Skills

Skills

Domains Exposure

·        IT/ ITES & BPO ·        Banking Domain for PCI Audits & Architecture Review & Design ·        Government/ Public Domains for PCI Audits ·        Telecommunications Industry for PCI Audits ·        Banking Domains for SOC & ISMS Related Activities ·        Software Development Firms for PCI Audits ·        Service Providers for PCI Audits ·        Payment Gateways for PCI Audits ·        Media & Broadcasting Industry ·        Different Banks across multiple Geographies

Information Security Governance, Risk & Compliance

Key Area of Exposure: IT Controls Review PCI-DSS Scoping, Gap Assessment ,Implementation Planning & Assistance Process,Technical & Network Audits Secure Network Architecture & Design Development of Information Security Polices & Processes Vulnerability Assessments & Rule Base Analysis ISO 27001 Audits Risk Assessments and Risk Treatment Plans Perform Management Consulting and Governance Projects Perform Security Program / Security Controls Reviews Plan and implement Security Policy Projects  

Management Skills

On-Site Program Management Project management Global Infrastructure Services Management Vendor Management Root-Cause Analysis Problem Management Team Management

Technical Skills

Avaya Media Gateways & Servers  Call Center Equipments Cisco Routers Cisco Switches RAS<cisco> Messaging Equipments Site Set Up Parameters Polycom Video Devices Operating System Routed & Routing Protocols Web / Application Servers Data Base Servers Directory Services            

Work History

Work History
Dec 2011 - Present

Professional Services Consultant

Verizon Business

Senior Consultant & QSA

Key Projects Handled

Designing & Implementation of Policies, Process & Procedures

Building & Designing of documents as per Global Standards

  •  Risk Assessment for the Environment
  • Desigining of Policies as per global PCI & ISO Standards
  • Designing of Prcesses as per global PCI & ISO Standards
  • Designing of Processes as per global PCI & ISO Standards
  • Training of Internal Teams on the Policies & Processes
  • Implementation of Polcies within the Environment
  • Building Standard Hardening Documents
  • Building Standard Operating Procedures for the Environment

Internal IT Review

Includes:

·Review of the Policies and Procedures

·Review of Security Architecture

·Review of the Firewall Rule base, Server Hardening, Hardening of Network Devices

·Review of Information Security, data backups, Physical and Environmental Security, Data Centre and Network Security.

ISO 27001 Implementation and Readiness Assessment

Implemented ISO 27001 for Banking Client which includes:

·Policies, Procedures and Standard Development

·Developed baseline documents for Server, Databases, Firewalls, Network Devices, Web Servers, etc.

·Change Management

·Information Security Manual and Policies Development

·Asset Register Development

·Risk Assessment, Risk Management and Risk Mitigation procedure Development

·Disaster Recovery and Business Continuity Implementation

·Recovery Procedure and Strategies Development

RBI Audit & IT Policy & Process Design

·Managing RBI Gap Assessment

·DesigningIT Governance

·Designing IT Policy

·Designing IT Strategy

Internal Vulnerability 

Internal Vulnerability Assessment of:

·Network Devices (Firewall, Routers, Switches, IDS, IPS, etc)

·Web Servers (IIS and Apache)

·Exchange Servers

·Wireless Access Points

·Database

Jan 2010 - Nov 2011

Senior Security Consultant

Paladion Networks Private Limited

Senior Security Consultant & QSA (Global Risk Compliance)

Key Projects Handled

  A. PCI-DSS Scoping, Gap Assessment ,Implementation Planning & Assistance

Client Names:

1.  Malaysia  Media Broadcasting Industry

2.  Banking Sector Qatar Doha

3.  Software Development Firm India

4.  Government Banking Sector In India

5.  Banking Sector Bangkok & Laos

6.  Banking Sector Dubai

7.  Third Party Visa Net Service Provider) Bangkok

9.  Bank Sector Muscat Riyadh

10. Payment Gateway Bangkok

Position Handled:Project Manager & Technical Onsite Consultant

Responsibilities:

Technical Execution

  • Card Holder Data Flow, Scope Analysis & CHD Matrix Identification & documentation.
  • Infrastructure & Security Devices Vulnerability & Security Controls Assessment as per PCI requirements.
  • Understanding the Encryption used & evaluating controls for In- House & Vendor developed applications processing card holder data.
  • Understanding CHD Databases and related applications.
  • Searching for CHD & Sensitive data locations on various System Components across data bases & Scoped environment.
  • Evaluation of Physical Controls for Back up Storage locations & other offices from where software was being developed.
  • Evaluation of Log Monitoring & Storage mechanisms for System components, Applications & Databases.
  • Evaluation of Information Security Policies & Procedures.
  • Submission of PCI DSS Gap Assessment & Recommendation Report.
  • Preparation of PCI DSS Road map to Compliance.
  • Preparation of Prioritized Implementation Map. Preparation of Templates for PCI DSS for specific PCI requirements.
  • PCI DSS specific trainings for the company

************************************************************************************************************************

B. Secure Network Architecture & Design

Client Names:

1. Largest Private Sector Bank in India

2. Largest Public Sector Bank in India

Position Handled: Project Manager

Activities Done:

  • Analysis of Current Security Architecture & Devices.
  • Analysis of Policies & ACL’s configured in Infrastructure Devices.
  • Analysis of organizational Policies & Procedures in place.
  • User Access Management process review.
  • Process Audit on accessing Sensitive Data.
  • Designing Secure Segmented Infrastructure with placement of Network & Security Devices.
  • Recommendations on common Policies to be configured on Infrastructure Security Devices like NAC, IPS & Antivirus.
  • Designing IP Addressing Schema for LAN & Server Segments keeping adequate provisioning for future use.

************************************************************************************************************************

C. Information Security Policies, Procedures Audit & Development

Client Names:

1. Payment Gateway for Government of India

2. Payment Processor Firm in US

Position Handled: Project Manager

Activities Done:

  • Understanding of the functioning of current organization
  • Risk Assessment
  • Deriving policies to address those risks
  • Forming of Information Security Organization Structure
  • Creation of Process work flows & associated forms & Templates.
  • Training of organization users for the policies created, Understanding of process work flows
  • Deployment of key policies in the organization
  • Handling User queries

************************************************************************************************************************

D. PCI Projects Audits

Position Handled: QSA, Engagement Manager

Activities Done:

  • Advising on best practices to be followed for quick compliance
  • Advising on Compensatory solutions ensuring enough access controls in place
  • Implementation Assistance to Onsite Technical Consultants
  • Audit of the client environment with respect to PCI Guidelines & filling up of report on compliance
  • Development & Standardization of PCI Service Line
Apr 2007 - Dec 2009

IT Analyst Global Infracture Services (Voice, Video & Telecommunications)

Mckinsey & Company

Key Responsibilities / Assignments :

  • Actively working with various Infrastructure Development groups to assist in the Security Testing, Deployment, Upgrades and Support & Optimization of new technology rollouts related to LAN, WAN, VoIP, Video service lines.
  • Co-heading Avaya IP Telephony Support & Implementation teams out of India and Prague – Actively participate in carrying out Projects, Planning, Secure Implementation, Transition & Support and Troubleshooting across all McKinsey offices worldwide migrating to VoIP.
  • Involved with core teams in setting up of Secure Data and Voice Infrastructure between Collocations to Local Officesalso implementing highly Secure, Redundant and Resilient solution for the data and voice Infrastructure for Primary and the Disaster Recovery Sites.
  • An advisory in the “Change Advisory Board” formed of Avaya & McKinsey members to discuss and plan upgrades, security polices & access controls, Coordinate upcoming changes with all parties involved and ensure procedure adherence, resource assignments, Pre & post implementation meetings.
  • Actively involved in VoIP Project completion handover discussions with the local offices and explaining them the SOP’s & Escalation contacts to be followed in case of any breaches.
  • Active participation in the recent Videoconferencing Project – One of the pilot members who have been involved in the latest Videoconferencing Project for the Firm. Key Member in discussions for Project Planning, Roll-out & Implementations of the HDX/RPX Videoconferencing in coordination with vendors like Informata, Polycom & Avaya.
  • Lead process development, in particular SOPs as part of service transitions &  changes – Formulating new Standard Policies and Procedures for Incident and Problem Management and Reviewing, Updating and Approving new and existing Knowledge articles in the IT-Knowledge Base.
  • Conduct Technical and Procedural Training and Knowledge building sessions for New-Hires, subordinate and cross-functional support groups like Helpdesk and office IT and act as Mentor to fellow team members.
Jan 2005 - Mar 2007

Team Lead Network Operations (NOC)

HCL Infinet Limited

Infrastructure Lead Network Operations (NOC)

Key Responsibilities / Assignments :

  • Served as a team lead of Network Operations (NOC) to provide consultation and leadership to facilitate efficient control and maintain the confidentiality, integrity & availability of various policies & procedures across the organization.
  • Lead a team of over 100 technical people nation wide and provided nationwide technical support for secure implementation of routers & firewalls and troubleshooting large WAN networks.
  • Responsible for the developments of various processes & teams like NOC-Tech (L3 support), NOC-Core, NOC Planning, NOC Order processing, NOC-VOIP, Problem Management (L2 Support) and Managed Services.
  • Managed and configured the Nortel CVX 1800 Access switch (RAS), used for dialup customers. Ensuring secure configurations only allowing authentic connections to pass through after proper AAA in Radius Servers.
  • Monitored the progress on customer SLAs to ensure the service levels are achieved.
  • Organized/ delivered internal/technical trainings to team members, Onsite Engineers and various POP Engineers on Specialist products to ensure sufficient skills to cover 24x7 requirements.
  • Assisted sales team for pre sales technical queries, analysis and secure solution design. Attend technical meetings for all minor and major accounts for the pre sales support.
  • Maintained and developed a knowledge base of key technical information to assist in the efficient diagnosis and resolution of customer issues.
  • Attended technical meetings for identified key accounts to develop understanding of customer networks and improve efficiency in diagnosing issues Co-ordinate communications with all stakeholders.
  • Single point of contact for all over VPN Dial up and ISDN Customers solving their technical issues related to VPN authentications in VPN box. And customers IPSec tunnel configuration Issues.
  • Centrally managed all ACL’s in routers & check point Firewalls, Internet Gateways (BGP) and Inter network (OSPF & other routing protocols for the customers) for all over India from NOC, Noida.
  • Core Team player in Bandwidth management (INTERNET and BACKBONE), Planning, Network designing and commissioning of all the network services.
  • Monitored the entire range of network services with dial backups (ISDN) and back office operations of the 24*7 NOC in Noida, New Delhi.
  • Debugging network issues based on the ticket id generated by the Support team and properly documenting and reverting back with RCA.

Education

Education

Extra Curricular

  • Leadership and Personality Development Program Conducted By – Mannford Consultancy which focused on Excellence in         
    •     Human Relations Management
    •   Attitudinal Skills
    •   Effective Communication
    •   Memory Management
    •   Group Discussion
  • Done Holistic Management Activities like Art of Living, Vipassana as integral part of Curriculum.
  • Won First Prize for the winning team in Soft Ball in intercollegiate games. 
  • Taught as a part of Computer Literacy Program to the students of Mahatma Phule, School for Handicapped, Mann, Dist Pune.
  • Have Attended Workshop by Polycom for Training on Conf. of Video Devices.
  • Taken part in various cultural activities like Debating, Group Dance.

Summary

An Astute Individual with close to 8 years experience in Global Risk Compliance solutions ,Secure IT Infrastructure Services offering ,Perform Management Consulting and Governance Projects, Perform Security Program / Security Controls Reviews, Plan and implement Security Policy projects,Plan and executive Risk Assessments and Risk Treatment Plans, Services Delivery Management , Network Management, Project Management, with reputed Organizations. Of the recent 8 yrs, Recent 4 years were focused on working with Governance, Risk & Compliance Domain Service Line delivering solutions in areas like PCI DSS, ISO Audits, VA/PT, Secure Network Architecture & Compliance Audits,Information Security Policy & Process Framework for customers based in South East Asia, Middle East & India. Close to 4 years plus were focused on Technical support, Operational Security &, Project management on Network,VoIP/Video service lines in Global Infrastructure Support for Clients based out of 83 Offices in 43 Countries around the world.

 I further aimed to implement my acquired knowledge to undertake and complete a project cycle to project reviews, implementation and infrastructure Deployment & Management along with further enhancing my capabilities and proficiency in related Management, Technical and Functional areas of Information Security.

  • In-depth knowledge of Information Security Assessments, PCI Audits & Remediations ,Management Consulting and Governance Projects, ISO Audits, Security Program / Security Controls Reviews, Risk Assessments and Risk Treatment Plans, Secure Network Architecture & Information Security Policy Frame work Designing.
  • Insightful knowledge in Secure IT Infrastructure Planning & Implementation, IP Telephony, Video Domain, Data Center Builds, Network Planning & Implementation.
  • Have Hands on Experience in Voice and Telecommunications Domain. Experience and good understanding of configurations of multi-vendor devices from Cisco, Nortel, Polycom, Avaya.
  • IT Infrastructure services professional &  strategic thinker with demonstrated strengths in technical /project management, critical thinking, and decision making,Enthusiastic, self-motivated, and able to manage teams towards exceptional results.
  • Demonstrated ability to lead, influence and motivate teams. Excellent verbal/written communication skills, interpersonal skills, and  problem solving ability.
  • Ability to work with individuals at all levels of the organization, manage multiple initiatives and respond to change in a fast-paced environment.
  • Always maintains a professional, calm, can-do attitude even during high pressure at work.

Certifications

Certifications

Linux+

CompTIA

CCNP(Routing)

Cisco Certified

CCNA

Cisco Certified
Aug 2012 - Sep 2015

ISO/ IEC 27001: 2005 LA

IRCA
Sep 2012 - Sep 2014

Payment Card Industry Professional

PCI SSC
Mar 2011 - Mar 2012

Qualified Security Assessor

PCI Council