Security Management
Resume:
Manoj K Sarangi
B *, Flat No ***, Shriram White House, R T Nagar, Bangalore;
+91-988**-*****; ************@*****.***
A proven, internationalist, results driven Security and Privacy Executive, internationally mobile, bilingual and able
to influence at a senior level with a strong blue chip background. A strategist, change leader and driving force
behind security improvements that safeguard data, ensure compliance, and facilitate informed advancement
towards organizational goals. Open new markets, launch service lines, drive growth, generate revenue, win
market share, improve margins, and manage teams’ peak performance are some of the key achievements. Expert
at leveraging existing resources to bring effective, actionable security and risk management vision to complex
enterprises with minimal budget. Have a deep understanding of compliance, business processes and underlying
auditing principles. Experienced in change management, business aligned security architecture, IT infrastructure
reviews, technology evaluation, business processes, market opportunity definition, new technologies, re alignment
of IS resources, technical upgrades and new technology deployment initiatives within leading edge environments.
Experienced in leading teams through all phases of large scale technology rollout including cost analysis, risk
management, planning, implementation and quality control. Professional background includes extensive
knowledge of Internet technologies, risk management, information security, corporate espionage and
countermeasure solutions. Have strong understanding of ISO (27001, 27005), PCI DSS, CVSS and CMM
standards.
Hands on leader capable of motivating diverse and cross cultural teams to achieving objectives in a timely
manner and provide mentoring with a wide base of technical knowledge. Have good project, vendor, and staff
management expertise. Have inspired, built and led focused teams across Indian subcontinent to enable my
employer to consolidate itself as a market leader. International mobility and working across cross cultural
environments are some of the other strengths. Key contributor to enterprise level planning and decision making, a
valued advisor and requested consultant to top tier executives. A strong consensus builder, forming cooperative
relationships across senior management, clients and business partners. Thorough market and risk knowledge
provides insight to limit potential future threats and allow communication of risks, and solutions to senior
executives.
Experienced in public policy initiatives to showcase the strengths of the organization. Have strong network with
industry bodies like USIBC, NASSCOM, DSCI, CII, CYSI and others. Speaking to press on behalf of the
organization and deliver key messages are some other key strengths. Have worked with government at various
levels to garner support on key issues and initiatives. Over 16 years of professional experience that include
leading the country business pillars Security and Privacy for the largest multinational operation in India with over
90,000 people.PROFESSIONAL EXPERIENCE
Deloitte Touche Tohmatshu India Pvt. Ltd Feb 2009 – Till Date
Director, Enterprise Risk Services
Recruited by Deloitte to lead service offerings in Information Security with a large number of fortune 500 clients,
public sector organizations and the government. Lead the public policy initiatives at various levels and forums.
Key Responsibilities
- Implement innovative security and risk management programs that drive awareness, decrease exposure,
and strengthen organizations. Enable developing risk mitigation strategies in large corporations
- Regarded as a trusted advisor to the executives on Security and privacy areas by top executives of
fortune 500 corporations
- Regarded as a key member of multiple CISO, CPO councils
- Extensive experience of working on policy and processes on risk management, security and privacy in
enterprise level as well as across business domains
- Proven success in performing risk assessments / audits / SAS 70’s, managing readiness engagements,
establishing global SOX compliance programs, managing audits and compliance against regulatory /
standards / leading practices (i.e. HIPAA, EU Privacy Directive, SOX, GLBA, Clause 49, FFIEC, etc.) and
establishing control environments
- Led multiple Org-wide training and assessment programs on Security and Privacy.
- Responsible for developing various data protection services working with multi-billion fortune 100
corporations. Developing go-to market strategy, issue briefings, marketing collateral and delivery
methodology.
- Hosting CXO roundtables, targeting key accounts and assist account teams in positioning service offering
and leading teams in the solution delivery
- Designed and implemented solutions for enterprise infrastructure, security, business continuity strategy
and resiliency, fault tolerant infrastructure, crisis management, application / infrastructure integrity and
privacy.
IBM India Pvt. Ltd. Nov 2005 – Jan 2009
Chief Privacy and Security Officer
Recruited by IBM India to assume the overall accountability in data protection and risk management arena and
lead the effort to position IBM as a leader in the assigned space. This position had the obligation to oversee and
directs security programs across IBM India. Oversee design and implementation of preventative security
measures, employee education and risk management programs. Represented IBM in public forums and led the
public policy initiatives in the area of security and privacy pan India.
Key Responsibilities
- Oversaw privacy compliance and strategies globally for Company, including GLBA, HIPAA, EU Privacy
Directive, FFIEC electronic commerce, employee monitoring, intellectual property, etc. Oversee cross
border data transfer issues in outsourcing activities and ensured zero violation.
- Drove multiple service initiatives including ‘go to‘ market strategy, issue briefings and service portfolio
management in Security and Privacy arena.
- Served as member of Critical Event Management Team for the region.
- Acted as the ‘single point of contact’ for IBM to address press/media related to the security and data
protection strategy in India
- Developed and conducted training programs in Data Protection and Risk Management.
- Represent IBM’s global team that monitors Company's comprehensive written policies and procedures for
each line of business and business support group.
- Continually review all aspects of Companies business to ensure Security and Privacy policies address all
operations for the lines of business and business support groups.
- Facilitate internal and customer audits of IBM’s security/privacy practices. Led and hosted a large
number of Customer briefings.
- Developing the overall Risk Management strategy and ensuring execution. Understanding the current and
future risks to IBM and adapt strategy as necessary to respond to changing risks and threats.
- Representing IBM India in the global management team that approve technologies deployed in risk
management
- Spearheaded Multiple ISO 27001 deployment and certification for the organization and its clients.
- Assumed overall accountability for Business Continuity Management; encompassing BCP and DR
aspects.
- Accountable for investigation of security incidents, disciplinary actions and closure.
- Ensuring that compliance is maintained against security policies; gathering key security metrics to
demonstrate compliance including reporting to the management.
- Support sales efforts by presenting IBM’s security strategy goals and results to customers or conferences
- Manage Information Security budgets as per Strategic goals
- Responsible for defining security frameworks, strategize system security planning, developing, and
auditing security policies across organization.
- Regarded as a key member of multiple CISO, CPO councils
Hewlett-Packard, India Software Operations, Bangalore Aug 2001 – Nov 2005
IS Lead
Recruited to establish and manage enterprise-wide information-security program. Provide technical leadership to
the enterprise for the information security program. Mentor and train others in information security in addition to
training for other technical groups. Design and implement security measures and perform cost benefit analysis on
all recommended strategies. Collaborate with internal auditors to conduct in-depth compliance audits, presenting
key results to management. Develop curricula and facilitate awareness training for management and employees.
Key Responsibilities:
- Primary responsibility included, developing a corporate information security vision/strategy and to provide
leadership and direction in designing and implementing information security program that recognizes data
and information as a critical asset to the company. This also include the delivery of key security
architecture and technology programs thru in-depth knowledge of technical, physical, and administrative
controls and is responsible for monitoring and reporting the status of corporate wide status and
compliance with key metrics to the management.
- Collaborated with partners and peers from across the world and locally to gather information, trends in
threats, vulnerabilities and develop shield around them. This also include assessment and
documentation of current threats, vulnerabilities and risks concerning critical business applications,
operating platforms and infrastructure, then develop needed countermeasures according to established
methodologies. This also includes continuous analysis of business risk profiles and provides assurance
that appropriate risk mitigation measures are taken.
- Installed and maintained security infrastructure, including IPS, IDS, log management, and security
assessment systems. Assess threats, risks, and vulnerabilities from emerging security issues. Publish
Security Updates newsletter for technical groups. Draft enterprise security standards and guidelines for
system configuration. Managed process and acted in the lead role for computer security incident
response team. Perform and create procedures for system security audits, penetration-tests, and
vulnerability assessments.
- Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of
protection and adherence to the goals of the overall information security strategy. Assisted in the
development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of
hardware, software, and installed systems and networks. Assisted with testing of installed systems to
ensure protection strategies are properly implemented and working as intended. Led the incident
response team and recommended corrective actions. Communicated with personnel about potential
threats to the work environment. Participated in forensic recovery and analysis at various stages.
Participated in development and maintenance of global information security policy.
- Maintained security of voice and data networks and equipment. Monitored and maintained physical and
logical security and access to systems. Responsible for support of existing security policies and
procedures, as well as creation and implementation of new security procedures. Responsible for risk
assessment of partners. Managed the security and up-gradation of DNS, firewall, e-mail security. Assisted
with the upkeep of network infrastructure including routers, switches and load balancers. Achievements
include completing various enterprise certifications, and development of incident handling procedures.
- Support the Global teams, Finance/Operation stakeholders, company divisions and subsidiaries in a
consulting role by evaluating and recommending improvements to business practices, processes, and
control procedures.
- Developed awareness programs to educate the enterprise of information security and compliance
requirements.
- As the lead of security Team, carried the responsibility of managing audit coverage of security, system,
and network (voice and data) processes and controls for the complete environment. Examine and verify
Information System processes and procedures from internal organizations in order to determine the
reliability and effectiveness of the existing internal control systems. Audit complex information systems
applications and procedures to ensure compliance with policies, procedures and best practices. Perform
software and network security reviews. Review corporate Business Continuity plans and conduct dry
runs. Provide management with objective analysis, recommendations and comments concerning all
findings.
- Performed consulting services for management, internal, and external clients on topics of information &
infrastructure security. Successfully planned and deployed secure and reliable organisation-wide Internet
connectivity using hybrid technology. Analyzed internal and perimeter networks, recommending, and
implementing strategies to ensure adequacy of security.
- Responsible for managing IS division, vendors, service providers and contractors
- Responsible for antiviral Protection, Content Filtering, IDS, VPN and Firewalls.
- Implemented key changes in IS department which resulted in significant savings.
- Received award for saving cost to HP through streamlining of processes and building in-house training
capability
Ministry of Communication and IT, Government of India, New Delhi Dec 1995 – July 2001
Scientist C (Internet Division)
Recruited to manage system integration and responsible for IT infrastructure design, deployment and security.
Oversee recruiting, training, resource allocation and assessment functions. Built and mentored cohesive, qualified
teams committed to meeting schedule and budgetary needs.
Key Responsibilities:
- Prepared the basic framework for Information handling.
- Responsible for the development and deployment of web based applications for government
departments
- Responsible for management of IT servers including Mail server, web server and DNS server
- Responsible for gateway operations and External routing (BGP4)
- Assisted in assignments relating to IT policies and procedures including development of security policies.
- Participated in Y2K and data security reviews different organizations
- Provided risk and controls advisory services to internal as well as external partners and also execute risk
management and control assessment projects.
- Involved in initiatives on Information Assurance and security engineering including communication
security, Single Integrated Operational Plan (SIOP) security, network security, OS security and other
areas of Information Assurance.
- Performed professional consulting services on network management, firewalls and network security
- Designed and deployed Network infrastructure for several clients encompassing future Network Vision,
Network Software & Protocols, Directory Services, Network Management system, Internet Technology,
LAN/WAN Infrastructure,
- Hardened Internet gateways to be the first line of defence to enhance organizational security and prevent
attacks, intrusion detection, logging and reporting of all suspicious activity on Internet routers and
firewalls.
- Provided need based networking solutions to different organizations and access control/enforcement for
AAA (Authentication, Authorization &Accounting) services and resource Audit.
Jawaharlal Nehru University, New Delhi Jan 1994 – Dec 1995
Senior Research Fellow
- Worked on research in streams of distributed systems
- Assisted in preparing the curriculum for the MCA programs.
- Taught multiple subjects in the MCA curriculum.
EDUCATION AND CREDENTIALS
Bachelor of Science Degree in Electrical Engineering
REC/NIT ROURKELA
Master of technology in Computer Science
School of Computer & Systems Sciences
JNU, New Delhi
CISA- Certified Information Systems Auditor (CISA) ISACA®
Trained in Project and Program Management by HP
Tools/Technologies
Security Tools including but not limited to Snort, Retina, Solarwinds, Iris, Firewalk, NMAP, Nessus, AppScan,
Websense
WINDOWS, UNIX (AIX, HPUX, Solaris, Linux)
Cache Engines, Load balancers
Some Other Highlights
Member of DSCI (Data Security Council of India)
-
Member Of National Security Council of CII(Confederation of Indian Industry), South India
-
Member of CYSI (Cyber Society of India)
-
Member of US India Business Council (promoted by US Chamber of Commerce)
-
Member of NASSCOM DSCI Cybercrime lab initiative in multiple states
-
Received the Raizada award for the best publication in the CSI (Computer Society of India)
-
Communication for the year 1994 95.
Represented parent organisations in a number of conferences; some prominent ones are:
-
- Spoke at Cyber Safe Tamil Nadu organized by NASSCOM, DSCI and Tamil Nadu Police on Dec 10 th
2009
http://www.nasscom.org/Nasscom/Templates/EventMasterLanding.aspx?id=15019
- Spoke at workshop on Information Security Management Bangalore
http://www.eventsinindia.com/events/16284-information-security-management-system
- Spoke at Information Technology (Amendment) Act, 2008 and Privacy Workshop, New Delhi, April 28,
2009 (slides)
http://www.dsci.in/index.php?option=com_content&view=article&id=81&Itemid=101
- Spoke at India Information Security Summit 2007
http://www.bpiai.org/India_Information_Security_Summit_2007.html
- Spoke at the "Conference Board, New York" to the "Council of Chief Privacy Officers" on October
10th 2006
http://www.conference-board.org/councils/councilsDetailUS.cfm?Council_ID=296
- Spoke at 14th Convergence India 2006 (Held every year, Convergence India is a event for the South
Asian ICT Industry)
http://www.convergenceindia.org/2k6-conf-day2.html
- Spoke at the IT Security Day Celebration organized by Cyber Society of India (slides)
http://www.cysi.in/uscounsel.html
- Spoke at Seminar on Staying Secure in Cyberspace arranged by Cyber Society
http://www.cysi.in/blrchapterinaug.html
Contact this candidate