SUMMARY:

• More than 15 years of IT Security, IT Management, IT Audit, Confidential, GRC, FISMA, HIPAA, SOX 404, ISO 27001,security risk and project management and security management experience galvanizing teams in core initiatives while serving as a change agent for efficiency improvements with expertise in Platforms and Interface Management.
• Interfaced with CIOs, CISOs, CFOs, Senior VPs and Directors to determine business strategy and to allocate budget and resources and managed large team of professionals.
• Leader with proven track record of delivering technology solutions using multi - sites and cross-cultural teams.
• Demonstrated ability to identify gaps relating to key IT security processes and implemented industry best IT practices.
• Managed the implementation of IS Security programs in large enterprises
• Advised the management team on risk issues that are related to information security and recommended actions in support of the company wide risk and security management programs.
• Established enterprise risk committee, security steering committee & Incident Response Committee; investigated Confidential .
• Wide industry experience including HealthCare, Banking, Financial, Insurance, Retail, Telecommunications, Travel, Legal, IT Security, Manufacturing and Logistics.
• Effective at motivating and leading IT security and compliance professionals. Excellent presentation, communication and negotiation skills.
• Managed large enterprise projects, resources and budget & identified the staffing requirements.
• Recruited and managed systems, network and security professionals.
• Mentored and coached the managers and the team for technical and soft-skills.
• Managed large security, risk and compliance initiatives for PCI DSS, SOX-404 IT, SaaS, HIPAA / HITECH, Privacy Act, FFIEC,FISMA, FIPS, NIST,GLBA,GRC, Federal Trade Commission( FTC ),SAS/70/SOC 1 to 3 & ISO 27001 Security and Information Security Management Systems (ISMS) frameworks
• Extensive experience in IT Security Program, Security Policies & Standards, Risk Management, IT Governance IT Compliance, Incident Management, Vendor Evaluation, Data Discovery & Classification.
• Implemented Enterprise Risk Management Framework (COSO) ; Organized and conducted enterprise-wide security risk assessments; Managed the implementation of large secured systems & security policies .
• Created large program roadmap for providing cloud security services ( IaaS, OpenStack etc.,) for partners/clients including budget, resources, security architecture and security services.
• Managed the implementation of Cloud Services Security Program
• Managed the creation of SaaS security baseline as an outsourcing vendor and review of SaaS ( Security as a Service) security baseline for partners and tenants.
• Collaborated with key business and IT leaders to develop security policies, configuration standards (NIST), guidelines and procedures to ensure the confidentiality, integrity, and availability based on frameworks: COSO, ISO 27001, ISMS, COBIT, OWASP, SANS, ITIL, 21 CFR Part 11.
• Provided on-going leadership to expand IT Security Posture for the company and implemented new technologies, tools and processes including web application security testing, WAF ( Web Application Firewall ), DLP ( Data Loss Prevention ), FIM ( File Integrity Monitoring ), Arc Sight ( Security Incident and Event Management (SIEM ) ) and IDM.
• Conducted NERC CIP compliance for energy companies.
• Managed the implementation of BCP and DRP plans; Integrated security with SDLC Process.
• Program management, Project Prioritization and Team Selection.
• Extensive working experience with IT systems ( IBM Z O/S Mainframe, AS/400, SAP, PeopleSoft Unix, Windows, databases ( DB2,Oracle,SQL ) & network devices ( IDS / IPS / VPN / Firewall / Switches ))
• Vendor negotiation and leveraged global development and delivery models.
• Provided on-going leadership to expand business opportunities beyond short term solutions.
• Managed the implementation of vulnerability and threat management ( Vulnerability scan and penetration testing &security patch management).
• Managed Several Key Security Projects: Network Segmentation; Business Continuity Plan and Discovery Recovery Plan; Identity and Access Management( IAM ); Vulnerability and Threat management; Security Patch Management; Security Configuration Standards; Encryption and Key Management; Data Loss Prevention; File Integrity Monitoring ;Integration of Security into SDLC Process; Web Application Security Testing; Web Application Firewall; FireEye.
• Organized and managed manual and static code review and dynamic web application security testing and recommended solutions.
• Created third party vendor management programs and conducted third party risk assessments.
• Trained and mentored IT security and compliance professionals; Designed security awareness training programs;
• Managed complex and large IT security projects with budgets ranging from $500K to $24M and resources from 5 to 40 professionals.
• Served as an expert advisor to senior management in the development, implementation and maintenance of a Company-wide information security infrastructure.
• Managed the creation of security roles and responsibilities and SLAs between partners and the service providers
• Established partner engagement framework and model
• Attended the agile training
• Managed the projects using agile/scrum and Kanban board process including sprint planning and iteration process.
• Created KRI and security threat metrics for enterprise risk committee and security steering committee; Managed the implementation of security threat controlling strategies for all kinds of enterprise systems.
• Collaborated with Internal Audit as a business advisor on information security matters.
• Created and rolled-out of security awareness and training programs Company-wide.
• Reviewed and gave direction for business system continuity and disaster recovery plans as well as information security audit and regulatory compliance.
• Identified & proposed key information security program priorities, initiatives, plans, practices & tools.
• Provided guidance (e.g., information security risk severity assessments etc.) and provided recommendations regarding prioritization of system security infrastructure investments that mitigate risks, strengthen defenses and reduce vulnerabilities.
• Drafted and proposed Company-wide information security strategy and action plans based on enterprise risk assessment.
• Developed, published, and maintained comprehensive information security standards, policies, procedures and guidelines.
• Advised the management team on risk issues that are related to information security and recommend actions in support of the Company's wider risk management programs.

PROFESSIONAL EXPERIENCE:

Confidential

Principal - Security and Compliance

Responsibilities:

• Created security road-map, advised on company-wide information security strategy and implemented security solutions based on company-wide security risk assessments and industry best practices.
• Managed and maintained legal and compliance requirements, including SOX 404, HIPAA,FISMA ISO 27001, PCI security standards and SSAE-16/SOC 1,2 & 3.

Confidential

Responsibilities:

• Conducted Confidential risk /gap assessment, recommended and implemented security policies, processes and security controls after the credit card security breach ( Confidential ).
• Conducted enterprise risk assessments and recommended several processes and security controls after security breach of stealing the scientific algorithm of two-factor authentication (RSA).
• Created key risk indicators (KRIs) and security metrics for “Enterprise Risk Committee” in order to identify the security threats based on five key categories (enterprise systems applications, internal network, perimeter network and endpoint systems) and presented the security metrics on a monthly basis to CISO, CIO, Sr VPs and other senior leaders (Enterprise Risk Committee members).

Confidential

Program manager

Responsibilities:

• Managed entire global PCI DSS compliance programs .
• Conducted a gap analysis and identified missing policies, standards, procedures and controls
• Provided security architecture guidance for security and direction.
• Managed the implementation of security solutions and secured the credit card data, Private Identifiable Information (PII), & company confidential information.
• Designed and implemented enterprise wide security solutions and reduced security, compliance and privacy risks.
• Designed security architecture and systems to secure the credit card data
• Acted as a subject matter expert for identifying and finalizing scope, policies, processes, systems and tools .
• Continuously interacted and worked with Confidential and process owners to finalize the scope and control requirements.
• Helped several companies including Confidential and other companies to get Confidential certification ( Confidential ).

Confidential

Responsibilities:

• Managed the creation of security roadmap for cloud security services.
• Managed the security review of OpenStack architecture and components and implemented Infrastructure as a Service (IaaS), VPNaaS, and FWaaS services etc.
• Worked as an advisor for creating a road map and strategy for Security and compliance.
• Provided security architecture solutions for mission critical systems.
• Managed the creation and implementation of IT security architecture and systems, security policies, configuration standards and guidelines.
• Managed the large enterprise security projects for several international locations.
• I oversaw the security implementations in several international locations