Dec 2017 – Oct 2022 · 4 yrs 10 mos · Bangalore

• Information Security Risk Management:
• o Partnering with global business and technology stakeholders to assess risks associated with internally developed Applications/solutions and third-party technologies.
• o Performing security assessments for cloud infrastructure (Azure, AWS) to validate security related controls.
• o Formalizing Risk review report on risks identified and remediation plan status for CISO, Legal, PCI, and Privacy review.
• o Consolidating vulnerability reports and presenting risk management process to VP for Risk acceptance.
• o Collaborate with Team members to develop risk assessment Peer Review process for scoping, Risk Lead review, and reporting requirements.
• Security Architecture Review:
• o Identifying and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge
• o Identifying security design gaps in existing and proposed architectures and recommend changes or enhancements
• o Providing product best fit analysis to ensure end to end security covering different faucets of architecture e.g., Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance, and regulations. Performing security assessment against NIST Frameworks, SANS, CIS, etc.
• Data Privacy:
• o Collaborate with Customer delivery teams to understand the privacy risks of business processes, systems specific to accounts and provides guidance to ensure privacy controls are embedded into the design of these processes / systems.
• o Performing Data Privacy Impact Assessments taking into consideration client mandated privacy regulatory requirements for California data privacy law an GDPR.

Mar 2015 – Nov 2017 · 2 yrs 8 mos · Gurgaon, India

• My primary responsibility was to support Moody's senior IT/IS management in the successful implementation and ongoing management of IT Governance and Risk Management initiatives at Moody's Analytics Knowledge Services (MAKS). This included providing strategic oversight for information security governance across MAKS locations, and maintaining comprehensive security policies, procedures, and standards. I also served as a key point of contact for Moody's Information Security management and Third-Party Risk management, collaborating with MAKS leadership to identify security requirements and deliver technical solutions, demonstrations of security services, and strategic security discussions. A core aspect of the role involved implementing enterprise information security and IT risk management programs.

Oct 2013 – Mar 2015 · 1 yr 5 mos · Gurgaon, India

• Responsible for implementing information security/data Privacy within IBM’s client accounts, participating in discussion related to IS strategy/ account information security/data privacy plans with senior management. job also includes responding to Client’s Information Security management related proposal/ Information Security RFPs/RFI, Preparation of Costing engagement notes and proposals, Interfacing with Clients to identify Information Security requirements and providing technical solutions, demonstrations of IBM’s Security Service Offerings with clients, security Strategy discussions, Proof of Concept Creation, Prepare and maintain documents of SOW.

Mar 2010 – Sep 2013 · 3 yrs 6 mos · United Kingdom

• Managing Client Data Protection/Security architect portfolio for more than 20 clients in different geographies including various European countries, Middle East and African regions.
• Identifying security risks by conducting Risk Assessments, performing various security assessments on business critical applications/infrastructure and articulate technical findings into comprehensive reports with corresponding mitigation or remediation recommendations to minimize business impact.
• Assisting clients to effectively identifying, measuring, monitoring Compliance requirements and helping them for implementing controls in compliance with various European data processing laws including EU directive 95/46,German,Italian and Spanish laws over client data.
• Reviewing of implementation of security practices, access controls over program and data, Incident management & Physical and environmental security controls.
• Develop remediation reports which detailed the required actions to bring security controls in line with industry best practices and other applicable regulations

Aug 2008 – Feb 2010 · 1 yr 6 mos · Banglore

• Primary duties includes performing IT Risk Assessment on application/systems, handling regulatory & internal security Policy/Process Compliance requirements, review application design for security vulnerabilities & Coordinate to mitigate application risk, coordination of Disaster Recovery for the enterprise, Policy authoring, security awareness training, handling various internal and external audits and assessments.

Feb 2008 – Aug 2008 · 6 mos · Mumbai Area, India

• Responsible for assessing application security, conducting application security review to address security requirements with application development teams/project manager at every stage of SDLC.
• Conducted Risk Assessment, control analysis and Compliance requirement review with IS/IT, business teams to ensure appropriate controls and safeguards are in place for the protection of information and regulatory requirements in all new & existing applications.
• Facilitating risk assessment for all applications,software,hardware and services in various LOB

Jan 2006 – Jan 2008 · 2 yrs · Gurgaon, India

• ISO 27001 Implementation,Risk management,information and network security operations

Apr 2005 – Jun 2006 · 1 yr 2 mos · New Delhi Area, India

•  Providing level-1 technical support for Cisco MGX (8850)/IGX (8430) ATM technology switches.
•  Monitoring and resolving issues for End to End WAN connectivity for all WBPO sites.
•  Co-ordination with domestic and International ISPs for all Wipro BPO Sites WAN Connectivity.
•  Configuring Virtual LAN, (VLANS) and VTP modes on LAN Switches.
•  Monitoring Router and switch bandwidth using MRTG and what’s up gold monitoring tool.
•  Providing level-1 support for voice using AYAYA Site Administration.
•  Performed configuration management, change management, documentation for various changes in configuration based on ITIL requirements