SIRAJ MD

Mobile:+91-837*******

E Mail: actgy4@r.postjobfree.com

Summary : Siraj is an Information Security Expert having 8+ years of post-qualification professional experience in the field of Information Security& Operations, IT Audits, IT Risk Advisory, Enterprise Risk and Compliance Management, Business Continuity Management(BCM) and Project Management.

Presently I am working as Lead Advisory Consultant with the Security, Governance, Risk and Compliance Practice at IBM India Limited.

Perform audits of information systems and related processes & review related security policies and procedures.

Adequate exposure and 8+ years of working experience of COBIT/ISO27001-2005 & 2013 framework and ITIL framework(IT Service Management)

Adept in implementing & assuring security processes, tools and architecture designs.

Develop information security processes and procedures as per standards and best practices

Participated in full lifecycle and implementation of ISO27001: 2005 & 2013 framework and ISO27002 code of practice.

Worked on regulatory compliance standards like Data Privacy, SOX, HIPAA, SAS70 and implemented ITGC controls for assets.

Good knowledge on third party risk assessment and vendor management, evaluation

Good experience on project management and prepare/maintenance of SOP’s

Strong knowledge on change management, Incident management.

Support annual internal compliance activities, monitor and report status to management by preparing metrics and report.

Perform training need analysis and provide IT security related trainings to employees

Holding Business Visa (B1-USA) and worked on onsite for 12 weeks.

Manage team and support end-to-end activities according to established metrics and SLAs

An effective communicator with exceptional relationship management and training skills with the ability to relate to people at any level of business & management

Certifications & Technical Proficiency

CEH - Certified Ethical Hacker

ISO27001 - Certified on ISO 27001:2005 Lead Auditor by BSI-India

ITIL - Certified on ITIL v3 foundation

CISA - Completed training on CISA certification

Skills

ISO 27001 & ISMS Implementation

BCP & DR review

IT Risk Management

IT Security Policies & Procedures reviews

IT Audits

System Audits, Internal Audits, Application Reviews

Security Compliance Management

SAS 70 Attestations (SSAE16)

IT General Controls review

SOX - 404 Consulting

Data Security & Privacy

IT Risk Advisory

Information Security Management

HIPPA

MS-Office, Microsoft-Visio,

SQL, DW-BI tools and Windows,

Tools: Sitescope, Nessus, EHPAS

SAP GRC10 and SAP Security administration

Technical Competency

• Incident handling and management

• Knowledge of Information Security frameworks and standards

• Communications Security Management

• Compliance & Strong Experience in Implementation and Auditing of 27001

• Configuration Management

• Identity Management

• Information Assurance

• Information Resources Strategy and planning

• Asset management

• Information Security Architecture

• Risk Management

• Technology Awareness

• Vulnerabilities Assessment/ Penetration Testing ( VA/PT)

Work Experience

IBM India Pvt. Ltd – Hyderabad-India (July`2013 - Till Date)

Title: ISO27001 Security & Compliance monitoring at Account Level

Client: DBS Bank Ltd –Singapore, Hong Kong

Lead Compliance Officer

Job Responsibilities:

The assignment involved performing independent assessment of controls framework operating effectiveness across 5 delivery locations spread in 4 countries and providing independent reporting to the client

Accountable for managing virtual teams working from 5 delivery locations operating from 4 countries, imparting trainings and providing guidance to the Operations Team in comprehending the control requirements

Developing controls and process documents for new and existing processes from time to time based on the changing environment, risks and client requirements

Presenting test results to the client during monthly security review meeting chaired by the Head Information Security Services and documenting the issues identified during the testing

Serving as a single point of contact between the client and IBM team for all the security and compliance related matters and coordinating with client’s teams during client internal audits of the IBM delivery locations

Ascertaining project team members to follow the information security and compliance guidelines provided by the client throughout their tenure in the account by constant education to staff and monitoring of the work place

Prepare IT Security training manuals and create awareness among the project team members, also conduct classroom trainings and quiz sessions at the workplace area.

Perform Vulnerability assessment and Risk Analysis for various applications also implement security controls to mitigate the high risk.

Review security Incident logs

Conduct business impact analysis (BIA) for DBS bank applications.

Implement BCP & DR plans for account level and to entire center, also coordinate with various teams to exercise the BCP testing.

Projects: ISO-27001/SSAE-16 Compliance Consulting, Security Audit/Assessment

Clients: Ontario state Health Dept- CANADA, American International Group (AIG-Insurance), Toshiba Electronics, KEMET Electronics, Airtel India Ltd, Starbucks, Fruit of the loom, Emerson, etc.

Period: July`2013 – Jun`2014

Senior Advisory Consultant

Job Responsibilities: IT Audit, Risk Management, Compliance, Control Testing, Process Review

Planning and conducting IT audits and system reviews for leading banks and financial industry.

Develop and implement account specific Privacy & Data Protection strategies and processes

As a Compliance officer responsible for the implementation and control testing of the ISO27001 controls within the account as per the framework requirements.

Gathering evidences, testing controls, highlighting exception/issues to the client and documenting the controls pertaining to ISO and client frameworks.

Work with delivery team towards addressing security requirements

Ensure up to date security processes and Periodic security reporting to Customer

Overall responsible for security management within account

Ensure compliance to clients security requirements pertaining to SOX, SSAE 16 and HIPPA

To analyze, evaluate and mitigate the risks associated with the controls.

Develop training presentation and conduct training program on Data Security & Privacy

To ensure that the project is audit ready and to reduce exposure to defects and corporate audit findings/ deficiencies.

BCP & DR implementation and conduct BCP/DR testing for the IT centre and project portfolio.

Working with team on developing SOD and implement SAP Security for the projects.

KPMG – Bangalore-India (July`2012 – June`2013) (One of the big 4 consulting firm)

Projects: IT/ IS Audits (SAS-70, GCC, SoX, BCC)

Clients: Banking & Financial services, Manufacturing & Retail, Payroll

Sr. Consultant

Job Responsibilities: Risk, Governance, Compliance, Audit

Perform specific audit procedures and prepare work-papers documenting the audit procedures performed.

Conduct risk assessment as per the client risk assessment methodology to identify gaps and areas requiring management intervention to prevent misappropriations, ensuring that objectives of the organization are achieved efficiently and effectively

Perform risk identifications and Information system audits for client engagements as per client specific requirements and per defined schedules and coverage

Performing internal audits for applications/infrastructure, validating the effectiveness of controls & provide consultation on required areas to the clients.

Perform compliance testing in accordance with audit standards within a ITGC/SAS70/ ISO27001 framework

Involved in gathering data for third party audit questionnaire in relation to technology and external audits

Develop detailed audit plans and programs

Actively managing multiple engagements and prepare work papers, test internal controls as per standards, prepare test of design documentation and test of operating effectiveness of IT controls.

Thorough knowledge of the audit framework-Sampling guidance, work paper requirements, Re-performance standards etc.

Prepare metrics/reports when asked for by the management on various aspects of audit management, including information security.

Platforms audited AS/400, Windows, Oracle, UNIX, LINUX, MSSQL, and Mainframe

Thirdware Solutions Ltd. Chennai-India (September`2007 – June 2012)

Projects: Consulting Assignments: ISO-27001 Compliance Consulting, Security Audit/Assessment, Business Continuity &Disaster Recovery Consulting

Client: Ford Motors Ltd. – North America & Europe

Sr. Security Analyst

Job Responsibilities: Information Security, Risk Management, Compliance

Perform internal reviews of applications, infrastructure, data centers and telecommunication closets to ensure security compliance and safeguarding the information resources of the enterprise

Perform S-OX reviews (application and infrastructure compliance as per S-OX 404) as a controls advisor.

Provide consultation and attestation of security & controls to application teams during application design and development life cycle (SDLC).

Ensuring compliance to organizations information security policy

Review/Modify technical architecture diagrams using MS-Visio 2007

Coordinate with solution architects on all architectural proposals to build in security

Knowledge of network topology, firewalls and security event monitoring tools.

Liasoning with external auditors for required audits and closure of external audit findings/reports.

Assist operations in performing the risk assessments for applications/infrastructure and business continuity as per ISO 27001.

Performed vulnerability assessment and log reviews for infrastructure and IT assets.

Internal & External IT audit assistance – scope & risk identification.

Follow-up to determine adequacy of corrective actions.

Consultation & compliance with security & controls for application development services and infrastructure components.

Manage policy and technology exceptions and support in identifying compensatory controls, validate and signoff risk acceptance.

Identify and understand the business processes and control requirements for the same via application or infrastructure control review documentations and self-assessments (system control review process).

Monitor & manage status of major & minor audit comments (IT related) and report to management.

Review control deficiencies and provide guidance and consultation for security regulations and compliance requirements of applications and infrastructure as per policies and standards.

Business Continuity & Disaster Recovery Management

BCP & DR Life cycle

Data collection, reporting and documentation.

Conduct business impact analysis(BIA)

Coordinate contingency planning and DR testing

BCP & DR implementation for the entire centre, inclusive of documentation, data collection, management, updating, co-ordination and testing.

Academic Qualifications

Master of Computer Application (MCA) from Osmania University-Hyderabad-2006

Bachelor of Computer Application (BCA) from Osmania University-Hyderabad-2003

Contact this candidate