May 2018 – May 2020 · 2 yrs · Bengaluru, Karnataka, India

• Manage Entire South India Security Operations

Jan 2017 – Apr 2018 · 1 yr 3 mos

• Aid in the pre-sale stages of engagements, specifically supporting the sales team with activities such as proposal writing and assisting with client presentation Create and own responses to Request for Proposal (RFPs), POCs, SoWs.
• Development of new services/solutions and enhance existing services portfolio
• Work with respective Regional Sales Team members and be their extended arm for any ongoing Sales Engagements/Discussions and Pipeline Tracking.

May 2013 – Dec 2016 · 3 yrs 7 mos

• Managing and executing multiple projects on information security & compliance, IT Risk & Assurance for India, MEA & US regions on areas such as
• a) PCI DSS version 3.2 – GAP Assessment & QSA Audits
• b) Implementing ISO27001 (ISMS) framework & Conducting ISO27001 risk assessment, Gap Assessment and Internal Audits for 27001:2013(Including recertification audit and surveillance audit.)
• c) Implementing ISO 20000 (ITSMS) standard
• d) Implementing ISO 22301 (BCMS) standard
• e) Data Flow Analysis (DFA)
• f) IS Audit
• g) Cyber Security Framework Assessment
• h) Extensive third-party audits as part of vendor risk management services
• i) Develop security policies, standards and procedures.
• j) Design, review and recommend security controls for application and infrastructure systems.
• Managing Regional Teams – Project Managers and Team Members across different client locations to facilitate and assisting them for the project execution.

Nov 2011 – May 2013 · 1 yr 6 mos

• Was part of the IBM Global Business Service and the primary role and responsibilities were to continue elevating data security and privacy practice of various projects undergoing and Assist Project Managers and Leads in developing Data Security and Privacy and Data Protection solutions for the projects.
• The implementation & audit work involves conducting a risk assessment of the each project by evaluating different aspects like access to client systems – production and non production, access to client’s environment – whether production or development, requirements of regulatory compliance, access to personal information, access to business sensitive information etc. Based on the assessment, controls like documented Data Security Plan, Risk Log, User Access Management, Training & Awareness, and Separation of Duties.
• Verifying DOU (Document of understanding), SOW (statement of work), CTA to ensure the client stated security controls are in place.

May 2009 – Oct 2011 · 2 yrs 5 mos

• Was part of Compliance Testing to perform audit of a system carried out against a known criterion in which the Servers Security Configurations are periodically health checked in order to meet the Security standards requested by the customer. Each server is manually health checked including the Applications and operating systems running on the server by retrieving the settings from the servers and comparing it with GSD331 Settings (Which are agreed by both the customer and the Company).

Sep 2008 – Apr 2009 · 7 mos

Aug 2007 – Apr 2008 · 8 mos