I worked as senior consultant in Governance Risk and Compliance practice of Wipro Consulting Services.
- Execute and manage medium to large scale projects as a team leader;
- Perform attack and penetration tests, vulnerability assessments, systems and network devices configuration reviews and network architecture design and reviews;
- Perform Information Security Risk & Control Assessments (via interviews, network and application vulnerability assessments, penetration tests, walkthroughs, and physical inspections) of IT systems & related areas at the client site;
- Coordinate with clients, analyze their business processes, understand security system requirements to design and develop comprehensive information security management systems;
- Design, implement and lead the Application Security program;
- Analyze, develop and manage information security policies and procedures in line with the client’s business needs so as to ensure preventive and recovery strategies are in place to minimize the impact of realized threats;
- Present findings and work products to senior management of the organization during and after projects.
UK Leading Energy Giant– Performing IT Risk Assessments and Reviews of IT projects running across the world by executing following key activities:
- Finding Management
- Supplier Accreditation (Third Party Audits)
- Managing Risks in RFx processes
- Change Management
- Assistance with security testing
- DSOP – checklist reviews
Real Estate giant in Abu Dhabi - ISMS implementation
- Involved in ISMS implementation (against ISO 27001 standards) in the largest Real Estate business group of Abu-Dhabi.
- Primarily I was responsible for risk assessment of networking devices, VoIP, blackberry services web applications and their supported critical infrastructure.
- In this project as part of the implementation team I performed various activities like current state analysis, technical infrastructure assessment, asset register preparation etc. For this project performance he achieved Best Project Team-Member award in year 2009.
Application Security Advisory - I was tasked with establishment of Secure Software Development Life Cycle (SSDLC) which essentially involved defining SSDLC framework for application development, develop Security Policies, Checklist, Risk Assessment and Threat modeling procedures, carry out Application security assessment, prepare Secure Coding Guidelines for the developers, and carry out Application Security Awareness training for developers and user groups.