Anuj Nanda 🇮🇳 Email and Phone Number

Overall responsibility for technology risk management, information protection, and security assurance of the organization.Developed IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements.Creation and deployment of Security Awareness Program, Computer Incident Response Team, and Disaster Recovery / Business Continuity Plans to safeguard the firm.Developed methodologies to perform risk assessment, business impact analysis, and security assurance to improve systems and operational security.Implemented aggressive anti-phishing program and technical controls.Conducted Threat and Risk Assessments and IT Security reviews (50+) to assess business and technology risks within the current operating model.Worked with business units to identify their perceived threats to the integrity, availability, and confidentiality of their information assets.Successfully remedied the organization to begin SSAE 18 SOC2 test period in less than 6 months to transition from SOC1.

Perform risk assessment, threat analysis and vulnerability assessment.Recommend compensating controls to mitigate business risk.Overall responsible for all security-related business controls for the customer.Provide leadership for Information Security, Governance, Risk and Compliance in adherence to both regulatory and contractual requirements for all Managed Services related activity.Responsible for overall quality and compliance of locally delivered security services working with GSS Security Service Delivery global head.Accountable for resolution of Security Incidents (in collaboration with CSIRT and customer InfoSec organizations).Participate in internal and client-facing meetings, and prepare audit/compliance reports and presentations.

Ensuring compliance with established information security policies, procedures, and standards through ongoing monitoring process.Evaluating effectiveness of security tools and testing methods.ISMS best practices framework implementation based on IS027001 standard.Conducting security awareness training, and educating colleagues of best cyber security practices,Complete user life cycle management i.e. from user provisioning/enrollment to de-provisioning.Advising senior management by identifying critical security issues; recommending risk-mitigation solutions.Performing information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program.Assisting both internal and external audits relating to information security as well as performing independent audits to validate completeness and accuracy of the information security program.Administrating & Managing dashboards for endpoint security solutions like Antivirus, Data Loss Prevention (DLP), and Network Access Control (NAC).

Reviewing company's operational processes and security policies in accordance with security programs.Identifying training requirements in order to create & conduct security awareness programs.Regularly reviewing, assessing and making recommendations regarding all aspects of the company’s information security program.Identifying control deficiencies and/or process inefficiencies and assist in developing process improvements.Managing investigation, mitigation, resolution, and reporting of security incidents.Working with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Company*s Information Security Policy.Assisting with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports.Working with stakeholders to provide security solutions that support their business requirements.Identifying, developing, and implementing mechanisms to detect & prevent security incidents through proactive measures.Preparing and authorizing the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Steering Committee.Conducting security risk assessments on new products and systems, periodic security risk assessments on existing systems and identifying and/or recommending appropriate security countermeasures and best practices to ensure compliance with COBIT & NIST Special Publication 800-53 security frameworks.Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, and incident handling).

Monitoring and certification of users and security profiles on a periodic basis to provide assurance that all personnel have the appropriate security clearance, authorization and need-to-know prior to granting access to systems & information.Assessment of information technology control elements on a periodic basis to mitigate IS/IT risks regarding the confidentiality, integrity, and availability of clients information.Analysis of system logs / security reports for initiating preventive measures.Assistance with the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of information and to prevent, detect, contain, and correct information security breaches.

Proactively monitor and administrator security systems for anomalies and threats to the Company's computing environment.The security systems include firewalls, intrusion prevention & detection, vulnerability scanning systems, Identity & access management systems and endpoint security systems.Developing security policies, standards, and processes to protect the Company's information resources.Coordinate security projects and acts as a liaison between IT Security, process owners and system managers.Responding to security incidents, providing assessment of impact severity and types of incidences being addressed. Coordinating resolution efforts and preparing reports of findings.Performing security assessments and testing to help identify security risks.Conducting, reviewing and providing direction to all Security Calendar Activities like TCP/IP scanning, ID Validation & reconciliation, Health checks, Logs review, Anti Virus management, Patch Management.Plan, and more.Coordinating and Supporting Atos Client/Internal/Standards ( ISO 27001) audits.Gathering customer requirements/contractual obligations and ensure compliance.

Managing and supervising assigned staff, provide technical guidance & advice, schedule assignments and training and conduct performance feedback.Planning, installing and maintaining systems software to ensure a secure and efficient data processing environment.Performing system performance monitoring and tuning, participate in capacity planning and systems configuration; make recommendations on hardware and software enhancements to fine tune or update the regional operating environment.Providing technical support to both systems operation support and data center operations personnel.Interfacing with outside vendors to coordinate software and hardware problem resolution.Participating in the selection, analysis and modification of vendor-supplied systems and network software and adapt new systems to the regional operating environment.Assisting in evaluating, recommending, acquiring and installing new hardware or hardware upgrades.Providing data and root cause analysis for each service impacting incident with all possible corrective actions for improvement.Deploying software patches and upgrades into production and perform post-patch verification.Working with multiple teams in analyzing each service outage, measure, maintain and present the service quality metrics to management.Responsible to maintain 24/7 service to customers and reduce MTTR in case of service interruption.