| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Information Security Analyst(Street Address ) 508-3379 EMAIL AVAILABLE https://LINKEDIN LINK AVAILABLESummary :Over 15 years of expertise in providing leadership to all IT GRC processes, including Data Privacy, Information security & Governance Risk and Compliance.Certified in ISO27001 & ISO27017 Cloud security, provides independent assurance over the adequacy, appropriateness, and effectiveness of the IT internal control environment, & compliance with policies, procedures & regulatory requirements.Expertise in managing various compliance requirements that include but are not limited to Data Privacy, PCI DSS, GDPR, CCPA, ISO, NIST, HIPAA, and Internal/External Audits; interfaced with the external auditors to provide the most benefit to the organizationExperience in security frameworks CIS, NIST CSF, ISO, COBIT, OWASP Top 10.Expertise in governance, risk and compliance (GRC) directed reporting to senior management, the Board and Risk Management Committees, regulators, and provided leadership to routinely drive change to effectively manage risks controls, systems, and processes across the organization.Expertise in Develop, Review and Enhance security policies based on NIST, ISO, Frameworks, Conducted Risk and Control Self-Assessment (RCSA) for applications and infrastructures.Experience in Cybersecurity Program & Project Management.Expertise in conducting privacy impact assessments when PII is involved.Experience in Security Monitoring tools like SIEM and troubleshooting.Experience in Security Operations, Implement and test firewalls, Managing IDS and IPS.Experience in SOC operations and compliance, and SOC1 & SOC2 assessments.Experience in DevSecOps, Operations and security compliance.Leads the analysis and evaluation of technology-driven business processes and controls within the organization to create risk-based audit programs and testing methodologies (ITGC, GRC) to evaluate the adequacy of controlsManaged day-to-day operational risk management activities such as risk and controls assessments, incident capture and analysis, and scenario analysis and planningDefined the risk management framework for the department and ensured that the highest level of quality was maintained; led and supported efforts to identify and mitigate risk, within assigned areas of responsibilityTechnical Skills :GRCRSA Archer, BWise, IBM Openpages, Allgress, Risk Recon,Ticketing ToolsMaximo, SharePoint, ServiceNow,Technologies,Database, Infrastructure, On-premise & Cloud, application security, cloud security, AWS, VPC, EC2, Lambda. Azure. SIEM,Other Technical skillsSQL, Java, Database management, SDLC, NetworkingCertificationsITIL Foundation v3 Certified (2014)ISO27001 From BSI Certified (2017)CISM from ISACA Training (2022)ISO27017 Certified (2023)CCPA Training (2020)Azure Fundamentals (2023)Professional experienceCompany: Novartis Healthcare Pvt Ltd Dec 23 June 24Role: Security ExpertDescription:Novartis Healthcare private ltd. is leading pharmaceutical company in the world, Novartis produces innovative medicines and research in drugs. I was Business information security expert, Assessing Novartis applications and infrastructures for security compliance based on Legal and Regulatory requirements for IT and Pharma Industries.Responsibilities:Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediation.Understand and analyze the Quotes and Opportunity information and determine the impact of new implementation on existing business processes.Security assessments for new and upgrading projects to identify security gaps and suggest recommendations utilizing NIST 800-53 and conduct the risk assessments with NIST 800-30.AWS Network and Security Assessments using EC2, VPC, Remediation validation using AWS Lambda.Take lead on vulnerabilities and issues, work with business and application owners to fix them on time. Evaluating SOC2 documents for third party applications and mitigations.Involved in major leadership decisions in security exceptions, reviewing and updating Information Security Policies and procedures, SOPs Standard Operating Procedures.Suggest security enhancements and project governance & Operation.Environments: AWS Cloud, Sentinel, Archer, Azure Cloud platform, On premise infrastructure and applicationsClient: Capgemini Jan 21 - Nov 23Role: Security ArchitectProject: Heathrow AirportDescription:Heathrow is one of the leading airports in the world, My role was to assist in security assessments for the applications and infrastructure within Heathrow not limited to review and approve security assessments, Data privacy, GDPR, PCI-DSS, and other Local, Federal & Legal requirementsResponsibilities:Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediationConducting Cyber Security Impact Assessments on various applications and infrastructure within Heathrow based on NIST, ISO & COBIT FrameworksConducting Business Impact Assessments (BIA) for business-critical systems and providing ratings for the applications.Conducting firewall reviews and managing IDS and IPS within security operation center.Conducting TPRM for the vendors and applications who provide services to Heathrow and validate SOC1 & SOC2 reports for security vulnerabilities. Conducting Security awareness trainings for team on SOC1 & SOC2 complianceConducting internal controls testing to ensure they meet SOC1 and SOC2Conducting Information security awareness training to technical staff on compliance requirements.Ensuring compliance with GDPR privacy regulations and SOC2 privacy criteria.Define Scope of penetration testing and validating the results based on the reportsAssessing cloud infrastructure application on data hosting and migrations. CAIQ Cloud security questionnaire assessmentsPerformed risk assessments for the applications dealing with payment card details based on regulatory requirements PCI-DSS.Conducting Data Privacy Impact Assessments (DPIA) on Applications carrying out PII.Evaluate the data flow diagrams and architecture documents, Detailed design document and conceptual design documents.Ensuring compliance with GDPR privacy regulations and SOC2 privacy criteria.Environments: Azure Data Factory, AWS, EC2, VPC & Azure data bases, SharePoint, Tenable, Nessus,Client: PWC Acceleration Center May 18 Aug 20Role: Security LeadProject: Mitsubishi UFJ Financial GroupDescription:Responsibilities:Data Privacy (GDPR & CCPA) CompliancePCI Compliance PCI Assessments, Requirement evidence gap analysisApplication & Infrastructure risk assessments New Asset CertificationPerformed gap assessments with standard requirements NIST 800-53, 800-37, 800-30.Risk & Controls Self-Assessment on IT General Controls and Risk ManagementQA of Risk, Threat & Controls, Control Design Quality Analysis, Control Implementation, Control Risk Mapping Quality checkPerformed Physical Security audits using Genetec Security solutions. Validating and updating physical security controls.Conducting cloud security assessments on AWS & Azure.Conduct risk assessments based on security frameworks CIS, NIST 800-30, & COBIT.Data Privacy Requirements, Data Survey interviews, Data Discovery, Data lifecycle management, Data flow maps,Perform assessment and prepare ROC report on 12 PCI-DSS Controls with V3.2Perform Gap Analysis and prepare policy documents.Co-ordinate with Process Owners & Control Owners towards design, implement and testing of the controls, and remediation of control design, Risk and control mapping,Used GRC Tools for risk management, Open pages, Bwise, Archer.Environments, AWS, SharePoint, Tenable, NessusClient: Lead IT India Pvt Ltd July 17 Mar 18Role: Sr Risk Management ConsultantProject: HoneywellDescription:Honeywell Aerospace Technologies is a manufacturer of aircraft engines and avionics. My role was to mange the risks with in the applications, database and servers with regulatory and legal compliance.Responsibilities:Coordinated and facilitated internal (ISO 27001 Audits) and external audits; followed-up on audit issues responses, action plans & remediationMonitored risk assessments, vulnerability assessments and risk-based security reviews / audit were conducted periodically for applications, databases, operating systems and network devicesUtilized a remediation program that reduced findings from Penetration Testing and Security Assessments (Network, Database, Web Application and Servers)Administered Access Permissions and Asset Management, their analysis planning, & coordinationPromoted information security culture by creating awareness using different modes (workshops, emails, portal articles) of training & awareness sessionsPerforming ITGC testing for the applications and preparing TOD & TOE along with work papers.Designed and implemented security controls, procedures and standards, Information Security (IS) structure, especially regarding logging of security events and the security risk mitigation controlsConsistent and value-driven performance led to numerous appreciations from US based clients & customersPerformed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assetsClient: Invesco Ltd Sep 16 July 17Role: Advance Risk AnalystProject: InvescoDescription:Invesco Ltd. is an American independent investment management company that is headquartered in Atlanta, Georgia, I was conducting the risk assessments and audits for the organizations.Responsibilities:Executed and documented SOX Compliance and regulatory reporting controls testing throughout the organization including documentation of processes & controls and evaluation of control design and operating effectivenessAssessed and implemented Information and Technology (IT) / Information Security (IS) Governance best practices, recommendations & Industry Information Security (IS) requirementsPerformed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assets.Consistent and value-driven performance led to numerous appreciations from US based clients & customersPerformed security risk assessment/analysis & recommended mitigation through appropriate controls, both in projects and for existing assetsClient: IBM India Pvt Ltd Mar 11 Sep 16Role: Information security analyst, Sr operational professional.Project: Statestreet Bank, Morgan Stanley, Molina Healthcare, BHP Billiton, Hartford, TelstraDescription:State Street Corporation, is a global financial services and bank holding company headquartered at One Congress Street in Boston with operations worldwide, I was managing security compliance for the systemMorgan Stanley is an American multinational investment bank and financial services company I was doing the NAC ( New Asset Certification) finding and fixing the security issues before onboardingMolina Healthcare, Inc. is a managed care company headquartered in Long Beach, California, United States. I was Auditing the company for local, Federal and Legal regulatory requirements.Responsibilities:Conducted ITGC Testing on applications and infrastructures and successfully managed multiple countries transition and transformation projects across Peru, Chile, Colombia & Brazil for cybersecurity assessments.Conducted System security checks for Unix & Wintel systems based on industry best security standards.Lead the Change Authorization Board in managing the changes on systems.Coordinated and facilitated KCO, SSAE16, CTP, SOX and PWC audits with zero defects.Appreciated by Audit Committee members and Higher Management of audited companies for probative engagement in resolving an issue on a RED account during the corporate auditEstablished Security Delivery Metrics to enhanced visibility of security performance at Global Delivery CentersImplemented security controls for clients based on security requirements.Defined and created process metrics for the new process "In Security Health Checking" for preventive monitoring and effective capacity planning as per client needsEnvironments: Unix, Wintel, Microsoft power point, Excel, VLOOKUP, HLOOKUP,Client: C R INFOTECH Private Limited Sep 08 Feb11Role: IT AssociateProjects: Walmart, Irving oil,Description:Walmart Inc. is an American multinational retail corporation that operates a chain of hypermarkets, discount department stores, and grocery stores in the United States,Responsibilities:Performed system security patch evaluation and follow up on fixing.Co-ordinated with System admin experts on latest released Microsoft TechNet patches and evaluated for applicability and helped in pushing the patches through Qualys guard.Conducted System security checks for Unix & Wintel systems based on industry best security standards.Performed system access control testing through IBM endpoint manager tool and identified vulnerabilities.Co-ordinated with change authorization board team in fixing the pending vulnerabilities.Helped admins in fixing the system access control vulnerabilities like password complexity criteriaPrepared dashboards on patch and system access control findings and presented to management on compliance.Involved in internal audits and conducted Access, Change, Incident, Backup control testing.EducationCourseCollegeYearMasters in Computer Applications (MCA)St Martins PG College, Osmania University, Hyderabad, India2005-2008Bachelors in Computer ApplicationsFrom Kakatiya University, India2002- 2008 |
