Information Security Senior Manager
Deutsche Bank
Total years of experience :21 years, 2 Months
Deutsche Bank is a German global banking and financial services company with €8.7 billion revenues and its headquarters in the Deutsche Bank Twin Towers in Frankfurt. It has more than 100, 000 employees in over 70 countries, and has a large presence in Europe, the Americas, Asia-Pacific and the emerging markets.
Key Responsibilities:
•Working as CBISO, managing Information security processes, policies and controls for bank’s division based in US, Europe, Australia offices.
•Reviewing and managing compliance with the information security standards and policy of the bank.
•Information security exceptions review and processing to reduce the operational risk from exceptions.
•Segregation of duties violations management to ensure users get only accesses to the privileges needed by them to access applications.
•Participating in information security incident management and investigations and ensuring its closure.
•Detect, Manage and ensure closure of any security vulnerabilities for division’s IT infrastructure and applications.
•Educating and collaborating with business and stakeholders in increasing information security awareness and how it helps them to reduce the impact and likelihood of risks and meet overall business objectives.
•Working closely with divisions senior stakeholders, business partners, contractors, external vendors on information security related topics.
•Create and presenting information security, risks and compliance related updates and reports to business division senior stakeholders in various meetings and forums.
•Developing and tracking compliance and remediation items in alignment with company’s policies.
•Conduct third party risk reviews related to IT and Information Security to reduce risks arising from vendor’s engagements.
•Advise the division with current information security technologies and related regulatory issues.
•Collaborate with the central GRC departments to provide them updates on the compliance to the policies
SunGard is one of the world’s leading software and technology services companies, with annual revenue of about $2.8 billion. SunGard provides software and processing solutions for financial services, education and the public sector. SunGard serves approximately 16, 000 customers in more than 100 countries and has more than 13, 000 employees.
Key Responsibilities:
•Implementation of Information Security Program across India, Singapore and Australia offices based on ISO 27001/27002 security standards.
•Creation and implementation of various security policies, procedures and technical standards e.g. Acceptable Use Policy, Information Security Policy, Physical and Environmental Security procedures, Windows, Linux, Web servers standards.
•Helped in creation of web based Information Security metrics dashboard which collects information related to Anti-Virus, patching status, encryption levels, and web policy violations.
•Controlling IT risk to meet the business and compliance requirements of the organization and engaging in adequate planning to detect, investigate, respond to and recover from information security incidents to minimize business impact.
•Conducting audits and security reviews for various internal security policies and standards like NIST, ISO 27001, PCI DSS, SSAE16.
•Risk Assessment and Management system to ensure all the risks related to information assets and new technology deployments are properly documented and appropriate risk mitigation controls implemented and signed off by the owners.
•Performed extensive vulnerability assessments and penetration testing across systems, networks and web applications for business units and customers using a variety of tools, including Nessus, Nmap, Wireshark, Metasploit Cain and Abel.
•Supported in implementing enterprise-wide security controls such as Data Leak Prevention tools, Bigfix, encryption solutions, patch management.
•Helped in implementation of BCP/DR processes across the enterprise. This helped in capturing important data from BIA perspective and ensuring there is robust BCP process in place which could be activated in case of any emergencies.
•Creation of internal Secure SDLC standard which helped developers to deliver more secure code and web applications
Key Responsibilities:
•Ensuring that the company systems and network comply for security with the ISO 27001.
•Penetration Testing and Vulnerability Assessment using standard security tools.
•Squid proxy configuration for Internet access control and content filtering along with the User’s usage reports.
•Installed and configured Patch management systems to maintain up to date patching of all Server systems and workstations on the network.
•Planning and implementation of Windows server technologies such as Active Directory, Distributed File System, File Replication Services, Group Policy Objects including migration from Windows NT and High availability of servers.
•Implementation of various Open source software such as OCS Inventory and Zabbix to provide very cost-effective solution at the same time achieving business objectives.
OS2i
Key Responsibilities:
•Installing, configuring and setting up Windows and Linux servers for production use such as file servers, mail servers and print server along with Windows workstations depending upon the need of the company.
•Day to day support for all internal IT users and maintenance of all hardware and software, including servers
•Setting up and configuring Linux Firewalls, routers and proxy servers.
•Providing technical support in setting up new technologies within the company and coordinated with external administrators during the process of set up
Soft Corner is a privately owned software firm incorporated in 1996. It is founded by professionals who are qualified in Information Technology and have a total experience of more than sixty person years in software development.
Key Responsibilities:
•Worked on Code Review Project for Malmo University of Sweden. It was implemented on FreeBSD with PHP and MySQL. Was responsible for system implementation and configuration of the servers on FreeBSD.
•Linux Administration which includes Installing Linux, RPMs, Configuring Apache, Samba, FTP server and Sendmail.
•Professional Services Automation System (PSA) which covers all the key areas of service organizations’ operations such as Managing Projects, Managing Resources, Tracking cost of the projects etc. Technologies used were ASP.Net, C#, XML for Web-services and MS-SQL Server
–
courses: Certified Ethical Hacker (CEH