Responsibilities:Compliance Champion: Translate regulations into actionable controls, conduct gap analyses, develop risk assessment frameworks, and ensure implemented controls support both compliance and business objectives.Security Architect: Develop and implement ISMS based on ISO, AICPA, and CIS standards, design and enforce security policies and procedures, implement appropriate security controls (access control, encryption), and utilize security tools for automation and monitoring.Auditor and Assessor: Perform internal security audits based on ISMS, SOC2, and contractual requirements, conduct lab security assessments (ISO 27001, ISO 17025), and develop self-assessment tools for organizational risk assessment.Process Enforcer: Develop process audit checklists, obtain sign-off from process owners, and enforce policy adherence across service lines and business units.Data Privacy Guardian: Ensure compliance with data privacy regulations (HIPAA, PCI DSS, GDPR) through internal audits and awareness sessions.Knowledge Transferor: Train new team members, conduct security awareness sessions for new joiners, and introduce new services to RISOs globally.Highlights:• Demonstrated expertise in aligning security with regulations and business goals.• Proven track record in implementing and maintaining comprehensive security programs.• Strong analytical and problem-solving skills for identifying and mitigating risks.• Excellent communication and collaboration skills to engage stakeholders and ensure compliance buy-in.Proactive approach to staying updated on emerging threats and adapting security measures.Leadership:• Initiative and Innovation: Develop and implement self-assessment tools, introduce new services, and proactively address security challenges.• Strategic Vision: Align security program with organizational goals and drive continuous improvement through risk assessment and adaptation

Responsibilities:Audit Expertise:• Proactively conduct internal security audits based on ISMS (ISO 27001, SOC2), customer-specific contractual requirements, and data privacy regulations (HIPAA, PCI DSS, GDPR).• Perform spot audits to identify and drive closure of non-conformities, ensuring continuous compliance improvement.Risk Management:• Conduct thorough risk assessments for assets, projects, web and mobile applications, and register identified risks in the organizational risk register.• Implement Business Continuity Plans (BCP) and Disaster Recovery (DR) plans for projects, data centers, applications, and cloud environments, ensuring resilience in the face of disruptions.• Conduct gap assessments for new project onboarding, including ODC setup and customer security requirements, to proactively address potential compliance gaps.Compliance:• Develop and implement process audit checklists, obtaining sign-off from process owners to ensure consistent compliance across service lines.• Provide monthly compliance status reports to leadership, keeping stakeholders informed of progress and potential risks.• Evaluate major security exceptions, coordinating with incident management, delivery, and legal teams to resolve security incidents effectively.Collaboration and Communication:• Coordinate with various teams, including business continuity, assurance, incident management, and TecSec, to ensure smooth project functioning and maintain compliance standards.• Manage a team of risk and compliance professionals, achieve compliance goals and meet KPIs.Leadership:• Closely monitor risk management activities, review BCPs, track test schedules, manage SLAs and KPIs, and ensure adherence to project management documentation and mandatory training compliance.• Host monthly review meetings with customers and management to discuss compliance issues and KPIs, demonstrating transparency and fostering collaboration.

Security Risk Management Operations:• Secure network access via Cisco Secure (RADIUS/TACACS+) multi-factor authentication.• Conducted network, host, OS/application, and web application penetration testing.• Integrated diverse security devices (firewalls, network gear) with ArcSight SIEM for advanced threat detection and log analysis.• Managed local log connectors across verticals, enabling centralized log management and compliance.Oversaw L2 support transition for NMS, McAfee, ICO, Vormetric, Netcool, and other security tools.Risk Management and Compliance:• Coordinated BCP development and approvals with client teams and corporate SPOC, ensuring business continuity through test drills.• Liaised with internal and external SOC and ISO audit teams, mitigating non-compliance based on criticality and exposure.• Evaluated and implemented industry-leading risk compliance tools, driving successful proof-of-concepts for enterprise adoption.• Managed non-Microsoft freeware software requests across the organization, upholding security and policy adherence.

Key Accomplishments:• Resilient Infrastructure:Spearheaded maintenance of 100% uptime for Tesco website and API modules, ensuring continuous service availability for customers.• Server Management Expertise:Conducted rigorous verification of prerequisites for new server builds and Windows patching across live and PPE/OPS environments, guaranteeing system integrity and security.• Troubleshooting Prowess:Demonstrated proficiency in resolving diverse technical issues, including:Application and IIS configuration challenges.CPU and disk space optimization.Exchange server-related incidents.

Highlights:• Identifying and resolving server performance issues through monitoring and troubleshooting.• Rectifying noncompliance issues based on criticality and exposure factors.• Conducting Vulnerability Assessments and Penetration Testing on Hosts, Operating Systems/Applications, and Web Applications.• Enhancing Virtual Machine Hardware by upgrading disk, memory, and CPU components.• Installing and upgrading applications and patches for Moxie software productions (KB/CIM).

Highlights:• Deploying new servers, implementing OS hardening, managing patch and release maintenance, validating, and conducting smoke testing for Bing Ads.• Investigating incidents and problems related to OS, hardware, and network issues, collaborating with relevant teams for issue resolution, and documenting the troubleshooting process.• Managing user and group accounts on Active Directory through administration tasks.• Coordinating with internal and external SOC and ISO audits, addressing noncompliance based on criticality and exposure factors.• Approving requests for non-Microsoft freeware software across the organization.• Conducting enterprise-wide vulnerability assessments and collaborating with relevant teams to ensure closure.

Highlights:• Executing backups for user data, server data, and company email, including the restoration process.• Managing network printers and file servers (Windows with disk quotas/Linux).• Overseeing the administration of the domain, including Active Directory, DHCP, DFS, and DNS.• Handling user and group account administration on Active Directory, CRM, CVS, One, or Zero.