SIRAJ MD
Mobile:+91-837*******
E Mail: actgy4@r.postjobfree.com
Summary : Siraj is an Information Security Expert having 8+ years of post-qualification professional experience in the field of Information Security& Operations, IT Audits, IT Risk Advisory, Enterprise Risk and Compliance Management, Business Continuity Management(BCM) and Project Management.
Presently I am working as Lead Advisory Consultant with the Security, Governance, Risk and Compliance Practice at IBM India Limited.
Perform audits of information systems and related processes & review related security policies and procedures.
Adequate exposure and 8+ years of working experience of COBIT/ISO27001-2005 & 2013 framework and ITIL framework(IT Service Management)
Adept in implementing & assuring security processes, tools and architecture designs.
Develop information security processes and procedures as per standards and best practices
Participated in full lifecycle and implementation of ISO27001: 2005 & 2013 framework and ISO27002 code of practice.
Worked on regulatory compliance standards like Data Privacy, SOX, HIPAA, SAS70 and implemented ITGC controls for assets.
Good knowledge on third party risk assessment and vendor management, evaluation
Good experience on project management and prepare/maintenance of SOP’s
Strong knowledge on change management, Incident management.
Support annual internal compliance activities, monitor and report status to management by preparing metrics and report.
Perform training need analysis and provide IT security related trainings to employees
Holding Business Visa (B1-USA) and worked on onsite for 12 weeks.
Manage team and support end-to-end activities according to established metrics and SLAs
An effective communicator with exceptional relationship management and training skills with the ability to relate to people at any level of business & management
Certifications & Technical Proficiency
CEH - Certified Ethical Hacker
ISO27001 - Certified on ISO 27001:2005 Lead Auditor by BSI-India
ITIL - Certified on ITIL v3 foundation
CISA - Completed training on CISA certification
Skills
ISO 27001 & ISMS Implementation
BCP & DR review
IT Risk Management
IT Security Policies & Procedures reviews
IT Audits
System Audits, Internal Audits, Application Reviews
Security Compliance Management
SAS 70 Attestations (SSAE16)
IT General Controls review
SOX - 404 Consulting
Data Security & Privacy
IT Risk Advisory
Information Security Management
HIPPA
MS-Office, Microsoft-Visio,
SQL, DW-BI tools and Windows,
Tools: Sitescope, Nessus, EHPAS
SAP GRC10 and SAP Security administration
Technical Competency
• Incident handling and management
• Knowledge of Information Security frameworks and standards
• Communications Security Management
• Compliance & Strong Experience in Implementation and Auditing of 27001
• Configuration Management
• Identity Management
• Information Assurance
• Information Resources Strategy and planning
• Asset management
• Information Security Architecture
• Risk Management
• Technology Awareness
• Vulnerabilities Assessment/ Penetration Testing ( VA/PT)
Work Experience
IBM India Pvt. Ltd – Hyderabad-India (July`2013 - Till Date)
Title: ISO27001 Security & Compliance monitoring at Account Level
Client: DBS Bank Ltd –Singapore, Hong Kong
Lead Compliance Officer
Job Responsibilities:
The assignment involved performing independent assessment of controls framework operating effectiveness across 5 delivery locations spread in 4 countries and providing independent reporting to the client
Accountable for managing virtual teams working from 5 delivery locations operating from 4 countries, imparting trainings and providing guidance to the Operations Team in comprehending the control requirements
Developing controls and process documents for new and existing processes from time to time based on the changing environment, risks and client requirements
Presenting test results to the client during monthly security review meeting chaired by the Head Information Security Services and documenting the issues identified during the testing
Serving as a single point of contact between the client and IBM team for all the security and compliance related matters and coordinating with client’s teams during client internal audits of the IBM delivery locations
Ascertaining project team members to follow the information security and compliance guidelines provided by the client throughout their tenure in the account by constant education to staff and monitoring of the work place
Prepare IT Security training manuals and create awareness among the project team members, also conduct classroom trainings and quiz sessions at the workplace area.
Perform Vulnerability assessment and Risk Analysis for various applications also implement security controls to mitigate the high risk.
Review security Incident logs
Conduct business impact analysis (BIA) for DBS bank applications.
Implement BCP & DR plans for account level and to entire center, also coordinate with various teams to exercise the BCP testing.
Projects: ISO-27001/SSAE-16 Compliance Consulting, Security Audit/Assessment
Clients: Ontario state Health Dept- CANADA, American International Group (AIG-Insurance), Toshiba Electronics, KEMET Electronics, Airtel India Ltd, Starbucks, Fruit of the loom, Emerson, etc.
Period: July`2013 – Jun`2014
Senior Advisory Consultant
Job Responsibilities: IT Audit, Risk Management, Compliance, Control Testing, Process Review
Planning and conducting IT audits and system reviews for leading banks and financial industry.
Develop and implement account specific Privacy & Data Protection strategies and processes
As a Compliance officer responsible for the implementation and control testing of the ISO27001 controls within the account as per the framework requirements.
Gathering evidences, testing controls, highlighting exception/issues to the client and documenting the controls pertaining to ISO and client frameworks.
Work with delivery team towards addressing security requirements
Ensure up to date security processes and Periodic security reporting to Customer
Overall responsible for security management within account
Ensure compliance to clients security requirements pertaining to SOX, SSAE 16 and HIPPA
To analyze, evaluate and mitigate the risks associated with the controls.
Develop training presentation and conduct training program on Data Security & Privacy
To ensure that the project is audit ready and to reduce exposure to defects and corporate audit findings/ deficiencies.
BCP & DR implementation and conduct BCP/DR testing for the IT centre and project portfolio.
Working with team on developing SOD and implement SAP Security for the projects.
KPMG – Bangalore-India (July`2012 – June`2013) (One of the big 4 consulting firm)
Projects: IT/ IS Audits (SAS-70, GCC, SoX, BCC)
Clients: Banking & Financial services, Manufacturing & Retail, Payroll
Sr. Consultant
Job Responsibilities: Risk, Governance, Compliance, Audit
Perform specific audit procedures and prepare work-papers documenting the audit procedures performed.
Conduct risk assessment as per the client risk assessment methodology to identify gaps and areas requiring management intervention to prevent misappropriations, ensuring that objectives of the organization are achieved efficiently and effectively
Perform risk identifications and Information system audits for client engagements as per client specific requirements and per defined schedules and coverage
Performing internal audits for applications/infrastructure, validating the effectiveness of controls & provide consultation on required areas to the clients.
Perform compliance testing in accordance with audit standards within a ITGC/SAS70/ ISO27001 framework
Involved in gathering data for third party audit questionnaire in relation to technology and external audits
Develop detailed audit plans and programs
Actively managing multiple engagements and prepare work papers, test internal controls as per standards, prepare test of design documentation and test of operating effectiveness of IT controls.
Thorough knowledge of the audit framework-Sampling guidance, work paper requirements, Re-performance standards etc.
Prepare metrics/reports when asked for by the management on various aspects of audit management, including information security.
Platforms audited AS/400, Windows, Oracle, UNIX, LINUX, MSSQL, and Mainframe
Thirdware Solutions Ltd. Chennai-India (September`2007 – June 2012)
Projects: Consulting Assignments: ISO-27001 Compliance Consulting, Security Audit/Assessment, Business Continuity &Disaster Recovery Consulting
Client: Ford Motors Ltd. – North America & Europe
Sr. Security Analyst
Job Responsibilities: Information Security, Risk Management, Compliance
Perform internal reviews of applications, infrastructure, data centers and telecommunication closets to ensure security compliance and safeguarding the information resources of the enterprise
Perform S-OX reviews (application and infrastructure compliance as per S-OX 404) as a controls advisor.
Provide consultation and attestation of security & controls to application teams during application design and development life cycle (SDLC).
Ensuring compliance to organizations information security policy
Review/Modify technical architecture diagrams using MS-Visio 2007
Coordinate with solution architects on all architectural proposals to build in security
Knowledge of network topology, firewalls and security event monitoring tools.
Liasoning with external auditors for required audits and closure of external audit findings/reports.
Assist operations in performing the risk assessments for applications/infrastructure and business continuity as per ISO 27001.
Performed vulnerability assessment and log reviews for infrastructure and IT assets.
Internal & External IT audit assistance – scope & risk identification.
Follow-up to determine adequacy of corrective actions.
Consultation & compliance with security & controls for application development services and infrastructure components.
Manage policy and technology exceptions and support in identifying compensatory controls, validate and signoff risk acceptance.
Identify and understand the business processes and control requirements for the same via application or infrastructure control review documentations and self-assessments (system control review process).
Monitor & manage status of major & minor audit comments (IT related) and report to management.
Review control deficiencies and provide guidance and consultation for security regulations and compliance requirements of applications and infrastructure as per policies and standards.
Business Continuity & Disaster Recovery Management
BCP & DR Life cycle
Data collection, reporting and documentation.
Conduct business impact analysis(BIA)
Coordinate contingency planning and DR testing
BCP & DR implementation for the entire centre, inclusive of documentation, data collection, management, updating, co-ordination and testing.
Academic Qualifications
Master of Computer Application (MCA) from Osmania University-Hyderabad-2006
Bachelor of Computer Application (BCA) from Osmania University-Hyderabad-2003