Information Security

- As a Consultant I am focused on consultancy for the implementation of Information Security Management Systems based on ISO/IEC 27001:2013 and IT Service Management System based on ISO/IEC 20000-1:2011.
- Establish an enterprise-wide information-security program for a client; oversee companywide efforts to identify and evaluate all critical systems for key customers.
- Design and implement security processes and procedures and perform a cost-benefit analysis on all recommended strategies.
- Collaborate with external auditors to conduct in-depth compliance audits for ISO 27001 and penetration testing, presenting results to senior management.
- Develop curricula and facilitate awareness training.
- Contribute to the development of effective approaches to reduce exposure to identified cybersecurity risks and recommendations.
- Contribute to the development of the Risk Assessment Framework, Implement Risk Treatment Plans in the client organization.
- Guide Management through information security / SAMA audits.
- Support client security assurance assignments by advising on audit recommendations and appropriate controls enhancement.
- Support client on SAMA Cyber Security Framework to effectively identify and address risks related to cybersecurity.
- Conduct reviews with adherence of SAMA.
- Advise client on all applicable rules and regulations, policies and standards about the activities of the organization and SAMA.
- Ensure that quality, integrity, and security as per SAMA s recommendations.
- Provided consultancy for the implementation of an IT Service Management Systems according to ISO/IEC 20000-1:2011.
- Provided consultancy for risk assessment and the establishment of Information Security Plan.
- Provided consultancy for business impact analysis (BIA).
- Provided consultancy for the implementation of a Business Continuity Planning & Disaster Recovery Management.
- Perform gap assessment between present data protection compliance policy and the requirement under GDPR.
- Based on gap assessment design a strategy for compliance with GDPR.
- Creating a data inventory that identifies processors and any data that is held within the organization.
- Facilitate the creation of a mechanism for ensuring data protection by reviewing third-party contracts and develop an accountability framework for the same.
- Advice on the creation of an operational structure for complying with data protection regulation.
- Consult on the creation of a periodic risk assessment and steps to minimize risk with GDPR perspective.
- Conduct data flow audit for Personal Data and Data processing.
- Conduct a data protection impact assessment in line with GDPR requirements.

IT Security

- Leading 15 team members on IT Service & Security Management initiatives across the organization and carrying out governance and compliance projects.
- Analyzed, designed & implemented business processes, procedures/policies to meet ISO 27001 & ITIL compliance; revaluated them by conducting an audit.
- Evaluating business processes to meet the requirements of ISO 27001 & ITIL V3 Framework and driving the transition from a functional to a process-based organization.
- Developed and Implemented Information Security Policies and Procedures.
- Implemented Change Management system with change verification.
- Coordinated periodic 3rd party vulnerability and penetration testing.
- Performed periodic review of access controls.
- Work with sales team on pre-sales and post-sales customer security evaluations.
- Perform company-wide risk assessment and treatment plan.
- Developed & maintained company-wide Risk Register.
- Introduced & implemented change management policies and procedures for infrastructure changes reducing the number of unscheduled or unplanned outages by 75%.
- Planned for all Information Security and Business Continuity activities to ensure the awareness and implementation consistency across the organization practices.
- Measured effectiveness of controls periodically & provided improvement.
- Designed entire frame-work to meet compliance requirements of ISO 27001.
- Chairing the Operational Steering Committee and guide the Project Sponsor on integrating Information Security & Risk Management within the project requirements.
- Collaborate with IT-Lead and Program Manager on project status reporting.
- Defining new OLA’s / SLA’s between IT team and Business / Operations.
- Following Services Issues with the Business department and IT department.
- Determining SLA’s for Service Desk to ensure that the correct targets are achieved.
- Following Business team Issues based on their priorities defined for SLM and to support the case with another department to be solved.
- Preparing Service Catalogue for internal and external customer services.
- Attending CAB to ensure the change will take place in the correct manner and with minimal disruptions.
- Ensuring the amendments are carried out is as per the plan.
- Responsible for providing that the targets achievement of and quantifiable targets of the Service Level Agreement as part of the day-to-day activities.
- The daily activities include comparing the required IT services with those delivered.
- Compile a monthly report stating the extent to which targets in the Service Level Agreement have and will be met.
- Reporting to the client on a quarterly basis regarding IT services delivered during the previous quarter, and the IT services that will be delivered in the coming quarter.
- Developed and implemented a comprehensive Continuity of Operations Plan for a highly complex organization by consulting with all departments ensuring critical functions were maintained and a smooth transition for off-site operations during both short- and long-term business disruptions.

Information Security

- Led a team of 7 to manage 4000+ across Mumbai and Pune locations.
- Picked up and tightened the lax implementation of infrastructure and information security; plugged loop-holes to create a robust infrastructure.
- Draft policies and procedures for implementation across organization levels; customized training for deployment across organization creating awareness for business continuity/audit compliances.
- Performed Risk Management and provided mitigation recommendations for projects within the organization covering Pune & Mumbai region providing Project Lifecycle Security Engagements for BFSI projects.
- Some critical aspects of RISK Management performed as mentioned: Identify potential risk, consult on correcting or reducing risk, report if uncorrected.
- Assist in the development of a risk register.
- Risk assessments on new projects, identify and reduce risk.
- Consult with Security Operations Team on security events.
- Planned for all Information Security and Business Continuity activities to ensure the awareness and implementation consistency across the organization practices.
- Measured effectiveness of controls periodically & provided improvement.
- Designed entire frame-work to meet compliance requirements of ISO 27001; awarded the re-certification within the first year with no significant ‘non-compliance’ remarks.
- Managed the Patch Management Compliance program; reported the status of Microsoft & Non-Microsoft patches, responding with measures as directed.
- Initiated and directing the Unauthorized Software Compliance program; scanned all users systems for the unauthorized software, educated user and providing approved solutions as per business needs.
Monitored and improved existing ISMS structure resulting in maintaining a competitive advantage and value system integrity.
- Assisted the Pre Sales team with RFP/ RFI demonstrating the Information Security and BCP/DR capabilities for the organization contributing towards the success factor of the business proposals.
- Conducted a robust continuity exercise comprised of a table-top exercise testing overarching contingency plans, a full-scale exercise testing actual implementation procedures achieving over 65% capacity, and facilitated an after action review to refine plans and increase capacity to successfully meet future contingencies.

Information Security

- Led a team of 12 to manage the capacity and availability of IT infrastructure across Pune and Chennai
Restructured the ad-hoc IT department growth by defining policies and procedures, SLAs and scope of delivery.
- Developed a business continuity plan for the company in light of its growing requirements; designed, introduced and successfully tested three cycles from scratch.
- Handled and facilitated internal and external audit compliances, won ISO 27001 certification with minimal findings.
- Provided asset management and inventory control to track company assets; controlled over utilization of software assets and salvaged software licenses to reuse/manage as spare capacity.
- Defining new OLA’s / SLA’s between IT team and Business / Operations.
- Following Services Issues with the Business department and IT department.
- Defining SLA’s for Service Desk to ensure the correct targets reached.
- Following Business team Issues based on their priorities defined for SLM to follow the case with another department to be solved.
- Attending CAB to ensure the change will take place in the correct manner and with minimal disruptions.
- Ensuring the changes carried out as per the plan.
- Responsible for ensuring the achievement of the targets and quantifiable targets of the Service Level.
- Agreement as part of the day-to-day activities. The daily activities include comparing the required IT services with those delivered.
- Compile a monthly report stating the extent to which targets in the Service Level Agreement have and will be met.
- Directed activities within the DR program including information security audits, establishing disaster recovery process, development of continuity plans, recovery support, and critical systems recovery.
- Developed and updated Information Technology Contingency Plans providing overall management in DR program capabilities regarding applications, infrastructure recovery, information security, crisis management, and disaster recovery compliance/audit initiatives.
- Worked with senior leadership and Compliance Team to respond to General IT Audit.
- Developed policies and procedures for disaster recovery initiatives.
- Facilitated testing of procedures, wrote after action reports, and updated plans based on corrective action findings.
- Updated Disaster Recovery Procedure Annex Plans. Implemented policy guidance for Emergency Notification.
- Coordinated and facilitated Disaster Recovery testing for business units/critical systems.
- Provided advice and wrote policy in support of standardization for System Recovery.
- Consulted and guided business units regarding vendors, service level agreements, contracts regarding recovery, and blanket agreement.
- Reporting to the senior management on a quarterly basis regarding IT services delivered during the previous quarter, and the IT services that will be delivered in the coming quarter.
- Managed two major external projects for clients:
- Planned wall-to-wall details and executed seamless integration to a new environment; facilitated transition of the data center and 500 users of AIG Home Finance across India, completing the project in 7.5months against the target of 9 months.
- Managed onsite server infrastructure implementation for D-TAC, Thailand; the designed run of 6 servers with built-in individual redundancy, supported local vendor on project implementation, carrying out testing and handover in 3.5 months.
- Identified & evaluated the open source tools in the initial stage & assisted in evaluating & procuring paid tools in the later stage; achieved cost saving of USD 50k annually.

IT Security

- Led a team of 60 in IT Service Management professionals for Pune and Hyderabad locations.
- Managed USD 3.2million annual operating budget for the department to develop and complete connectivity network, storage servers, desktops, laptops, and hand-held devices; saved a total USD 100,00 of the operating budget.
- Saved 8% of IBM open license costs by matching active users and salvaging unused licenses from the legacy system; redeployed proper licenses and saved spare for ready availability.
- Saved 13.5% expenses on buying by diligently disposing/recycling shelved and end-of-life hardware inventory.
- Following Services Issues with the Business department and IT department.
- Attending CAB to ensure the change will take place in the correct manner and with minimal disruptions.
- Ensured that the changes were carried out as per the plan.
- Compile a monthly report stating the extent to which targets in the Service Level Agreement have and will be met.
- Reporting to the client on a quarterly basis regarding IT services delivered during the previous quarter, and the IT services delivered in the coming quarter.
- The initiated transition of IT Helpdesk to the third party; defined response procedures, SLAs and training for one year before handover; reallocating 7-FTEs to other projects.
- Designed ISO 20000 best practices and implemented ITIL V2 for 105 projects in the 1st phase of total 700+ across locations; led the team of 15 project managers for these support projects.
- Involved in the recruitment and training of recruits in the department and mentoring.
- Developed and implemented Business Continuity Management components such as Business Impact Assessments (BIA), Business Resumption Planning, Plan Maintenance, Incident Management.
- Conducted risk assessments for business units and identified operational risks, the potential magnitude of impact and guidance for risk mitigation in alignment with HSBC continuity directives.
- Managed, Business Continuity Program developed and maintained appropriate documentation.
- Coordinated and facilitated planned Business Continuity efforts with internal partners, participated in the development and execution of periodic Disaster Recovery and Business Continuity testing.
- Coordinating full-scale exercises for HSBC Exercises.
- Conducted gap analyses to identify IT resources availability issues.
- Continuously monitored and reported the availability of IT resources. The assessed risk associated with disruptive events.
- Maintained and monitored a DR/BCP risk action plan. Planned IT services recovery and resumption and established procedures for conducting post-resumption reviews.
- Facilitated the documentation of disaster recovery and service contingency plans.
- Ensured that all IT systems were in compliance and contained comprehensive plans for the recovery of assets and services.
- Annually tested ITS continuity and disaster recovery plans and developed follow-up action plans from test results.
- Assisted with efforts to improve disaster/emergency notifications.
- Identified and evaluated business and technology risks, internal controls that mitigate risks, and opportunities for internal control improvement.

IT Security

- Managed various projects to assess security risk, protect information assets and support IT governance by designing customized policies and procedures.
- Outlined implementation programs for clients in various business domains like FMCG, Banking, - Manufacturing, Shipping & Port Management, Food Products, and Education.
- Managed transition from outgoing IT Director and handover to incoming IT Director.
- Independently managed IT infrastructure & network security servicing 2700 students & parents in there - one-year life cycle & 100+ staff of American School of Bombay for a period of 6 months.
- Recognized for physically salvaging the data center including servers, network & storage devices during Mumbai floods of 2005; restored connectivity within 24 hours; won appreciation from Director-ASB and Mr. Anand Mahindra.

Information Systems

- Managed IT infrastructure servicing 400 users with a team of 3; monitored & updated lifecycle of all hardware/ software.
- Designed, planned and executed business continuity and disaster recovery plan for the IT Infrastructure; represented the department in meeting ISO 27001 standard for Mumbai location.

Information Security

- Conducted analysis on IT security and suggested security model address the issues to corporate clients.
- Assisted corporates to meet BS7799 certification standards

Information Security

- Individually designed the network infrastructure, security aspects, connectivity framework for the IBM offshoot company in San Jose; administered the network, servers, and security with a team of 3
- Planned for business continuity & disaster management; designed security policies and procedure to stabilize and ensure uptime of all system.

Network Solutions

- Designed solution offerings for network integration for Kirloskar Oil Engines Ltd, Mercedes Benz India Ltd, Thermax Ltd, Bharat Forge, National Chemical Laboratory, Mahindra United World College of India, Thermax India, Research & Development Engineers (India Military Organization).
- Led a team of 3 for technical support and troubleshooting.

Information Security

- Managed computerization of 6 co-operative banks & system integration spanning 2 head-offices, 50 branches & 1000+ users across Western Maharashtra with a team of 25 engineers.
- Rated as 3rd Best Support Team by IBM amongst their dealers across India; handled other products for Modi Olivetti, Rolta India, Compaq, and ICIM.