Jul 2020 – Jun 2022 · 1 yr 11 mos · Mumbai Suburban, Maharashtra, India

• Improving Information Security across 4 locations (Mumbai, Bangalore, Chennai, Gurugram).
• Information Security Policy and Procedures Reviews and Improvements
• ISO27001 Recertification
• Meet customers’ (Banking, Insurance, Securities, Utilities) security and compliance requirements.
• Vulnerability management
• SIEM management
• Conduct Security Awareness Training
• Test the DR/BCP
• Determine logging requirements as per customer information / cyber security requirement

Oct 2019 – Jul 2020 · 9 mos · Mumbai Metropolitan Region

• Helping clients to be compliant to BSE / NSE / NCDEX Cyber Security and Cyber Resilience Framework.
• Mapping of ISO 27001 clauses and Annex-A controls to Reserve Bank of India Cyber Security Framework.

Jul 2018 – Apr 2019 · 9 mos · Abu Dhabi, United Arab Emirates

• IT GRC Consultant @BTP for Abu Dhabi Islamic Bank
• Responsible for maintaining, optimizing and improving ITD processes and documentation.
• Maintain IT Standards, processes, procedures and controls in support of ADIB’s business needs and compliance requirements.
• Optimize and improve ITD processes and documentation that meet best-practice (ITIL and COBIT) and audit requirements.
• Follow-up on remediation actions for internal and external audit findings related to IT Governance.
• Ensured RACI, risks, controls and KPIs are identified for each process.
• Perform other IT Governance activities and duties as required.

Feb 2016 – May 2018 · 2 yrs 3 mos

• Prepaid Payment Instruments are (PPI) are used for digitized payment for procurement of goods and services and electronic banking for transfer of funds. I helped client become compliant with Prepaid Payment Instruments regulation from Reserve Bank of India.
• Prepare Policies, Procedures and other required documentation.
• Information Security Awareness Training
• Teaching Information Technology - Chartered Accountant Course

Sep 2011 – Jan 2016 · 4 yrs 4 mos · Doha, State of Qatar

• 3 ISO 27001 projects,
• Manage development and implementation of the Information Security Management System, ISO / IEC 27001,
• Conduct GAP Analysis to know the gaps that exist between the ISO 27001 / Qatar NIAP requirement and current security practices,
• Perform risk assessments manually and using software (RM Studio),
• Manage development and implementation of information security policies, procedures, forms and registers,
• Develop and test BCP / DR process,
• Develop and conduct information security awareness training,
• Vulnerability Assessments using nmap, Nessus,
• Network Risk Monitoring - RedSeal,
• Information Security Governance - part of the team that developed an application for compliance with ISO 27001 and National Information Assurance Policy, a Qatar Government policy to safeguard Qatar Government and Industry information and related systems,
• Assist the sales team with request for proposals and technical documentation,
• Perform technical presentations, Proof of concepts and demo for customers and prospects.

Dec 2010 – Jun 2011 · 6 mos

• Information Security Documentation
• Updated Information Security related documents like Corporate Information Security Guide, classification of information etc. Educating users about how to secure confidential information using approved tools.
• LOG Management
• Based on Software event monitoring Gap Analysis and Remediation Plan, prepared events to be monitored in Security Devices like Firewall, Network Devices like Switches and Routers, OS like Windows and Linux. Regular review of LOGs from above plus Anti virus, Backup, SAP Servers etc. Analysed security events and logs from various network devices, security devices and Servers.
• Vulnerability Assessment.
• Prepared internal vulnerability assessment procedure. Prepared presentation and sample report to be given to various section heads. Clarified what will be done, What is the responsibility of security team and various Section Heads and Owners, what tools will be used, approximate time frame. Completed Vulnerability Assessment of DMZ network of RasGas. Researched various solutions for discovered vulnerabilities. Prepared concise report considering controls in place.

Jan 2007 – Jan 2008 · 1 yr

• Provision of 24 x 7 Managed Security Surveillance / Monitoring / Incident-Handling/Response services
• Analyze the logs of the various systems.
• Checking of security incident reports.
• Analysis of security incidents and escalation of security events
• Liaising with customers with regards to information security incidents,
• Provision and performance of remedial actions to enhance customers' network security posture

Jan 2004 – Oct 2010 · 6 yrs 9 mos

• Provision of 24 x 7 Managed Security Monitoring / Incident-Handling/Response services,
• Manage and monitor Firewall, IDS / IPS, VPN, Servers,
• Escalation of security incidents,
• Member of ISO 27001 implementation, maintenance, internal audit team,
• Prepare Risk Assessment, Policies, Procedures and Guidelines,
• Audit of Security devices, Network devices,
• Firewall rule-set review, audit logging, monitoring,
• Internal vulnerability assessment of client’s network and system components,
• Creating security awareness among Allied Digital RMS staff,
• IT Audit for Bombay Stock Exchange/NSE broker,
• Assist the sales team with request for proposals and technical documentation.

May 1999 – Jan 2001 · 1 yr 8 mos

• Worked on Saudi ARAMCO Oil Co. project, EXPEC PC Contract # 41225/00. Coordinator for installations of new PCs from JERAISY in EXPEC, supervised five member team.
• Installation of Windows NT, standard applications, Mainframe
• connectivity software Personal Communicator, Drilling Information Systems [DIS] etc. Using Remedy action request, a helpdesk software to keep track of user reported problems and their solution. Providing Support to Users in remote locations including Gas and Oil Separation Plants [GOSPs] and DRILLING RIGS.

Jan 1993 – Jan 1999 · 6 yrs

• Installation and support of heterogeneous network of WinNT, NetWare and Unix. Installation and Support of Server, Desktop Hardware and software. Installation, Maintenance and Troubleshooting of Peripherals like Printers, Modems, DATs, CTDs, HUBs and Switches