Jul 2022 – Dec 2023 · 1 yr 5 mos

• Consulting, Engineering, and Operations of Cloud Native Application Protection Platform (CNAPP), Digital Forensics and Incident Response (DFIR) Platform, Threat Intelligence, Data Security Posture Management (DSPM), Insider Threat Management and DevSecOps Tools that enhance security posture and lead to improved business and cyber risk management outcome for clients and stakeholders.
• Assisting BCG in developing an exceptional Security Incident Management Program and DFIR Strategy.
• Realized a 90% decrease in the cloud and digital attack surface through innovative remediation strategies.
• In partnership with BCG AI specialists and clients, I have created a framework aimed at enhancing the management of risks linked to the application of artificial intelligence (AI) in business, government, and society. This framework seeks to improve the integration of trustworthiness factors into the design, development, utilization, and assessment of AI products, services, and systems.
• Functioning within a framework that requires stringent adherence to data privacy, fiduciary responsibilities, and financial sector regulations.

Jan 2020 – Jul 2022 · 2 yrs 6 mos

• 1) Cloud security engineering in an agile drive product development landscape
• 2) Embedding cyber security into business applications to significantly reduce the attack surface sometimes by 95%.
• 3) Full Stack Software Vulnerability Management
• 4) Implementation of full-scale Identity intelligence including IAM, PAM, Secrets Management and Cloud access tokens.
• 5) Penetration Testing of digital products and Red Team Exercise of mission critical business application hosting platform
• 6) Digital Forensics and Incident Response (DFIR)
• 7) State of cyber security reporting to the leadership & board

Jan 2018 – Dec 2019 · 1 yr 11 mos

• Secondment to International HQ. Working for Information Protection Group (IPG) within the Global CISO and DPO organization shaping the cloud security architecture for KPMG worldwide.
• Developed the Global Security Operation Center (GSOC) for 150+ members firms across APAC, EMA and Americas region using RSA security analytics SIEM, triaging hundreds of incidents every day.
• Established the Solutions Review Services (SRS) team primarily responsible for application security and penetration testing of global banking and financial services clients.
• Leading application security architecture and SDLC process governance for a very large cloud transformation program involving Microsoft Azure.

Jun 2014 – Jan 2018 · 3 yrs 7 mos

• I was the KPMG India National IT Security Officer (NITSO) building the internal cyber security program and working closely with the India Leadership Team (ILT) and Global CISO.
• Worked on multiple assignments with many public sector banks relating to RBI regulations on cyber security. These engagements where from various domains like;
• 1) Governance, Risk and Compliance
• 2) Data Security and Privacy
• 3) Data Leakage Prevention
• 4) ISO27001 Certification
• 5) Penetration Testing
• 6) Network and System Security
• 7) Security in Software Development
• 8) Cyber Security Strategy Development

Aug 2009 – Jun 2014 · 4 yrs 10 mos · New Delhi, Delhi, India · On-site

• Cyber security consulting for clients in the Banking, Financial Services and Insurance sector on a variety of subject matter topics. I was part of the inception team at UIDAI Adhaar project in India.
• Served a number of clients in assignments related to;
• 1) Development of Security Operations Center (SOC)
• 2) Development of Application Security Policies, Technology Framework, Architecture, Coding standards and Operating Procedures
• 3) Penetration Testing of Custom Developed Applications
• 4) Embedding cyber security controls in the Software Development Lifecycle (SDLC)
• 5) Transformation of the Identity and Access Management (IAM) landscape.
• 6) Securing the Data Center and branch office network using superior NGFW, WAF and Load Balancers.

Aug 2008 – Aug 2009 · 1 yr · Kolkata, West Bengal, India · On-site

• Identity and Access Management (IAM) modernization for the largest container logistics company A.P.Moller Maersk for its custom developed applications.

Jul 2006 – Aug 2008 · 2 yrs 1 mo · Kolkata, West Bengal, India

• Application security testing and validation for software product and services developed for JP Morgan Chase Private Banking, International Private Banking, Investment Management and Treasury Services.

Nov 2004 – Jul 2006 · 1 yr 8 mos · Kolkata, West Bengal, India · On-site

• I was part of the ITC Infotech IT Shared Services (ITSS) team running the endpoint security services which include antivirus management and patch management for all desktops, laptops and servers across ITC Limited business units.

Jul 2003 – Nov 2004 · 1 yr 4 mos · Kolkata, West Bengal, India · On-site

• Network and systems security engineering for client Offshore Development Center (ODC)

Jul 2000 – Jul 2003 · 3 yrs · Kolkata, West Bengal, India

• Development, Operation and Maintenance of the Calcutta Stock Exchange Online Trading and reporting Platform CSTAR, market surveillance, settlement system and its integration with clearing house and banks that was generating a daily turnover of Rs 4000 crore during early 2001.
• Key technology used were Tandem Himalaya S-Series system running programs in Tandem C, Nonstop SQL and TAL environment. Also used Java, PL/SQL and HP-UX systems.
• I was part of the transformation team which migrated the manual trading mode of CSE to the online trading platform. Experienced the beginning of the financial market transformation journey of India from a T+15 settlement system to a T+5 system.