- Lead, mentor, and manage a team of security professionals, providing guidance and support for their development- Establish and oversee governance framework for information security and compliance activities- Continuously assess and improve the organization’s security posture and compliance standing- Prepare and present regular security reports to senior management, including metrics, incident summaries, and compliance status- Prepare for and coordinate internal and external audits related to business continuity, ITGC, SOC, information security and regulatory compliance- Formulate and maintain the organization’s information security strategy in alignment with business goals and objectives- Drive end-to end client engagements for ISO 27001 transition from 2013 to 2022 standard version- Develop, implement, and update information security and business continuity policies, procedures, and guidelines- Operationalize organization wide GRC tools for internal/external audits, unified controls repository, documentation management, risk management, evidence collection, POAMs, disaster/incident communications, etc.- Lead multiple security risk management, operational resilience and regulatory compliance client engagements

- Implementation of ISO 27001:2013 and ISO 22301:2012 standard for multiple clients from Technology, Media and Telecom industry- Creation of policies, processes and procedures in accordance with ISO 27001, RBI requirements and PCI-DSS for a leading Banking service provider- Performed Crown Jewel assessment to identify critical assets for multiple clients- Creating ISMS IT Global Framework to enable central IT Audits and provide centralised framework with evidence repository- Remote ISMS assessments of global network infrastructure service provider of a major telecommunication organization (Vendor Risk Assessment)- Perform context based risk assessment and devise associated risk treatment plan for various sites globally- Creation and maintenance of Key Performance Indicators for continuous monitoring and measurement in alignment with organization’s ISMS objectives- Managing client communication, project timelines, regular updates and lead ISMS implementation discussions with global stakeholders

- Implementation of ISO 27001:2013 standard at various sites of a major telecommunication vendor globally- Identify and address gaps in current ISMS documentation(Policies, Processes and Procedures) and articulate documents which are not in place to meet ISMS requirements- Face internal and external audits and ensure closure of any non-conformance with apt corrective action implementation- Deliver knowledge sharing sessions to client and internal team regularly- Managing client communication, project timelines, regular updates and lead ISMS implementation discussions with global stakeholders

- Leading multiple compliance and governance projects for domestic and international clients across various industries- Assisting in assessment across People, Process and Technology verticals for multiple Domestic and International Clients- Articulation and review of Policy, Process and Procedures documents according to the organizations infrastructure- Organization-wide implementation of ISO 27001(ISMS) and 22301(BCMS) for multiple clients - Execute, manage, and perform end to end IT Security Maturity Assessment along with the team- Prepared various detailed audit reports on audit findings along with risk description and corresponding remediation procedure- Managing customer communication, project timelines, regular updates and an internal team of 2 junior security analyst- Involved in product innovation and testing of the custom Compliance Framework Module

- Involved in multiple compliance and governance projects for domestic clients across various industries- Assisting in assessment across People, Process and Technology verticals for many National and International Clients- Articulation of Policy and Process documents according to the organizations- Performed online reputation management (ORM) for one of the major DTH service providers in India- Conducted various Third-Party Vendor Audits by meeting stakeholders, understanding the process, identifying and evaluating the risks- Organization-wide implementation of ISO 27001(ISMS) and 22301(BCMS) for multiple clients- Execute, manage, and perform end to end IT Security Maturity Assessment along with the team- Conducted ATM Audits to validate physical and digital security controls for one of the PrivateBanks of India- Prepared various detailed audit reports on audit findings along with risk description and corresponding remediation procedure- Managing customer communication, project timelines, regular updates and an internal team of 2 junior security analyst- Designing and managing custom Compliance Framework which incorporates ISO 27001/02, ISO 22301, NIST 800-53R4, NIST 800-171R1, NIST 800-30R1, PCI DSS v3.2.1, NICE Framework, IRDAI guidelines, SEBI circulars and more- Risk Quantification to measure the level of severity of the risk (based on the NIST SP 800-30r1)- Appointed as Internal Auditor at Lucideus Tech. to ensure compliance with ISO 27001:2013 (ISMS) and ISO 9001:2015 (QMS)- Involved in product innovation and testing of the custom Compliance Framework Module

• Conducted Information Security Administrator training sessions illustrating their roles & responsibilities, focused on Risk Assessment Methodology• Conducted Information Security User Awareness sessions• Conducted Internal Audit for ISMS at 7 different locations across Nation• Drafted baseline documents & policies for Servers, Applications, Network & Backup• Drafted checklist for servers, network & applications for mock audit & risk identification• Performed gap analysis between IS Manual & practical implementation• Performed Risk Assessment to determine/assess the risks and suggest related controls• Performed Browser Forensics & System Forensics (using sys internal tools)• Proposed Dynamic Authentication in place of Hard-Coded mechanism to improve security• Performed Nessus report analysis to apply controls and mitigate the existing vulnerabilities

People Skills Management, Resource Management, Managing POS Software Operations, Conducting Internal Audits, Reporting Fortnight Statements and other Reports.