Milind Chavan

Information Security professional at SMFG India Credit
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Mumbai, Maharashtra, India, IN

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • (CISM) Certified Information Security Manager
    ISACA
  • CEH (Certified Ethical Hacker)
    EC-Council
  • Cisco certified network administrator (CCNA)
    Cisco
  • OSCP
    Offensive Security

Experience

  • SMFG India Credit
    • Financial Services
    • 700 & Above Employee
    • Information Security professional
      • Aug 2022 - Present

      Information security Management Cyber Risk Governance Regulatory compliance management Security Operations and Managed Defence Threat and Vulnerability Management Software and application security management Third party security risk management End user awareness and trainings Technology risk assessment and management Application and Infrastructure security Threat Intelligence and external attack surface management End User security awareness Cloud security and ongoing assurance Show less

  • WNS
    • India
    • Outsourcing and Offshoring Consulting
    • 700 & Above Employee
    • Infosec Professional
      • Aug 2020 - Jul 2022

      1) Threat & Vulnerability Management - Strategy Development of Continues identification of vulnerabilities in systems and application hosted on-prim and cloud platforms. Monitoring & performing impact analysis on threats and vulnerabilities, active participation to remediate threats. Monitor and report on risk reduction activities, through regular reports. 2) Cloud Security Risk Assessments - Security posture management audit and monitoring on AWS and Azure cloud infrastructure using Posture management tools like CSPM, CWPP. Cloud infra security assessments. Cloud Threat alert assessments. 3) Technology Risk assessment and Management - Providing Information Security advisory services to internal business teams. Ensuring to gather adequate Threat Intel, reviewing applicability and impact on companies environment and alerting stakeholders about emerging threats. 4) Propose and implement improvements to the landscape of technical security safeguards, including new security technologies, systems and associated processes and procedures. Assist in planning and implementing Cyber Security strategic initiatives 5) Threat Intelligence and technical research - Monitoring global information security alerts and news. Checking applicability to company network, engaging with respective stake holders to mitigate the risk. Continuously monitoring and managing security incidents and alerts received from security solutions like EDR, CSPM, ATP, Azure defender, Security center, AWS hub, trusted advisor etc 6) Technical Security Assessments - Ad-hoc security and configuration reviews on critical assets and application to compare them with Best Practices Frameworks. 7) Security Product evaluation, POC's as per requirements on security posture improvements. 8) Participate in internal & external audits and in liaison with regulatory and market bodies Facilitating third party audits like ISO27001, PCIDSS. Team/People management Show less

  • VFS Global
    • United Arab Emirates
    • Outsourcing and Offshoring Consulting
    • 700 & Above Employee
    • Information Security - Senior Manager
      • Aug 2018 - Aug 2020

      1) Performing risk assessments for new and upcoming projects before Go-live or production deployments. This includes software solutions, applications, and infrastructure solutions. 2) Managing SDLC & Application Security related Projects and annual program, VA/PT, Vulnerability management program, Red team assessments and related activities within organization. Managing team of third-party pen testers & security testers who performs VAPT activities for VFS global. 3) Managing Ad-Hoc security testing requirements or VFS Global. Managing Private bug Bounty Program for VFS Global. 4) Part of AWS Cloud platform Migration team. Providing and utilizing industry best practices for security and operational practices for cloud environment like AWS and Azure. Performing information security Risk assessment in supporting all Cloud Projects. 5) Provide strategic direction and recommendations to development and operational teams to address security weaknesses and identify potential new security solutions in cloud environments. 6) Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure. 7)Managing and running internal threat and vulnerability assessment programs using Tenable Nessus Security Center (SC) and Inspector tool on cloud. 8) Performing evaluations and POC’s for various security solutions and latest technologies. 9) Heading end user awareness activities within organization by running phishing campaigns, online courses, frequent wallpaper campaigns and communication mailers to employees. 10) Participating in internal and external audits, and in liaison with regulatory and market bodies. Show less

  • NatWest Group
    • United Kingdom
    • Banking
    • 700 & Above Employee
    • Information security - Tech Lead
      • Mar 2013 - Jun 2018

      •Management and delivery of Risk assessments, penetration testing and Vulnerability management services across the globe. (UK, US, APAC). • Running responsible disclosure (bug bounty) program for the bank. •Work closely with business to define risk appetite and roadmap. •Work closely with global (UK) team to deliver strategic projects. •Work with key business stakeholders to define business context and scope of ongoing assurance programme identifying any potential issues and concerns, with appropriate consideration of risk appetite. •Design and execute Application Security Testing projects, Penetration Testing (Black Box, Grey Box), VA, Network Assessment on critical infrastructure and applications. o Support the delivery of an RBS Group penetration testing service that is proactive, efficient and cost effective to a consistently high quality. o Performing manual as well as automated pen tests using various open source as well commercial tools. o Coordinate penetration tests, vulnerability scans, and remediation activities and attend/lead security patching boards within RBS. Facilitate technical guidance on vulnerabilities, issues and risks identified to consistent quality. •Develop and maintain relationships with key business areas and platform owners to provide ongoing assurance, helping to identify security risks in applications. •Influence and inspire other team members to observe all processes and controls by rigorously applying the principles of a strong control environment. •Help the technology team to resolve outstanding exceptions and vulnerabilities found in VAPT / new applications before they go live Help the technology team to close out issues relating to systems / servers / network in Systems Audits. Show less

  • Aujas Cybersecurity
    • United States
    • Computer and Network Security
    • 700 & Above Employee
    • Senior Information Security Consultant
      • May 2009 - Mar 2013

      • Project management & Delivery • Managing Team of 4-5 people for information security projects. • Proposal building (RFPs & RFI's) & Making presentations. • Attending client meetings, Customer visits with Sales teams & other pre-sales work. Quality Assurance of the Audit Reports to be submitted to the client. • Application Security Testing, Penetration Testing & Vulnerability assessment ,Technical Audits of various platform servers & network Devices, Network Security Architecture review, Physical Security Audits, Technical Report Writing, Review of IT security policies and procedures Review and design of security architecture. Show less

  • MIEL e-Security Pvt. Ltd.
    • India
    • IT Services and IT Consulting
    • 1 - 100 Employee
    • Consultant-Information Security
      • May 2006 - Apr 2009

      Designation - Technical Consultant - Information Security Project Responsibilities - • Application Penetration testing, • Vulnerability assessments, • Technical Audits, • Penetration testing, • Network Security Architecture Audits, • Physical Security Audits, Wireless Testing Designation - Technical Consultant - Information Security Project Responsibilities - • Application Penetration testing, • Vulnerability assessments, • Technical Audits, • Penetration testing, • Network Security Architecture Audits, • Physical Security Audits, Wireless Testing

  • Avenues Payments India Pvt. Ltd
    • India
    • IT Services and IT Consulting
    • 1 - 100 Employee
    • System & network Engineer
      • 2005 - 2006

      Network Management System & Server Management User and Desktop management. Network Management System & Server Management User and Desktop management.

Education

  • Welingkar Institute of Management
    PGDBA, E-Commerce/Electronic Commerce
    2009 - 2012
  • Shah & Anchor Kutchhi polytechnic
    Diploma, Electronics & Telecommunication
    1999 - 2002

Community

You need to have a working account to view this content. Click here to join now