·ISMS Implementation, Sustenance and Audits
üImplemented ISMS for clients in BFSI and ITES domains and enabled them to attain ISO/IEC 27001:2005 certification. Implementation and certification was followed by sustenance of compliance requirements of the standard.
üConducted IS audits in accordance with client’s Information Security Policy, ISO/IEC 27001:2005 standard and other Information Security frameworks.
üConducted IS Reviews for Processes, Technology, Application and Systems considering the Client’s Information Security Policy and best practices.
·BCMS Implementation and Audit
üDeveloped, implemented and audited BCMS for a client in ITES domain.
üEstablish IT recovery strategies and procedures for mission critical systems.
üDevelop and implement backup, storage, and rotation procedures of critical systems including hardware, software, and documents.
üConducting a risk assessment to develop response strategies.
üConducting internal audits for BCMS maturity evaluation
·Advisory and Consultation on Managed Security Solutions
üResponsible for providing consultation and governance on implementation and operation management for several Managed Security Solutions and services as per the best practices and considering the Client environment and requirements.
üCarried out PCI DSS Gap Assessment and issued Initial Report on Compliance includes:
PCI DSS Gap Assessment for:
Initial Report on Compliance for:
üCarried multiple risk assessments which includes formulation of Asset Register, Asset Classification, threat and vulnerability identification, likelihood of impact and probability of occurrence, based on Industry best practices such as
·Incident Management & Handling
üFormulated a Incident Management Matrix based on Verizon's VERIS Framework
·Managed Security Services- Governance and Operation Management
üResponsible for implementation, governance and operation management for Managed Security Solutions comprising:
§Perimeter Security (Firewalls, VPN & IPS)
§Data Loss prevention
§Internet & Messaging Security (Forward Proxy)
§Security Incident and Event Management.
§End-Point Security & Encryption
·Information Technology Service Management:
üChair Bridge calls with CCB for effective Incident and Change management focusing on root cause identification, verifying Corrective action taken and identifying and implementing preventing actions.
üReviewing changes to ensure that change details like Change Impact, backup & restoration plan, acceptable window time and proper approval are in place.
üEnsuring adherence to Change SLAs and focusing on early closure on Incidents.
üEnsuring Client problems are resolved effectively within defined SLAs with minimum disruption to the Client.
üCoordinating with Release Management to get Changes approved and implemented.
üWorldwide (USA, Asia pacific, Europe) Level 2 Technical Support for NETGEAR USA (A worldwide provider of technologically advanced, branded networking products).
üTechnical Support Included Installation, Troubleshooting and Configuration of Wired and Wireless network and Devices such as:
Jatin Suri (Client)
Vice President - IT India Business,
Member of Information Security Committee, iYogi Technical Services Pvt Ltd
Paras Arora ( Peer)
Project Manager - Professional Services, Verizon Enterprises Solutions
Chetan Sharma (Peer)
Project Manager - Global Security Operations, HCL Technology