Aug 2020 – Jun 2021 · 10 mos · India

Jun 2020 – Present · 5 yrs 9 mos

Jun 2019 – Present · 6 yrs 9 mos

Oct 2018 – Jul 2020 · 1 yr 9 mos · Chennai Area, India

Sep 2017 – Sep 2018 · 1 yr

Sep 2016 – Aug 2017 · 11 mos · Chennai

Oct 2010 – Jul 2017 · 6 yrs 9 mos

• As a functional extension to the Corporate HQ’s IT Governance portfolio, my responsibilities are:
• Turn-key management of all Information Security, IT risk management and Compliance Assurance initiatives (like AT101/SSAE16, PCI-DSS & ISO27001) for the Global Outsourcing business of RRD & Sons
• Due-diligence of cloud computing services including risk reviews, ROI & TCO analysis for management decision support.
• Turn-key program Management of all external assurance programs (vendor/supplier governance reviews, SAS70/AT101/SSAE16, ISO27k1 surveillance, PCI-DSS etc)
• Execution of risk-based internal audits/due-diligence including technology vendor governance.
• Management reporting of metrics on IT Governance, risk & compliance health checks
• Representing IT Governance function during pre-sales meets

Apr 2008 – Oct 2010 · 2 yrs 6 mos

•  Part of senior leadership (reporting to MD) and responsible for design, creation and maintenance of Technology, Risk and Compliance Management Governance.
•  Driven the institution of 3 semi-independent management systems, namely – Information security management system, Business Continuity Management System & Compliance/Audit Management System for the India Delivery Centers.
•  Had created multi-level compliance assurance regimen that includes self-assessment, internal audit and 3rd party assessment for repeatability and continual adherence.
•  Driven synergies between the Technology Office and Risk & Compliance Office for seamless benefits of better governance through process re-engineering, MIS/Dashboard reporting to management committee and top-down policy direction etc.
•  Drive synergies for cross pollinating best practices of client’s vendor governance initiatives aligned with frameworks like BITS-SSAP, COSO, DPA etc
•  Had successfully established ‘green audit’ status in all Clients’ vendor assessments/due-diligence programs – 100% success rate.
•  Had aligned the ISMS against the standard of ISO27001 and for UK DPA 1998.
•  Had successfully achieved the SAS70 Type I&II assessment for the entire organization’s scope.
•  Had recommended a lot of cost savings initiatives with the right balance of risk and rewards within the portfolio’s scope.
•  Was conferred the ‘Gold Exceptionals Award’ and the ‘Managing Director’s Award’ for the year 2009, for the exemplary display of exceptional leadership and commitment in various initiatives under the India operations scope.
•  Driven consistency among all delivery centers through Standard Operating Procedures institution.
•  Setup, reviewed and consolidated IT services apart from driving optimization to the highest order.

Jan 2007 – Apr 2008 · 1 yr 3 mos

•  As the only dedicated representative of the Enterprise Risk Management Forum from the Technology office, my role was to provide audit services, risk advisory and management for all of the technology environments within the global offices.
•  Executed projects around IT Policy & Procedures development and streamlining, Business Continuity & Disaster Recovery Planning, Network & Systems hardening, vendor management for penetration tests, VA & ISO 27001 certification programs, Legal & Regulatory Compliance (Sox etc), IT Process and Application Security audits and forensic analysis including ‘Security Operations Center’ set up.
•  Was conferred the ‘Certificate of Excellence’ for successfully transitioning the India delivery centers from BS7799 to ISO27001 certification requirements.
•  Revamped the perimeter defense, patch and AV management architecture and deployed Security Operations Center at the Hyderabad campus for better controls management
•  Conducted many ‘Proof of Concepts’ with vendors for NAC/NAP integration, Security event correlation and response management and Total end-point protection.
•  Assisted third party auditors (E&Y) from the US office to align internal controls (Technology and process) for SoX404 & SAS70 Type I compliance for the India & Sri Lanka Delivery Centers
•  Provided insightful dashboards as decision support aids for management to reflect on.
•  Maintained consistency of zero ‘non-compliances’ on all client annual assessments.
•  Supervised up to 50+ direct and in-direct reportees in the Technology and Process teams

Apr 2006 – Jan 2007 · 9 mos

•  Had executed consulting deliveries for a global payment gateway client as a representative of their Vendor Governance (risk assessment and audit) Programs.
•  Had contributed in creating a Managed Services model for offshore analytics and information services for one the BFSI clients in the space of Event & Incident Management.
•  Offered consulting services for various internal and external clients within Wipro business units in the space of Information Risk Management that included but was not limited to –
• o Vendor Due-diligence/risk assessments/ 3rd party audits
• o BCP/DRP design
• o ISO 27001 policy framework design
• o IT Fraud/Security Incident Management Framework design
•  Identified & outsourced non-key processes to India, reduced staff requirements in US & saved recurring costs by over USD 30K per annum for one of Wipro’s clients.
•  Implemented paperless risk assessment and analysis system through MS Excel & reduced processing time from 5 to 2 weeks using Lean and Six Sigma principles.
•  Identified newer service portfolios and created ‘Go-to-market’ kits for the global sales teams.
•  Responded to many RFIs and creating proposals with value proposition that has been successful in winning business for consulting services business.
•  Had assisted the client’s Enterprise Risk Management team in aligning their COSO based ERM framework for ISO27001 certification readiness.

Jan 2005 – Mar 2006 · 1 yr 2 mos

•  Was responsible for pre-sales, execution and post-delivery dynamics for the following portfolio basket –
• o Designing and review of existing Information Security Frameworks
• o Policy design, creation, implementation and effectiveness measurements
• o Certifications alignment – ISO27k1, ISO20000
• o BCP/DRP design, creation, implementation and testing
• o 3rd party Audit & Assessments
•  Was involved in the opportunity assessments of customer’s security requirements and right-sourcing solutions and services for posture improvement
•  Had drafted suitable Risk assessment methodologies aligned to industry best practice for various client verticals
•  Planning, implementation & effectiveness exercises for turn-key project delivery and lifecycle support.
•  Developing & communicating business risk management services apart from providing recommendations to clients across all aspects of IT risk management
•  Conducting business risk management studies & audits in line with overall business strategy apart from general business security risk analysis.
•  Significantly contributed to the onsite project team’s cause of build, operating and managing a ‘Security Operations Center’ for Saudi Arabia’s 2nd largest GSM provide (Etisalat).

Jul 2004 – Jan 2005 · 6 mos

•  Offered Information Assurance services including risk assessment/threat profiling, BCP/DR solutions development, Security Architecture designing/review, IT Security auddits etc for a host of Indian clients.
•  Analyzing basic customer security requirements and makes recommendations for improvement to information security data bases or platforms.
•  Providing information security support by instilling a ‘Security Operations Center’ which would review, analyze, codify and report MIS such as violation reports, pc security policies, and maintenance, to customers.
•  Promoting customer information security compliance, according to corporate and local security standards, by verifying data from pre-existing audit programs.
•  Managed turn-key (end-to-end) project executions single-handedly which included successful rollout of ISO27001 (ISMS) for 2 clients from green field.
•  Had assisted pre-sales team with ‘Go-to-market’ kit development and wining deals worth USD 0.5mn.

Dec 2003 – Jul 2004 · 7 mos

•  Designed and implemented incident management protocols including Investigating the logs and violation reports
•  Assisting in system consolidations, software upgrades and internal information security investigations.
•  Created a suitable incident management regimen through the set-up of a CERT and provided guidance through training programs for both the end-users and incident management personnel on their roles and responsibilities towards ensuring upkeep of security posture within the organization.
•  Created a reusable internal audit regimen for the ITSC and executed one mock audit as hands-on to align their team for the cause.
•  Has been a part of the ITIL transition team to effectively transition in-country Security Management of production servers to the hub from where Security verification tests were streamlined as a part of ongoing audit based on criticality of the services to the business.
•  Had streamlined the Security Analysis of events (reported by heterogeneous systems), Privileged account management and password self-reset provisions which reduced cycle times and cost as net effect.
•  Was nominated as the department continuity coordinator (DCC) for IT shared services center for Standard Chartered Group to create, implement and maintain the BCP/DRP in relation with the latter.
•  Had assisted third party forensic investigation of a major security breach within the core banking applications platform.

Mar 2001 – Dec 2003 · 2 yrs 9 mos

•  Was part of the INFOSEC consulting practice of the Infrastructure Management horizontal that catered to internal requirements from verticals around –
• o IT security audits/gap analysis
• o VA/PT
• o Security Architecture reviews
• o Due-diligence against client’s security standards/best practices
• o Design and deployment of policies for Offshore Delivery platforms for BFSI clients.
•  Was conferred with the ‘Pat-on-the-Back’ Award for highest quality of service delivered to the customer and enhancing the prospects of more wins from the latter.
•  Had lead many internal learning projects within the group which eventually was marketed as a part of the existing portfolio offerings around Infrastructure Management and Security Services.

Dec 2000 – Mar 2001 · 3 mos

•  Level 2 technical support for IDS, Antivirus and backup/storage solutions.
•  Managed 10 consultants for product support on Windows platforms (NT/2k).
•  Implemented training course for new recruits — speeding profitability.

Jun 2000 – Dec 2000 · 6 mos

•  Deployed NT/Solaris environment for offshore development center including day-to-day administrative procedures for the same.
•  Secured connectivity with client’s intranet using SSL & digital certificates.
•  Designed procedures for periodic review of security controls including firewalls, IDS, authentication procedures etc.
•  Promoted security awareness

Jun 1999 – May 2000 · 11 mos

•  Had successfully erected ‘Points of presences’ for ISP presence across 3 sites within the country and eventually lead the connection of the triage with the ATM backbone.
•  Was part of the IT Security Task Force to instill best-practices within the designated Operations Circles
•  Single-handedly managed the portfolio of Network Control, Operations and Client services within these locations.

Jan 1999 – May 1999 · 4 mos

•  Pre-sales for web development projects and training on internet technologies (CORBA/COM/DCOM etc)
•  Execution of network infrastructure for SME type clients as value-add services to the above.