Security Management
Resume:
Gaurav Pahuja
CISSP CISA CISM ISO***** CCSA
pahujagaurav@gmailcom
Summary
Highly accomplished Information Security Compliance Analyst with a proven track record of successfully
•
completing Security Assessment projects, disciplined budget holder and effective communicator
Over 8 + Years of experience in various IT Infrastructure & Information Security Roles ranging from Risk
•
Assessment, Audit & Compliance, Controls Remediation, Security Design & Architect, IT Infrastructure
Management
• Adept in Designing Audits assess effectiveness and efficiency of controls, IT Infrastructure Management, Change
Management/Configuration Management, Technology Resource Administration with experience of establishing vendor
networks, forging strategic alliances & partnerships and ensuring SLA`s are met with both internally and from external
agencies
• Proficient in Identification of key controls and developing work programs for testing of these key controls
• Adept at mapping client’s requirements, custom designing solutions & troubleshooting for complex information
systems management
• Result oriented team player with demonstrated ability to respond to a fast paced dynamic environment with enthusiasm
& confidence
• Strong IT/business experience and knowledge in clarifying business requirements and designing IT Processes and
system improvements to increase productivity and reducing cost, thereby improving the ROI of the organization
• Experienced in drafting Organization Policies/Procedures/Guidelines related to Information Security
• In depth knowledge of Business Continuity Planning, Disaster Recovery & Planning, High Availability, Load
Balancing and Database Clustering solutions, along with Quality Standards like ISO27001/ISO27002
Experienced in Bandwidth Allocation & Management, Performance Tuning, Troubleshooting, Support &
•
Documentation of Inter Network Infrastructure
• Experienced in leading teams, with exceptional follow up capabilities for completion of project within the agreed
timeframe
• Excellent communication and interpersonal skills, interfaces effectively with upper management, subordinates,
vendors, co workers & peers
Professional Certification
CISA from Information Security Audit & Control Association(ISACA)2008
•
Passed CISM from Information Security Audit & Control Association(ISACA) 2007
•
ISO 27001 Lead Implementer from British Standard Institute (BSI) LTD 2006
•
Certified Information Systems Security Professional ( CISSP) 2005
•
• Checkpoint Certified Security Administrator NG Management 1 (CCSA) 2004
• CISSP workshop conducted by C&W
• ATM,FR workshop conducted by GDA,UK
Key Skill Sets
Technical
• MS (all versions): Access, Excel, Power Point, Word, SharePoint
• Reporting: Cognos, Crystal Reports
• Project Management: MS Project Reports,, MS Project,
• ERP/CRM: SAP, PeopleSoft, Oracle (DB, 8i), SAP, Siebel
• Database: SQL Server 2000, SQL, TSQL, DB2, Lotus Notes
• Systems: Windows (all versions), Mac OS, Linux, Mainframe, RACF, UNIX
• Web/Network: Citrix, LDAP, ASP//NET, Firewall, IDS, Firewall Logs, Network Activity Reports
• Document Management: ePM, e Risk, Certus, PolicyIQ, Visio
• Social Media: MySpace, FaceBook, Twitter, FourSquare, Gowalla, Hollrr, Ustream, Google Wave, Omniture
Functional
• Design & Implementation of Security Controls
• Formulation of Corporate Information Security Policies, Standards & Guidelines
• Deployment of Security Management Framework and lead SOX, GLBA, COBIT, PCI Compliance Efforts
• Share the Enterprise Information Security Role with a Business counterpart and work to manage Information Security
Technologies in conjunction with related business issues and concerns
• Provide Information Security Risk Assessment and Consulting to expertise for internal projects
• Periodically review Information Security Metrics Ensure compliance with SLAs and assist with related Risk
Mitigation efforts
• Evaluate Enterprise Security Products for GRC – Agiliance, Archer, Modulo
• Play a key role in end user awareness, education and communications
• Work closely with internal and external audit towards regulatory requirements and compliance objectives
• Conducting Information Security Risk Assessments, Business Impact Analysis, Footprint Analysis, Threat and
Vulnerability Management
• Plan, review, implement, maintain & documentation of Business Continuity Plans/Disaster Recovery Plans
Project Management
• Conducting Case / system / Process Study for project planning, scoping, estimation, tracking
• Implementation of project plans within pre set budgets and deadlines
• Team mentoring, deployment, monitoring and development
• Defining best practices for project support and documentation
Frameworks:
COBIT, ISO 17799/ISO27002, ISO 27001, ITIL / ITSM, HIPAA, GLBA, PCI DSS, DITSCAP, OCTAVE, FISMA,
NIST SP800 Series (SP800 30, SP800 53)
Overview of major assignments Led and Executed
Shell – KP MG - Project Manager I nformation Risk Management
Sept 10 - Present
• Responsible Maintaining, Tracking Project deliverables for Shell UA
• Managing UA IRM Compliance Dashboard and Global Major remediation projects
Cisco Systems- WebEx - I T A udit and Compliance Analyst – Santa Clara, CA July08 – Sept
2010
• Member of a Security Compliance Team for IT Risk, Compliance and Audit activities
Responsible for tracking & reporting of issues for Internal Control Services (ICS) Currently GRC
•
• Managed relationship, liaised and coordinated with internal & external audit groups on IT compliance
examinations and risk reporting
• Reviewed and updated Security Policy in alignment with ISO 27001 Requirement.
• Provided consultation and advisory on audit issues/gaps remediation, internal control designs, SAS70
review, information security assessment processes
• Assisted in Implementation of PCI Gap Remediation and helped with deliverables
• Identified, evaluated, documented and monitored the remediation of control deficiencies
• Performed I.T. level assessment to summarize MIS SOX 404 and 302 readiness
• Conducted IT regulatory risk and security impact review of various US regulations
• Managed review of Physical access control, management and privilege review process
• Developed departmental Information Security Policies for supported lines of business and review of new
Corporate Policies and Standards
• Reviewed and Assessed physical security of Data center
• Responsible for Evaluation of GRC tool for WebEx currently Cisco CSG
• Responsible for submitting RFI/RFP Security Questionnaire to Account Manager within SLA
Citigroup – Security Consultant – Newark, DE May 07 –
J un08
Project: RPOD (Remote Access) Firewall Rule Remediation CAP
• Ensured compliance of all CitiVPN firewall rules against the CATE ACL Standard
• Documented gaps in implementation and forwarded to the GFRE team to entitle, log and review
• Developed the Firewall Rule Standard to demonstrate implementation of the ACL Standard
• Centralized the IP Registration process and ensured proper documentation maintained
• Developed process work flow demonstrating team responsibilities and required activities
• Reviewed process flow with CATE, GORM, ISA and PSFRI standards to address gaps
• Developed action plan for all gaps identified and engage all teams required to address gaps
Team Lead
Project: GNCC Template v13 and V14 upgrade on Cyber guard Firewalls
• Evaluated, tested, implemented, and certified the final template Ver 14
• Responsible for upgrade of 150 Cyberguard firewalls template to monitor external Devices
• Scheduled and Prioritized RFC for up gradation of Template in compliance to BU Green Zone
• Upgrade of Cyberguard Firewalls was completed with in green zone with no downtime
• Automated the up gradation process to reduce the implementation time using bash shell scripting
Project: Major Business Issues Corrective Action Plan
• Part of Remediation team constituted by consulting team from Verisign with high visibility to C Level
Executives
• Audited the firewall infrastructure including Cyberguard and Checkpoint firewalls
• Identified 15,000 broad access rules which were reduced to complete compliance with industry standards
• Developed the remediation plan in compliance with Citigroup requirements
• Followed internal methodology developed by Verisign in compliance to Citigroup policies and processes
• Prioritized High risk issues and resolved firewall inbound rules for access
• Remediated 1000+ high risk rules on priority within a short span as required by the policies
• Documented processes and change management processes in co ordination with business users
Wipro - Consultant: ISO27001 Compliance – Bangalore, I ndia Feb 06 –
J an07
• Developed information security processes pertaining to compliance verification,
authorization/authentication, access control, asset accounting, and policy/standard/process taxonomies
• Designed Security Policy, Procedures and Implementation Plan based on ISO 17799
• Reviewed and revised existing polices and standards
• Lead Security Risk Assessment for Wipro Limited
• Lead Consultant for ISO 27001 Implementation for Wipro InfoTech ISO 27001 Compliance
• Conducted an as is state assessment of IS / IT infrastructure by scanning of servers, routers and review of
systems as per standard checklists
• Designed roadmap for Disaster recovery plan and business continuity plans based on NIST
• As a Technical Change Manager, review and validate the major and significant changes Did a risk
assessment and approve changes happening in the organization
• Conduct IT Security Audits and Assessments for Wipro and suggested security mechanisms to safeguard
critical assets
C able & Wireless - Securi ty Analyst – Bangalore, I ndia Dec 02 –
F eb 06
• Member of the Enhanced Support Solutions Division; involved in providing Enterprise Managed Security
Services
• Conducted training on Change Management, SLA Reporting and BS7799 adherence
• Provided Incident Response Management entailing monitoring of security alerts & events generated by Arch
sight, Real Secure IDS, firewall logs, system logs and other SNMP polled devices on a real time basis
• Adhered to Process and Escalation Management in compliance with Process Control Definitions and
Service Level Agreements agreed with the customer to achieve customer satisfaction
• Performed security event monitoring, correlation using the arch sight correlation engine
• Designed the Change Management Process based on ITIL Framework
• Reviewed Daily operation status of Managed services for Executive Management
Internal Auditor
• Designed a Risk Assessment and Management methodology
• Conducted internal audit to analyze the gaps corresponding to ISO 17799 requirements
• Map the BS7799 controls which is applicable for mitigating the risks identified
• Assisted in preparation of Security policy, Security procedures, Business Continuity and Disaster Recovery
Plan
• Classified Assets for IT, HR and Service Information Group (SIG)
• Perform Security Awareness training for the organization
Information Analyst
• Designed Reporting Templates For Various Network Performance Reports
• Merrill Lynch Global Network Operation Project Reporting was for1200 router designed on 8 performance
Parameters requested by Customer
• Designed JPMC Traffic data Utility Report measuring bandwidth of ATM, FR, and IPLC Served as
substantial proof for sale worth $1 Million of ATM, FR circuits
• Analyze the trend of the network using Info vista Reporting tool
Acama Softwa re Solutions - Web Developer – Bangalore, I ndia Jun99 –Jul00
• Analysis of the existing system and identifying the required enhancements
• Designing and codification of programs
• Involved in software testing, bug tracking and bug fixing
Education
• Master’s degree with major in Computer Science
• Bachelor’s degree with major in accounting
IT Knowledge
• Applications Used: MS Office, MS Outlook, MS Visio, Remedy, Virsa
• ERPs Reviewed: SAP R/3, JD Edwards, e Applications
• Database: Oracle, MS SQL
• Programming Languages: C, C++, JAVA,
• Operating Systems Reviewed: MS DOS, Windows X, AS400, AIX, UNIX, LINUX and Mainframe OS/390
• Networking Components: Cisco Routers 2500, 2600 and 7200 Series, Cisco Switches 1900, 6509 Series,
Check Point NG, Cisco Pix Firewall, IDS (Snort)
• Tools & Utilities: Audit System 2, ACL, ISS, NESSUS, SARA, NMAP, and Symantec ESM, Netcat,
L0phtcrack, John the Ripper, Ethereal, LANGuard, Iris, Sniffit, SNORT, Retina and Ngrep and War Dialing
Tools such as Toneloc
Contact this candidate