• Development, implementation, and managing strategic, comprehensive information security and IT risk management program• Information security risk assessment of the company’s systems, networks, and data to prevent it from being accessed • Partner with business stakeholders and user community across the company to raise awareness of risk management concerns• Defining, Implementation, and review compliance of security risk for multi-vendor IT environment.• Security assessment, validation, and clearance of developed /acquired applications for production launch• Assisting with the overall business technology planning, providing a current knowledge and future vision of technology, cloud security, and systems aligned to the security framework• Managing daily operation and conduct a continuous assessment of current IT security practices and systems and identifying areas for improvement• Implement and maintain compliance with security requirement for new products/services• Comply to Security Standard IT act/ISO and other IT security statutory requirement• Lead various Internal, External IT, and security audits. Ensure compliances are met• Responsible for IT security roadmap• Leading and implementing security products and solution across organization

• Supporting the identification of what’s important (critical assets): data, IT systems, and business processes• Prioritizing global security portfolio activity. Taking the lead to ensure that all projects driven globally are effectively rolled out in the local market.• Local Market Projects - Driving all local initiatives – either standalone or as part of bigger initiatives – where security is a major component.• Ensuring the implementation of the Aviva Business Protection Standard and Business Protection Standard maintenance - Taking the lead on ensuring that all requirements from the Business Protection Standard are adequately implemented in the local Market, or Exceptions / Modifications are raised where necessary.• Building and maintaining the collaborative Business Market interface. • Forming an opinion of ongoing security compliance position.• Monitoring threats and ensures robust preventative measures are in place.• Identifying, report and support security incidents and control failures.• Effectively balance Group security needs, local security needs, and Market Regulatory requirements.• Operate and Communicate security metrics through MI Reporting and Governance processes.• Security Awareness, Training & Education – Support all activities focused on improving people’s knowledge and awareness of security problems. Includes areas like training, phishing tests, Information Classification, etc.• Lead the third-party information security assurance work in the market team; and drive activity to help educate the business around third party information security risks and controls.• Work with internal audit and outside consultants as appropriate. Supporting any internal or external audits, regulatory reviews, etc. which have Security in scope by providing adequate information.• Perform risk assessments and ensure compliance with applicable business protection policies, standards & procedures.

• Establish and maintain an overall Information Security Architecture. Making information security Blueprint based on information security requirement. Preparation and presentation of business case to take the approval from higher management on different security projects. • Implementation of technical security solutions and evaluation of new security product.• Designing and drafting requirement in RFP for different information security controls. • Project management for new information security projects, so far I have delivered three projects @ Telenor. ( SIEM, ACS, SWG, Network/web penetration testing)• Review current and new IT and Network projects/programs from security perspective recommend Information Security guidelines to be adopted by the relevant stakeholders• Evaluate emerging technologies for implementation of security controls.• To provide security advisory on all technology infrastructure, operations and initiatives • Staying updated on threats and trends affecting the overall architecture• To ensure SDLC Security & carrying out application Security review• Implementation of DLP solution for DAR, DIM and DIU.• Policy management for DLP solution (EDM, Archival, data classification etc.)• Responsible for vulnerability management and application security to partner with Wipro team.

• Managed Security Operation (SOC) for high risk security databases and Data at rest. • Analytics to find the gaps and investigate and suspicious behavior of people, process and technology.• Symantec Vontu data loss prevention policy management and implementation for endpoint and network filers. • Managed incident response from incident detection, reporting, recovery till remediation.• Ensure compliance on bank standards and regulatory requirements.

• Complete management of two locations in Gurgaon and Romania from information security prospective.• Consultation and implementation of information security requirements for different clients and domains. • Implementation of various security controls( Foundstone VA , McAfee DLP, Endpoint Encryption )• Security hardening policy for different type of controls ( Network, Server, Endpoint)• Investigates security incidents, and recommend change in different controls to improve security controls monitoring.• Implementation of network IPS ( McAfee Intrushield) on enterprise level• Vulnerability Management for production environment and public exposed applications on regular basis.• Conducted periodic internal information security audits.• Responsible for entity wide SSAE 16 SOC I type II assessment for all WNS locations which includes all the evidence collection from defined time period. Ensure adherence of security control to meet the objective.• Responsible for ISO 27001 standard for Gurgaon and Romania Location

• Worked as system SSE to support different function of information technology. • Management of different services such as anti-virus support, central distribution of Windows applications via group policy, and Windows patch management using WSUS server.• Implemented squid proxy server using Red Hat Linux with NCSA authentication.• Responsible for proxy administration using squid 4.5 and iptables firewall on Linux servers