Vice President, Information Security

• Sep 2021 - Present

Manager, IT security

• Oct 2019 - Sep 2021

• Providing leadership guidelines, problem solutions, best security approach to different teams or to other external or internal leaders or stakeholders.• Provide motivation, access problems, solutions, team building, strategic guidance to multiple teams including team management, project management.• Resource allocation, budgeting, skills gap analysis, external training analysis, vendor assessment at the global level.• Building/Manage the team of best IT Security Engineers as of my own global team• Design/Develop security training or up skills program for cybersecurity team and it just not limited to cybersecurity awareness.• Design/Development/Improve the Security Incident overall function program• Design/Development/Improve the Security Operation Program• Design/Development of Security Transformation from DevOps to DevSecOps (Shifting Left)• Design/Development of DAST, SAST, IAST, SCA functions as an extended expansion of IT security Team • Audit/Review of the overall security of cloud infrastructure (cloud security)• Auditing and review of Cybersecurity resilience on different standards, regulatory compliance, frameworks to get attestation or certified like PCI-DSS, ISO27001, CIS, NIST cyber security framework.• Procurement of Security tool and tool integration with automation of overall security program.

Senior Manager , Cybersecurity

• Aug 2016 - Oct 2019

Responsibilities• Development of Application Security Architecture for internal/external clients.• Perform Internal Security Audit as a part of continual improvement Plan.• IT Governance and strategic development for internal and for external clients.• Perform Social engineering and APT internal or for external clients.• Perform BCP/DR-Plans, RA/RM/VA/PT for both internal and external clients.• Creating Policies, Procedures, Guidelines for IT security for KL office.• Perform internal audit as per ISO 27001, ISO 31000, and ISO 27033.• Implement all the IT/IS controls with inline compliance.• Develop Business process for IS Management & Risk mitigation process as per Risk appetite.Projects:• Lead Security transformation for biggest banking giant includes 4 countries i.e. CIMB Bank [duration:1 year] Responsibilities• Design/Development/Implementation of cognitive automation for IT security business processes like Cyber threat analytics.• Reviewer/moderator of Regulatory/legal compliance issued/developed by central banks (Singapore, Malaysia, Thailand, Indonesia) for cyber security.• Designing and providing direction/suggestions to Chief level officers about budget investment, risk factor, progression in IT security.• Reviewer of Enterprise cyber security blueprint and landscape.• Provide advisory/suggestions about key risk impacting on cyber security for all 4 countries as the out of box thinker.• Reviewer and Member of approval committee for any new CS assessment, policies, guidelines, procedures.• Handling of procurement process for IT security assets for the development of business cases.• Lead Cyber security posture assessment for biggest Immigration department of Malaysia.[duration: 6 month]• Lead Cyber security posture assessment for biggest medical organisation of Malaysia.[duration : 6 month]

Information Security Consultant

• Oct 2015 - Jul 2016

• Perform Compliance base audits.• Handle Gap assessment and remediation plan as per ISO27001 controls• Compliance-Control Monitoring Team—Deep Dive-Crown Jewels• Perform Risk assessment & management in-line with ISO27001:2013 • Perform Compliance base audits.• Handle Gap assessment and remediation plan as per ISO27001 controls• Compliance-Control Monitoring Team—Deep Dive-Crown Jewels• Perform Risk assessment & management in-line with ISO27001:2013

Information Security Consultant

• Sep 2014 - Oct 2015

• Perform Vulnerability Assessment and penetration testing projects.• Providing cyber security training to other employees.• Leading the projects and handling them.• Perform cyber security posture assessment.• Leading IT strategic planning review based on ISO27001:2013Working on HCL Projects.• Vulnerability assessments and penetration testing framework development.• Risk assessment of TARMAC Compliance Security Policies development • Web application security auditing• High-level consultancy for HCL InfoSec department• Revising the HCL InfoSec (policies, guidelines, framework, risk management and other)• Reviewing external Vendor’s applications by InfoSec perspective and provide approvals.• Risk assessment (FMEA) of TARMAC HCL Compliance Security• Policies development for HCL

Information Security Analyst And Exploit Development

• Jul 2012 - Aug 2014

• Managing internal security (Application Security, Firewalls, IDS/IPS, Continuous Vulnerability Assessment of Tech Defence Infrastructure)• Managing vulnerability assessment and penetration testing projects• Conducting training and workshops in various universities across India.• Assisted in solving various cyber-crime cases.• Developed courseware of Tech Defence for training. • Managing company operations.• Acted as an SPOC for various clients in north India.• Development of exploits with python.• Managed several vulnerability assessments and penetration testing projects.• Conducted Ethical hacking training to several law enforcement agencies.• Developed real-time Vulnerability Assessment and penetration testing for the organisation.

Information Security Specialist

• Mar 2009 - Feb 2012

I worked in secure code development, cyber security projects, training, workshops, independent researcher.• Managing vulnerability assessment and penetration testing projects• Conducting training and workshops in various universities across India.• Assisted in solving various cyber-crime cases.• Development of exploits with python.• Managed several vulnerability assessments and penetration testing projects.• Conducted Ethical hacking training to several law enforcement agencies.