▪ Lead PCI DSS certification audit and compliance for the organisation post certification expiry.▪ Experience in leading multiple customer and regulatory audits to its closure.▪ Lead ISO 27001 internal audit team for products and services.▪ Based on regulatory body security requirements perform gap analysis for organisation.▪ Coordinate with legal team on onboarding legal agreements on ISMS perspective.▪ Initiate vendor onboarding by performing due diligence and risk assessments.▪ Perform annual review of organization policy and procedures.▪ Member of Change Control Board; review of changes performed across organization.▪ Review of Information Security advisory to organisation on recent threats and newsletters.▪ Reports and dashboards on customer engagements on risk and governance and internal ISMS metrics

▪ Performed business process risk assessment for CAMSPay and identified potential risks in ISMS perspective.▪ Perform ISMS review on agreements, MSA and SOW of clients(pipeline) related to payment and Insurance.▪ Initiated vendor risk assessment for existing vendors and due diligence.▪ Based on regulatory body security requirements performed gap analysis for business units.▪ Regular Access Control Audits in source code repositories, platform environments.▪ Coordinate with stakeholders on audit findings and remediation.▪ Coordinated with regulatory boards to comply with ISMS requirements.▪ Induction and Awareness Sessions on Information Security to educate the employees.

▪ Perform ISMS internal audits for IT Projects(Development and Maintenance).▪ ISMS internal audits for all internal divisions of the organization.▪ Coordinated obtaining SOC 2 Type II attestation for the organization.▪ Regular Access Control Audits in source code repositories, platform environments.▪ Periodic reviews on MSA, Legal Contracts like NDA, SoW for new onboarded clients.▪ Record Of Processing Activities(ROPA): Coordinated with architects to understand the PII involved in the applications and prepared the ROPA adhering GDPR guidelines.▪ Regular internal tools audit (Slack, Wiki, GSuite)▪ Induction and Awareness Sessions on Information Security to educate the employees.

▪ Perform ISMS internal audits for IT Projects(Development and Maintenance).▪ Regular Access Control Audits in source code repositories, platform environments.▪ Regular internal tools audit (Slack, Wiki, GSuite)▪ Induction and Awareness Sessions on Information Security to educate the employees.▪ Managing entire security monitoring for eCommerce agency.▪ Identify, investigate and report IT security risks/incidents.▪ Have implemented Content Filtering System and Application Control in Firewall across agency.▪ Perform internal security appliance audits and provide risk registers.▪ Respond to everyday security exploits/vulnerabilities and initiate report to mitigation.▪ Provide reports on weekly and monthly basis.

▪ Managing entire security infrastructure for Health Care Organization▪ Handling endpoint security for 3000+ endpoints, including migrating from legacy antivirus to cloud environment. ▪ Have implemented and deployed Web & email appliances.▪ Monitoring web traffic using Sophos web gateway. Implement policies, analyse web traffic manually and taking necessary actions.▪ Monitoring email traffic using Sophos email gateway. Fine-tune anti-spam policy and SPX policy, analysing spam mails manually and taking preventive measures.▪ Managing mobile device security using Sophos MDM.▪ Perform phishing awareness campaigns to improve security awareness of end users using Sophos phish threat.▪ Internal Android Applications Vulnerability Assessment – Reverse engineering and manual code analysis.

▪ Identify, investigate and report IT security risks/incidents.▪ Monitor logs using IBM QRadar, investigate offences and initiate incident response.▪ Identify malicious websites and recommend to block in web gateway.▪ Perform spam email analysis. ▪ Provide reports on weekly and monthly basis. ▪ Work in par with ITIL, HIPPA and Industry best practices.