Manatosh Das

*

* (CISM, ISO ***** LI, BS***** LI &LA, ISO 31000, CDCP, CCNA, CSPFA)

Email : accuvn@r.postjobfree.com Mobile : +91-997*******

* ************ *******

Result oriented, accomplished, Information Security Consultant with over 11 years of

expensive experience in security strategic planning, integrated security architectures, risk

management strategies, investigations and incident response programs, audits, compliances,

security technologies, project management, security frameworks, security research and

developing new corporate security programs.

Key Highlights:

• Delivered speech on various security topics at International forums/conferences (APAC)

• Established the Information Security Organization across 17 countries in Africa.

• Established and implemented Information Security Mangement System framework for

leading Telecom, Banking, Government and IT organizations

• Core competence in Management of Information Security, IS Audit, Risk and Compliance

• Rich Expertise in industry standards and frameworks such as ISO 27001, ISO 31000, BS

25999 and Risk Assessment methodologies such as NIST and OCTAVE

• Successfully delivered over several Information Security Projects for various industries

including Banking, Telecom, Oil & Gas, Government

• Imparted security awareness trainings to various organizations spread across geographies

• Designed and developed Information Security Policies, procedures and guidelines

• Provided security advisory & assurance services

• Planning and execution of business process control reviews, information systems audits

• Established audit framework to evaluate and test business processes and controls and

identify areas of risks

• Effectively managed leading Telecom and IT partners for security deliverables

• Excellent Leadership, Communication, People and Team Management skills for delivery

excellence

• Awarded “Letter of Appreciation” by Director Networks of Bharti Airtel Limited for my

contribution in ISO 27001 Audits conducted by BSI

1 Certifications, Training, Seminars & Achievements

• Certified Information Security Manager (CISM)

• Certified Data Center Professional (CDCP)

• ISO31000 (Risk Management)

• BS25999 Lead Auditor and Lead Implementer

• ISO 27001 Lead Implementer

• Cisco Certified Network Associate (CCNA)

• Cisco Secure PIX Firewall Advanced (CSPFA)

• GPRS Security Training.

• Defending Phishing Attacks – Seminar by CERT

• Security Roadshow by Nokia Siemens Networks

• Awarded Best Delivery Team in FY 2007 – 08 for one of the engagements with leading telecom

2 Career Profile [11 Years experience]

Forrester Research India Pvt. Ltd. Senior Analyst, Security & Risk March 2013 – Present

• Primarily responsible for writing, presenting and advising Security & Risk professionals about most

critical trends and issues shaping this critical business technology domain across Asia Pacific

• Conduct research into key aspects of the responsibilities of Security & Risk Professionals

• Define the future of the security and risk landscape by painting an accurate, forward-looking view and

predicting the effect of new technologies and strategies

• Help clients identify which technologies matter and the steps to take today to drive economic value

• Introduce new thinking about successful business and technology strategies and best and next

practices

• Compare new technologies or services and their potential to help clients solve their business

challenges

• Size emerging business opportunities (e.g., market sizing/forecast)

• Consult with clients to apply Forrester’s research in the context of their specific business environment

• Deliver speech on various security topics at international forums / conferences

Bharti Airtel Network Security Manager December 2008 – March 2013

• Primarily responsible for overall Information Security of Airtel Networks across South East Asia &

Africa

• Designed and developed Security Policies, guidelines and procedures

• Effective monitoring of KPI and SLA of all the Third Party

• Responsible for effectively managing leading Telecom and IT partners

• Annual Security Budget Planning and creating information security strategies

• Evaluate new security technology and conduct vulnerability assessment

• Ownership of information security solutions architecture to safeguard critical systems

• Owned and implemented various network security projects at country level

• Risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy

development and implementation on assets.

• Reduced of Spamming at the organization level

• Established audit framework and conducted periodical audits for security assurance

• Established continuous improvement framework for detection of vulnerabilities in Organization

software, network, servers, applications etc.

• Manage Security breach and Emergencies of Information Risk in Compliance with laws &

regulations.

• Recommend & implement proper countermeasures for detected vulnerabilities.

• Coach senior management, IT personnel and end users on security awareness

• Review Network Infrastructure and suggest improvements based on the best practices.

• Coordinate with Legal Agencies for Audit and proper implementation of guidelines.

• Coordinate with CERT-India

Wipro Ltd. Security Consultant January’ 2007 – December’ 2008

• Successful delivery of projects for clients including Bharti Airtel Limited, Nortel Managed Services,

Punj Lloyd Limited, National Informatics Center, NCB Capital (Bahrain), Punjab National Bank and

GAIL

• Creation of enterprise security policies, procedures, standards, guidelines and baselines

• Monitor and manage compliance in accordance with Company Information security standards,

policies and procedures

• Implementing & maintenance of ISO27001 standards within the organization

• Establish the Risk assessment methodology

• Perform Risk assessments, gap analysis (against standards and benchmarks), risk mitigation

strategy development

• Risk management(Asset Register, Risk register)

• Vulnerability Assessment and penetration testing

• Develop and deliver information security awareness and training sessions / material

• Design and execution of security audits

• Conduct Vulnerability Assessment & Penetration Test

Orange Business Services Customer Technical Support February’ 2006 – January’ 2007

• Member of the Dedicated Customer Service Center

• Tier 2 support for all data services. This also includes a part of voice services

• Member of the internal certification and audit team. (BS7799)

• Conducting Risk assessment internally – physical and data security.

• Due Diligence for customers

• Monitoring key customer’s link connectivity on HP Open View and Orchestra

• Monitoring and troubleshooting airline customers network

• Troubleshooting Data PVC down or latency issues for all the locations.

• Troubleshooting ATM, Frame Relay, X.25, ISDN connections.

• For Airline customers, troubleshooting their ticketing PCs and printers that are connected to XIS.

• Co-ordination with other internal departments for higher level of support

• Prepare RCA for any link downtime concerned with telecom department.

• Monthly and weekly link outage report generation.

• Co-ordination with different vendor for DS3, E1 or T1 outage.

• Preparing Technical Information Document for internal team.

• Delivering Training for Tier 1engineers.

Wipro Ltd Engineer – Network Management May’ 2005 – February’ 2006

• Responsible for the documentation of BS7799 Audit.

• Preparing Technical Information Document for Change Management.

• Presentation to Internal Customers (Wipro BPO).

• Co-ordinating with International Carriers for billing.

• Monitoring all the Wipro WAN (DS3 & E1) link connectivity on Cisco WAN Manager.

• Monitoring and troubleshooting call drops and voice break issues.

• Troubleshooting Data PVC down or latency issues for all the locations.

• For any hardware failure in IGX/MGX, following up with the vendor.

• Prepare RCA for any link downtime concerned with telecom department.

• Monthly and weekly link outage report generation.

• Co-ordination with different vendor for DS3, E1 or T1 outage.

• Escalation for hardware related issues to Cisco MGX and IGX.

• Extensive exposure on Incident Monitoring, Analysis and Response.

Wipro BPO Technical Support Executive April’ 2004 – April’ 2005

• Troubleshoot of Dell Desktops & Notebooks.

• Operating system installation & Troubleshooting.

• Installation & Troubleshooting of other software supported by Dell.

• Hardware troubleshooting.

Rootinfotek Network Engineer May’ 2001 – August’ 2002

• Configuration of the systems.

• Troubleshooting and maintenance of local area network.

• Monitor the connectivity of the systems to the server geographically located.

3 Education

1 1) M.Sc IT (University of the West of England, Bristol, UK)

2 2) Post Graduate Diploma in Information Technology & Systems (Amity,

Noida)

3) Bachelor of Business Management – Marketing (Bangalore University)

4 Technology Competence

• Security Framework : ISO 17799/ 27001/ 27002, BS 25999, ISO 31000

• Network Security: Firewalls, VPN Devices, Routers, Switches, Security Protocols, IPSec, DDos

Tools, SIEM Solutions, Fraud Management Tools, Anti Spam tools, SIEM etc.

• Risk Management: NIST, Octave

• Others: Information Security Audit, Business Continuity Planning, IT & Telecom Disaster Recovery.

Contact this candidate