日本と海外をつなぐクラウドソーシング

Self

Owner

2020/03～

Consultant

Self

Owner

2020/01～

InfoSec Experience: Certified CISA, ISO-27001 & 9001 Lead Auditor with 10+ years of experience in information security & compliance with following skills.
▪ Implementation: Part of the implementation team for the ISO-27001 and played crucial role for the drafting, finalization and implementing policies & procedures in the area of ISMS Manual, Asset Management, Access Management , Human Resource Security, Environment safety and physical Security, Incident Management and Business Continuity. Post GDPR requirement Solely implemented the Privacy policy across the organization with the help of CISO
▪ Documentation: Updating and maintenance of information security management system policy, process, guideline inline to sustain compliance
▪ IT Controls Review & Audit: Controls effectiveness review and specific reporting on effectiveness of IT controls like Patch Management, AV, Websense, Intrusion detection & protection and Data leakage Protection (DLP)
▪ Compliance Review: Mapping of existing controls with international standards and customer requirements
▪ Risk Assessment: Perform risk based IS audits for IT, enabling services, Specific applications, IT Product Development / IT Product Support applications. Focus on Business and compliance requirements (Proficient in Risk Assessment methodologies and IT framework)
▪ Co-ordinate and Reviews of Incident Management, Business Continuity programs
▪ Facilitation of customer’s and external third-party security audits, Big 4 audit experience
▪ Learning & Training: Learn & adopt new tools, technologies / self-upgradation and provide awareness training to all resources annually and new joiners on joining
▪ Application Security: Understands various software development models, tools and technologies like water fall, Continuous integration and testing, Agile; Visual studio, PL-SQL, SVN, SONAR-CUBE, Bugzilla, Jira, Whizible, MS-Project, MS-Office, MS-SQL, Oracle; Windows, Unix, Linux etc. [Desktop, Servers, VMware and Cloud based] and ensure secure coding practices
▪ Understanding of Business & domain: Basic Functional knowledge of Loan Origination, Loan Management in the NBFC’s and Collection systems of NBFC’s, Telecom & Document Management System in Insurance sectors
▪ Analysis: Analytical skills to extract the useful and practical key input from various information and data