX, ISO 27001, SAP and other significant applications to ensure information systems security. Being part of Internal Audit team, responsible for assessing risk, evaluate the controls implemented to ensure appropriate controls are in place to mitigate risk.
• Monitor performance to detect anomalous activity.
• Execute and review Intrusion preventive all the IPS devices through Security Management System Monitor.
• Perform IPS health checks and System logs.
• Check the Digital vaccines and patches and filters applied.
• Accomplished the development of IT security standards, best practices, for all IT functional area in the organization.
• Analyze web(cyber security )security reports and logs to be confident that organization network is protected from external threats.
• Implementation of encryption techniques like Email encryption, file encryption PKI and digital certificates
• Review performance reports of firewall, antivirus,
• Review Vulnerability assessment and penetratio testing reports and follow up on the corrective action before deadline.
• Identified Automation of many SAP reports which serve as the evidences for SOX Audits.
• Report audit findings and make appropriate recommendations. Conduct follow up audits to confirm corrective actions are and preventive actions taken within specific time to mitigate the risk.
.
• Involve in the design stage of new application and projects to ensure that information security controls are in place from the initiation. Involve in the application testing to ensure the controls are implemented
Best employee of the year 2009 : Finding the areas of automation of many audit reports and reducing the 8 man days to 1 day required to generate such reports Best employee of the year 2010 : For continuous improvements and maintaining zero deficiencies in the SOX audits for all three years.