Information Security Management
Resume:
V I K A S D H A N K E R
Information security management professional equipped with comprehensive expertise and experience in Information Security Risk Management, project management and compliance. Registered Lead Auditor and consultant, offering over 14 years of experience in the field of Information Security management, quality management systems (ISO 27001, SOC 2), IT/ software development, risk assessment & BCP/DR, Proven leader with demonstrated success utilizing advanced interpersonal, communication and management skills to exceed all organizational goals and objectives.
Areas of Expertise
Team Leadership
Project Management
Strategic Planning/Analysis
GRC Compliance
SOC 2
ISO 27001 - Information Security
ISO 27005 – Risk Management
ISO 22301 – Business Continuity
ISO 9001 - Quality Assurance
Process Improvement
Performance Evaluation
ISO Training
Business Analysis
Professional Experience
ISO 27001 TRAINER, CONSULTANT & AUDITOR 2015 – Present
INFORMATION SECURITY AND COMPLIANCE
Oversee and direct management clients, including ISO 27001, VA/PT, SOC 2
Design the information security management system and help customer implement.
Working on HITRUST Project and helping customer to implement HITRUST requirements and get certified.
Institute and facilitate Information Security projects to ensure required credential and certification of ISO 27001.
Implement and conduct all vendor risk management initiatives.
Design and implement Risk management strategies.
Identify and provide an opinion on Remediation plan for risks identified
ISO 27001 Internal Audits
ISO 27001 Certification Audits for various certification bodies
ISO 27001 Training including Information Security, Internal auditor, Lead Implementer and ISO 27005 Risk Manager
RISK MANAGEMENT SOLUTIONS, INC. 2014 - 2015
COMPLIANCE MANAGER- (CONTRACT)
Managed and directed security strategy in order to control ability to detect, prevent and mitigate haphazard threats and attacks.
Augmented and ensured compliance with the ISO 27001, RMS and DMGT Information Security Policy and Standards; proactively work with business units to implement policies & practices that meet defined policies and standards for information security.
Provided subject matter expertise to Security Forum and Management on a broad range of information security standards, best practices, and compliance requirements
Conducted Risk Assessment and Business Impact Analysis for the identified business processes to arrive at Recovery Time Objectives and Recovery Point Objectives for different processes.
Created, developed and disseminated Business Continuity Plans for IT department; guide and facilitate the implementation of innovative Disaster Recovery Plan for critical IT Systems supporting processes.
Coordinated activities of internal and external network and execute systems vulnerability assessments and penetration testing.
Proactively supported cloud-hosted and local environments to ensure adherence to regulatory guidelines and security initiatives.
BRITISH STANDARDS INSTITUTION (BSI) – ISO CERTIFICATION BODY 2013 - 2014
CLIENT MANAGER- INFORMATION SECURITY MANAGEMENT SYSTEM
Conducted third party/ certification or surveillance audits to achieve compliance with ISO 27001.
Oversaw and moderated a variety of client relationships, enhancing overall satisfaction with external partners.
Acted as Assistant Manager from 2004 to 2005, responsible for internal audits geared to enhance business development.
INNOVATIVE GROUP INC/ ACCORD MANAGEMENT SYSTEM/ HARMONY SOLUTIONS INC 2011-2015 PRESIDENT- SELF EMPLOYED- DENVER, CO & LOS ANGELES, CA
Managed the retail businesses (Drug store, Restaurant, Gas station, Restaurant and Super Market).
Involved into daily operations
Managed over 35 employees at a time and over 3 locations at one time.
Managed vendor relationship, purchase and finding new vendors in order to lower the cost
Managed financial matters, payroll and tax related issues with the help of CPA
Improved the business by reducing the cost and improving the overall processes
Made changes to the current processes, which were in place for 15 years and implemented them successfully in order to get more profit
Managed advertisements and other efforts to increase the sales
Responsible for all hiring and firing related matters of the employees
TUV SUDS AMERICA 2008-2011
LEAD AUDITOR- DENVER, CO
Responsible for conducting compliance Audits, management system audits like ISO 9001, ISO 27001/ BS 7799, IT Audits
RJT COMPUQUEST INC 2007-2008
SR. CONSULTANT SECURITY- LOS ANGELES, CA
Responsible for implementation of SOX/ JSOX & Information Security Controls for the client
Successfully participated in JSOX project and conducted Risk Assessment at the client end.
Documented IT processes, assessed and prepared Risk Control Matrices, identified key controls and the risk, recommended compensating controls, and prepared documentation
Tested Key Controls thoroughly, prepared test papers, gathered evidence from process owners and prepared Testing Binders for the external auditors and Senior Management
WIPRO INFOTECH LTD 2007-2007
INFORMATION SECURITY CONSULTANT- GURGAON INDIA
Designed the complete Information Security Management System structure (Policies, Procedures) (In line with ISO 27001)
Analysis of existing security procedures to identify implementation gaps and understand security requirements of the IT infrastructure and processes
Coordination with various business units to understand business processes and its dependence on IT
Streamline existing information security processes to address gaps and concerns identified during the analysis phase
Co-ordination for Forensic and Penetration Testing and present the findings.
Development of Business Continuity Management Policy
Identification and analysis of business processes
Risk analysis and ranking of the risks identified and presenting the same to the steering committee with mitigation plans
Conduct Risk Assessment and Business Impact Analysis for the identified business processes to arrive at Recovery Time Objectives and Recovery Point Objectives for different processes
Develop Business Continuity Plans and communicate the same to IT department and guide them in development of Disaster Recovery Plans for critical IT Systems supporting Processes
Acting as a primary liaison and advisor to business units in the implementation of business continuity plan
Presentation to various management approval committees
Conducting and coordinating tests and documenting results
Obtain security management team’s approval for implementing the revised processes and procedure
Conducting kickoff meeting with the steering committee to scope ISMS implementation and obtain management commitment for implementation
Responsible for Characterization of Systems under scope, Security Policy, Threat Profiling and vulnerability assessments
Preparation of Asset Register encompassing assets of the organization and classification of the assets based on sensitivity and criticality of the same
Conducting brainstorming sessions with various stakeholders to arrive at threats for the critical assets
Conducting technical vulnerability assessment for the critical assets
Conducting GAP Audits against ISO 27001 Standards Compliance
Get the trainings conducted in all over India through the consultants (team of 5 consultants)
Analysis of the trainings feedback and results and report to the clients, with proper Corrective action plan for improvements (effectiveness of trainings)
DET NORSKE VERITAS AS (DNV) 2005- 2007
LEAD AUDITOR/ NORTH INDIA HEAD, INFORMATION AND COMMUNICATION TECHNOLOGY CERTIFICATIONS- NEW
DELHI, INDIA
Responsible for overall ICT (Information and Communication Technology) sector in Delhi region
Conducts Management System Audit for BS 7799/ ISO 27001 & ISO 9001: 2000 to ensure that the company's Quality
Overall responsible for Business development (ICT) and ICT Audits
Advise company on issues relating to audit and certification services
Conducted Trainings on Information Security and Quality Management System
BRITISH STANDARDS INSTITUTION (BSI INDIA PRIVATE LIMITED) 2004-2005 ASSISTANT MANAGER- NEW DELHI INDIA
Responsible for Business Development and Auditing (ISO 27001, ISO 9001)
Conducted several one-day awareness programs on ISO 9001 and Information Security Management system and other IT sector Systems standard, Data Protection Act, UK
Conducted trainings for the Sales persons in India on ERP package Salesforce.com
ICL CERTIFICATIONS LIMITED, 2002-2004
OFFICER- NEW DELHI INDIA
Responsible to conduct a quality management system audits and maintain business relationship with the quality
management consultants, Responsible for overall activities in North India, was also involved into trainings,
delivered ISO 9001 trainings to various levels of personnel including Management.
Delivered many One-day awareness programs for industries.
HI- CARE SOFTWARE TECHNOLOGIES PVT. LIMITED, 2000-2002 SOFTWARE DEVELOPER- NEW DELHI, INDIA
Responsible for Development of software on VB 6.0, Oracle
Assisted administrators in Network Administration
Formulated Operational Procedures, Network Security policy and Manual with Departmental Managers to comply with ISO 9001: 2000 Requirements
Co-ordinated and conducted Internal Quality Audits & System Audits
Report audit findings to the respective managers and follow up for corrective actions.
Participated in Management Review Meetings and in Surveillance/Certification Visits by our Systems Accreditors
Education and Credentials
Post Graduate Diploma in Information Technology and Management, Centre for Management Education, New Delhi, India
Bachelors of Science, Physics, Chemistry & Mathematics, SSJM Kanpur University, Kanpur Certified Lead Auditor BS 7799/ ISO 27001
Certified Vulnerability Assessor Leadership Training.
Certified Lead Auditor ISO 9001: 2000
Contact this candidate