Dec 2020 – Apr 2023 · 2 yrs 4 mos · India

Jul 2020 – Dec 2020 · 5 mos

Jul 2019 – Jul 2020 · 1 yr

Aug 2017 – Jun 2019 · 1 yr 10 mos

• Information Security Standards and Policies
• Affluent with ISO 27001, PCI DSS, SOX, SSAE/ISAE ensuring IT and application security compliance with organization’s security policies
• Performed ISO 27001 Internal audits, driven surveillance audits and re-certification audits.
• Involved in ISO 27001-based internal, supplier and third party audits.
• Implemented ISO 27001-based ISMS at mid and large sized firms. Written Information Security Policies, Procedures and Guidelines.
• Information Security Risk Governance and Implementation
• Created Information Security Policy Manual aligned to ISO 27001:2013
• Created and implemented Risk Assessment Methodology for entire ISMS Program
• Created Risk Treatment Plan and methods for the various risks identified in the Risk Assessment
• Develop Asset and Risk Register
• Developed a road-map for roll-out and implementation of ISO 27001 controls
• Designing the various IS related Policies and procedures
• Preparing of Risk Register and Risk Tracker
• Designing and preparing the Statement of Applicability
• Participated in designing the Security Architecture and formulating the Risk Mitigation Strategy
• Designing and conducting Information Security Awareness programs
• Security review of IT Infrastructure and IS operations in accordance with ISO 27001, at Operational office and Data center;
• Assessment of IS controls for RFP compliance
• Review of Business Continuity Management Plan for the entire program.
• Review of the Security policies and procedures
• Creation and review of SOA (Statement of Applicability)
• Review of the IS processes
• Assessment of the physical and environmental controls at operational office, data center and communication rooms
• Review of the logical access Controls
• Review of the Security Incidents
• Review of the Disaster Recovery Plan
• Preparation of the Audit findings report and mitigation plans

Jul 2008 – Mar 2012 · 3 yrs 8 mos · Chennai Area, India

• 3.8 yrs of experience in Security Administration
• Handled Ticket tracking tools- Service Manager 7, Remedy, IDM, Peregrine,
• Has experience working with Active Directory on Windows 2003/2008 server, Mainframe- RACF, Unix, Exchange Server 2010, Manual online form testing in SUN Identity Manager and RSA Console
• Roles and Responsibilities mainly included User account creation, termination, role cleansing activities, maintenance of Ids (reactivation and extension of Ids), creation of User and Generic mailbox, Distribution list, Security groups, Home folder, network shared folder. Granting/Denying permissions to network file share folders, drive access and troubleshooting issues with user account and RSA using key-fobs
• Got online transition on the customized client application from the client; contributed document and trained the entire offshore team on the same
• Responsibility to collect daily efforts of the team in order to review and maintain SLA of the tickets processed and also sends weekly and monthly efforts to the client
• Responsibility for implementing the policies and procedures of user ID management and the security policies

Mar 2007 – Jul 2008 · 1 yr 4 mos · Chennai Area, India

• Worked as Technical Analyst
• Worked in user access management- Security Administration profile
• RACF Id and RACF group creation for the users accessing various systems across the company.
• Connecting User with the RACF group based on his role and the requirement and granting access to Datasets.
• Maintenance of RACF Id such as Resuming the revoked Id, resetting password, replacing department groups
• User access provisioning, amendment and maintenance of various systems including lotus notes
• To perform Role cleansing activity
• Setting up/Deleting user accounts, administration and amending user access on Active
• Directory
• Efficiently use the Tracking tool- ASSYST 6.5version
• Maintain client operating standards and SLA including documentation, form processing and internal procedures
• Handled the projects ITAEXP (Extension of Id’s), Name change.
• Troubleshooting issues related to user profiles and accesses in various applications