Practical experience managing multiple large-scale compliance / auditprojects simultaneously for compliances like IT act, PCI-
DSS level 1, PCI-PINand ISO 27001 : 2013. Coordinating with different stake holders, working withexternal ISO-27001 and PCI-
DSS certifying organizations, certifiers and ITauditors and ensuring end to end compliance for all functions including IT, HR,admin, finance, operations, software development and legal.
Ability to set-up SOC(security operations centre) from scratch along with successful implementationknowledge of SIEM tools.
Conduct Risk assessmentsacross the functions and present the top risks to management. Create an ITcompliance risk assessment framework and periodically assess the regulatory,commercial and organizational, inherent and residual IT compliance risks.
Ability to design policies,procedures and standards along with information security training programs.Initiates, facilitates, and promotes activities to develop information securityawareness within the organization including conducting internet audit trainingas per ISO 27001 guidelines and PCI-DSS standards.
A very good understandingof designing and implementation of DLP, advanced end point security, malwares,bots and next gen firewalls, APT solutions exposure including protectingagainst Ransomware attacks.
Coordinates the developmentof the organization's disaster recovery and business continuity plans forinformation systems, and test readiness.
Create BCP test cases, BCP documentand plan.
Continual improvementprocess, measurement & tracking of overall ISMS maturity and goals of theorganisation.
Identify the associated ITcompliance control gaps and oversee the documentation, implementation andtesting of the entire IT compliance control portfolio.
Conduct internal audits tomeasure readiness against company security guidelines, ISO27001 : 2013, COBIT,PCI-PIN and PCI-
DSS standard. Plan, schedule & execute internal audits withall stake-owners within the business units.
Understand applicationvulnerability concepts, compliance management, patch management, andvulnerability intelligence technology.
Good experience in vulnerabilityremediation position.
Ability to create a goodIncident management and tracking program.
Strong analytical &troubleshooting skills
Excellent verbal, writtenand interpersonal communication skills, including the ability to communicateeffectively with the IT organization, management and business personnel.
Ability to lead a team ofprofessionals and experience with setting up KRAs, performance evaluations aswell as keeping the team motivated continuously.
Should have worked withexternal 3rd parties, application security vendors and service providercontinuously evaluating their performance and SLAs along with review of NDAsand contracts.
Mandatory Skills- ISO 2013 & PCI DSS.
Certifications : - ISO 27001 : 2013 Lead auditor / implementer, CISSP,CISM, CISA, CEH, PCI-DSS, PCI-PIN, COBIT