Key Result Areas:• Assist business to identify, manage and track operational and fraud risks associated with people, processes and technology in a consistent manner and ongoing basis• Manage risk assessments and periodic control testing in reference to ISO27001, ISO3100, ANZ 4360 and COBIT frameworks • Overseeing the establishment, implementation and adherence to policies and standards that guide and support the terms of the information security strategy• Conduct risk based audits on ISO 27001 and PCIDSS information security standards for all the enterprise accounts• Identify, research, evaluate, and/or resolve risk issues impacting the business• Advising and making recommendations regarding appropriate personnel, physical and technical security controls• Good understanding on SSAE 16, ISAE 3402, HIPPA, COBIT, ISO3100, ANZ 4360, NIST frameworks and Vendor Assessment Audits • Strong conceptual understanding of information security and risk concepts and ability to relate them to business objectives• Managing the information security incident management program to ensure the prevention, detection, containment and correction of security breaches• Vendor or partner security risk evaluation• Network device configuration review and analysis• Business continuity and incident management plan review and analysis• Creating an enterprise wide information security education and awareness campaign• Periodic management reporting through established matrices and effective measurement of risk attributes to report risk trending and demonstrate compliance• Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies

Key Result Areas:• Evaluate application architecture in relation to its target deployment environment and infrastructure • Review design choices in each of the key vulnerability categories defined by a security frame work• Manual and tool based reviews of source code to identify code-level issues that may enable an attacker to compromise an application, system, or business functionality• Identify and rate threats based on a solid understanding of the architecture and implementation of the application• Address threats with appropriate countermeasures in order to reduce the risk• Conducting vulnerability assessments on web apps, infra devices based on industry standard frameworks like OWASP, WASC and SANS.• Analyze the vulnerabilities for possible exploitation and conduct penetration testing• Conduct security assessments on android and iOS apps• Implement secure coding techniques into mobile development lifecycle to protect mobile apps from high risk attacks• Analyze security of network communications and data transmissions• Residual data analysis of local storage and caching (passwords, usernames, and other sensitive data)• Native code execution analysis• Security configuration review and hardening guidelines for firewalls, routers, switches ,web servers and database servers

Key Result Areas:• Understanding the client network architecture and necessity of vulnerability assessment• Perform network device and server vulnerability assessments, review findings with clients and implement countermeasures • Perform penetration testing using metasploit on internal and external infrastructure devices. Social Engineering attack using BackTrack• Wi-Fi basic penetration test using the applications WiFinder, Aircrack –ng and Kismet• Defining and implementing ways to minimize the consequences of a potential attack• Provide application security related consultation support for, threat modelling, security controls vulnerability assessment and counter measure designing• Provide consultation support to the development team with regards to the detected vulnerabilities• Identify, evaluate and implement corrective action against risks that may result in loss, damage or legal liability• Risk analysis of network devices and server decommissioning• Coordinate with different IT departments and CISO’s for getting approvals for new projects• Responsible for giving solution to assist enterprises to administer important business as well as operational risks and to identify best practices• Change management responsibilities using remedy tool

Key Result Areas:• Infrastructure and web application security assessments• Corporate Symantec anti-virus management• E-mail gateway management- Message Labs• Microsoft Tuesday patch analysis• Compliance and auditing• Business continuity process-disaster recovery policy creation and audit