Rohit Sharma

Rohit Sharma



Network and Data Security

Perimeter Security   (Firewalls, VPN & IPS)                           Data Loss prevention                      Internet & Messaging Security (Forward Proxy)      Security Incident and Event Management.    End-Point Security & Encryption     

Privacy and Data Protection

1. Exposure to Safe Harbour law 2. Exposure to Indian IT Act 2008 ( Cyber Law) 3. Exposure to US Marketing Acts

Information Security Risk Assessment

1. Developed Risk Assessment Methodologies based on NIST 800-30 framework 2. Conducted Information Security Risk Assessment based on NIST 800-30 framework 3. Conducted Business Risk Assessment for Technology and Business Processes 4. Implemented controls to reduce the identified risks to an acceptable level

ISO 27001 Implementation and Sustenance

1. Involved in documenting Policies, Procedures and Guidelines. 2. Conducting Information Security Risk Assessment based on NIST 800-30 3. Managing and Conducting Internal Audits based on ISO/IEC 27001:2005 Standard 4. Driving the implementation of controls for minimizing the identified risks and issues 5. Involved in preparation of Information Security Awareness communication and imparting training. 6. Managing external surveillance audits for ISO/IEC 27001:2005 and ITGC standards.


1. Documented the IROC and FROC based on PCI DSS v2.0\ 2. Conducted PCI DSS Assessments for  Merchants, Payment Processors and Banks.

Work History

Work History
Apr 2011 - Present

Consultant - Professional Services

Verizon Enterprise Solutions

·ISMS Implementation, Sustenance and Audits

üImplemented ISMS for clients in BFSI and ITES domains and enabled them to attain ISO/IEC 27001:2005 certification. Implementation and certification was followed by sustenance of compliance requirements of the standard.

üConducted IS audits in accordance with client’s Information Security Policy, ISO/IEC 27001:2005 standard and other Information Security frameworks.

üConducted IS Reviews for Processes, Technology, Application and Systems considering the Client’s Information Security Policy and best practices.

·BCMS Implementation and Audit

üDeveloped, implemented and audited BCMS for a client in ITES domain.

üEstablish IT recovery strategies and procedures for mission critical systems.

üDevelop and implement backup, storage, and rotation procedures of critical systems including hardware, software, and documents.

üConducting a risk assessment to develop response strategies.

üConducting internal audits for BCMS maturity evaluation

·Advisory and Consultation on Managed Security Solutions

üResponsible for providing consultation and governance on implementation and operation management for several Managed Security Solutions and services as per the best practices and considering the Client environment and requirements.

üCarried out PCI DSS Gap Assessment and issued Initial Report on Compliance includes:

PCI DSS Gap Assessment for:

  • 2 Merchant in India (Global Merchant)
  • 1 Payment Processor in India
  • 1 Bank in India

Initial Report on Compliance for:

  • 1 Merchant in India (Global Merchant)
  • 1 Payment Processor in India
  • 1 Bank in India

·Risk Assessment

üCarried multiple risk assessments which includes formulation of Asset Register, Asset Classification, threat and vulnerability identification, likelihood of impact and probability of occurrence, based on Industry best practices such as

  • NIST 800-30
  • ISO 27005

·Incident Management & Handling

üFormulated a Incident Management Matrix based on Verizon's VERIS Framework

Nov 2008 - Apr 2011

Analyst - Security

HCL Technology

·Managed Security Services- Governance and Operation Management

üResponsible for implementation, governance and operation management for Managed Security Solutions comprising:

§Perimeter Security (Firewalls, VPN & IPS)

§Data Loss prevention

§Internet & Messaging Security (Forward Proxy)

§Security Incident and Event Management.

§End-Point Security & Encryption

·Information Technology Service Management:

üChair Bridge calls with CCB for effective Incident and Change management focusing on root cause identification, verifying Corrective action taken and identifying and implementing preventing actions.

üReviewing changes to ensure that change details like Change Impact, backup & restoration plan, acceptable window time and proper approval are in place.

üEnsuring adherence to Change SLAs and focusing on early closure on Incidents.

üEnsuring Client problems are resolved effectively within defined SLAs with minimum disruption to the Client.

üCoordinating with Release Management to get Changes approved and implemented.

May 2007 - Oct 2008

Technical Support Executive

VCustomer Pvt. Ltd

üWorldwide (USA, Asia pacific, Europe) Level 2 Technical Support for NETGEAR USA (A worldwide provider of technologically advanced, branded networking products).

üTechnical Support Included Installation, Troubleshooting and Configuration of Wired and Wireless network and Devices such as:

  • Wireless Access point/ Bridges, Range Extenders.
  • Business and Home Storage Devices
  • Multimedia Devices/Wireless Print Servers
  • Wireless Firewall Routers and SSL VPN boxes