Chief Information Security Officer

• Jan 2017 - Present

Provide strategic direction, vision and leadership to State Fund in the development and implementation of the company's Information Security Program. This covers security planning, architectural design, roadmap to enable compliance to various mandates and be in alignment with business strategy. Provide technical advise to executive leadership including their department heads related to security initiatives and solutions. Communicate security updates and issues to the Board Of Directors. Provide strategic direction, vision and leadership to State Fund in the development and implementation of the company's Information Security Program. This covers security planning, architectural design, roadmap to enable compliance to various mandates and be in alignment with business strategy. Provide technical advise to executive leadership including their department heads related to security initiatives and solutions. Communicate security updates and issues to the Board Of Directors.

Executive Security Consultant/Security Portfolio Manager

• Aug 2014 - Jan 2017

Provide strategic direction in development of (based on various mandates/security frameworks e.g. ISO 27000, HIPAA, PCI DSS, PA DSS, FISMA, FEDRAMP, TG3/TR 39, SOX, SB1386, GDPR, etc.): - Security Strategy, Architecture, and Roadmap - Cloud Migration Program and Strategy - PCI Governance Program - Risk Assessment Program - Security Policies/Standards/Procedures - Secure SDLC - Data Classification Program - Security Awareness Program - Cybersecurity & Privacy Incident Response Plan - Privacy and Governance Programs - Business Continuity and Disaster Recovery Program - Crisis Management Program Show less

Information System Security Officer/Security Business Integration Officer

• May 2013 - Aug 2014

Act as Chief Information Security Officer (CISO) for two Business Units (Ecommerce & Cloud Platform Engg.). Act as the primary interface between the Business Unit leadership and the Information Security department. Through security risk assessment, identify, baseline and document security risk within the Business Unit operating environment and business model based on data value and potential for loss. Establish security controls, processes and programs within Business Unit operations. Provide security options and solutions that meet the business requirement. In collaboration with the business, determine acceptable risk posture based on security exposure, potential for loss, business needs and value of resources we are protecting. Consult in development of Secure SDLC Framework. Provide security consultancy based on changing business environment and its impacts on security compliance (this includes development of Information Security Plan, Architecture and Strategy; Application Security; Infrastructure/Network Security; Security Incident Response, Patch Management, Vulnerability, Pentesting; Business Continuity/Disaster Recovery; Security Policies/Standards/Procedure development; Regulatory and State/Federal Compliance and various other areas of Information Security like PCI DSS, PA DSS, VISA TR 39, ISO27K, HIPAA, SSAE16, FISMA, Safe Harbor, EU Data Protection laws, FEDRAMP, etc.). Show less

Security Project Manager

• Jan 2013 - Apr 2013

Ensured Cisco/WebEx is ISO27000, PCI compliant. Remediation of any open items and making sure all the open vulnerabilities are closed. Ensured Cisco/WebEx is ISO27000, PCI compliant. Remediation of any open items and making sure all the open vulnerabilities are closed.

Security IT Audit Sr. Manager

• Apr 2012 - Nov 2012

Lead the IT Security Audit Management program: Conducted security pre and post IT audits to determine the adequacy of controls (based on SOX, HIPAA, HITECH, ISO27K, PCI, SSAE16/SOC1, SOC2, FISMA, SDLC and other IT Technologies) and evaluate their effectiveness. Consulted to responsible IT teams helping them to understand the control gaps and recommending mitigation or remediation activities to resolve control weaknesses and reduce risk. Managed the coordination of IT audit work performed by internal, external auditors & regulators. Reported monthly to IT management on the status of open audit findings. Consulted IT technical teams and collaborated to develop plans to drive improvement in the annual IT Maturity Assessment. Fostered and maintained a healthy relationship with Internal, external audit teams, regulators and internal stakeholders. Show less

Information Technology Compliance Manager

• Sep 2010 - Apr 2012

Ensured compliance to PCI, SOX, HIPPA and internal/external technology audits. Created Information Security policies, standards and procedures. Ensued IT related vulnerabilities are mitigated. Managed and ensured compliance with Esurance technology controls framework and drive continuous improvement of Esurance controls. Proactively identified gaps or conflicts in existing processes and work to develop solutions. Communicated potential control gaps to Senior Management and coordinate cross-functional team meetings to remediate and close control gaps. Show less

Director, Business & Technology Practice (Security & Compliance)

• May 2007 - Sep 2010

Acted as Chief Information Security Officer (CISO) for the Accretive clients. Managed, dveloped and conducted: various technology and compliance audits (e.g. PCI, SAS 70, VISA TG-3, ISO 17799/ISO 27001, FFIEC, HIPAA/HITECH, GLBA, FISMA, SOX, and SDLC etc.); various Information Security and Risk Assessment projects; Business Continuity and Disaster Recovery Planning projects; PCI (Payment Card Industry) Compliance project and Information Security project for a large health care provider (Kaiser Permanente) as being part of Big4 team; Risk Management Framework for clients (Financial, Biotech, Silicon Valley Startups, Technology and many other industries); SOX and SAS-70/SSAE-16 projects for various clients in various sectors. Managed and Conducted Security Projects at Cloud Providers like Cisco/WebEx, Microsoft, Amazon (AWS) and others industries. Provided presentations to the C-Level Executives/BOD. Provided help in developing Business & Technology Consulting Practice. Show less

Chief Information Security Officer

• Sep 2006 - May 2007

Responsible for overall Information Security posture of the University. Developed Information Security Plan and Strategy for the University which involved developing Information Security Policies, Standards, Guidelines and Methods keeping in mind various regulations like HIPAA, FISMA, NIST, FERPA, GLBA, SB 1386, PCI, VISA TG-3, international data privacy laws, US and international anti-terrorism laws like OFAC & Patriot Act, and encryption export laws like BXA etc., incident response plan, BCP/DR plan, patch management plan, and vulnerability plan. Identified internal and external information security risks; performed gap analysis; performed risk and cost benefit analyses to determine appropriate levels of security controls. Presented to C-Level executives on Information Security related topics, awareness and findings and suggested the approach. Successfully attained their buy-in on implementation and execution of information security strategy. Show less

Sr. IT Auditor

• Aug 2005 - Sep 2006

Managed IT Risk & Control, IT auditing (involves SOX/HIPAA/HITECH/GLBA/CFR Part-11/ITIL, PCI, and VISA TG-3 Audits). Managed, designed and performed Integrated Audits. Designed and performed Risk Assessment of IT and Business Processes. Data Mining/Data Analysis and Fraud Detection using ACL software (used in Patriot Act Audit). Presentation of all the audit findings to the stakeholders, senior management and C-Level Executives. Managed IT Risk & Control, IT auditing (involves SOX/HIPAA/HITECH/GLBA/CFR Part-11/ITIL, PCI, and VISA TG-3 Audits). Managed, designed and performed Integrated Audits. Designed and performed Risk Assessment of IT and Business Processes. Data Mining/Data Analysis and Fraud Detection using ACL software (used in Patriot Act Audit). Presentation of all the audit findings to the stakeholders, senior management and C-Level Executives.

Network Specialist

• Oct 2002 - Jul 2005

Consultant

• Nov 1997 - Oct 2002

DTE Energy, Michigan & Gates Rubber Company, Colorado (client of Rapidigm Inc.). GE Capital Fleets (Client of HCL America) DTE Energy, Michigan & Gates Rubber Company, Colorado (client of Rapidigm Inc.). GE Capital Fleets (Client of HCL America)

Associate Manager, Network Services

• Dec 1987 - Nov 1997