V I K A S D H A N K E R

Information security management professional equipped with comprehensive expertise and experience in Information Security Risk Management, project management and compliance. Registered Lead Auditor and consultant, offering over 14 years of experience in the field of Information Security management, quality management systems (ISO 27001, SOC 2), IT/ software development, risk assessment & BCP/DR, Proven leader with demonstrated success utilizing advanced interpersonal, communication and management skills to exceed all organizational goals and objectives.

Areas of Expertise

Team Leadership

Project Management

Strategic Planning/Analysis

GRC Compliance

SOC 2

ISO 27001 - Information Security

ISO 27005 – Risk Management

ISO 22301 – Business Continuity

ISO 9001 - Quality Assurance

Process Improvement

Performance Evaluation

ISO Training

Business Analysis

Professional Experience

ISO 27001 TRAINER, CONSULTANT & AUDITOR 2015 – Present

INFORMATION SECURITY AND COMPLIANCE

Oversee and direct management clients, including ISO 27001, VA/PT, SOC 2

Design the information security management system and help customer implement.

Working on HITRUST Project and helping customer to implement HITRUST requirements and get certified.

Institute and facilitate Information Security projects to ensure required credential and certification of ISO 27001.

Implement and conduct all vendor risk management initiatives.

Design and implement Risk management strategies.

Identify and provide an opinion on Remediation plan for risks identified

ISO 27001 Internal Audits

ISO 27001 Certification Audits for various certification bodies

ISO 27001 Training including Information Security, Internal auditor, Lead Implementer and ISO 27005 Risk Manager

RISK MANAGEMENT SOLUTIONS, INC. 2014 - 2015

COMPLIANCE MANAGER- (CONTRACT)

Managed and directed security strategy in order to control ability to detect, prevent and mitigate haphazard threats and attacks.

Augmented and ensured compliance with the ISO 27001, RMS and DMGT Information Security Policy and Standards; proactively work with business units to implement policies & practices that meet defined policies and standards for information security.

Provided subject matter expertise to Security Forum and Management on a broad range of information security standards, best practices, and compliance requirements

Conducted Risk Assessment and Business Impact Analysis for the identified business processes to arrive at Recovery Time Objectives and Recovery Point Objectives for different processes.

Created, developed and disseminated Business Continuity Plans for IT department; guide and facilitate the implementation of innovative Disaster Recovery Plan for critical IT Systems supporting processes.

Coordinated activities of internal and external network and execute systems vulnerability assessments and penetration testing.

Proactively supported cloud-hosted and local environments to ensure adherence to regulatory guidelines and security initiatives.

BRITISH STANDARDS INSTITUTION (BSI) – ISO CERTIFICATION BODY 2013 - 2014

CLIENT MANAGER- INFORMATION SECURITY MANAGEMENT SYSTEM

Conducted third party/ certification or surveillance audits to achieve compliance with ISO 27001.

Oversaw and moderated a variety of client relationships, enhancing overall satisfaction with external partners.

Acted as Assistant Manager from 2004 to 2005, responsible for internal audits geared to enhance business development.

INNOVATIVE GROUP INC/ ACCORD MANAGEMENT SYSTEM/ HARMONY SOLUTIONS INC 2011-2015 PRESIDENT- SELF EMPLOYED- DENVER, CO & LOS ANGELES, CA

Managed the retail businesses (Drug store, Restaurant, Gas station, Restaurant and Super Market).

Involved into daily operations

Managed over 35 employees at a time and over 3 locations at one time.

Managed vendor relationship, purchase and finding new vendors in order to lower the cost

Managed financial matters, payroll and tax related issues with the help of CPA

Improved the business by reducing the cost and improving the overall processes

Made changes to the current processes, which were in place for 15 years and implemented them successfully in order to get more profit

Managed advertisements and other efforts to increase the sales

Responsible for all hiring and firing related matters of the employees

TUV SUDS AMERICA 2008-2011

LEAD AUDITOR- DENVER, CO

Responsible for conducting compliance Audits, management system audits like ISO 9001, ISO 27001/ BS 7799, IT Audits

RJT COMPUQUEST INC 2007-2008

SR. CONSULTANT SECURITY- LOS ANGELES, CA

Responsible for implementation of SOX/ JSOX & Information Security Controls for the client

Successfully participated in JSOX project and conducted Risk Assessment at the client end.

Documented IT processes, assessed and prepared Risk Control Matrices, identified key controls and the risk, recommended compensating controls, and prepared documentation

Tested Key Controls thoroughly, prepared test papers, gathered evidence from process owners and prepared Testing Binders for the external auditors and Senior Management

WIPRO INFOTECH LTD 2007-2007

INFORMATION SECURITY CONSULTANT- GURGAON INDIA

Designed the complete Information Security Management System structure (Policies, Procedures) (In line with ISO 27001)

Analysis of existing security procedures to identify implementation gaps and understand security requirements of the IT infrastructure and processes

Coordination with various business units to understand business processes and its dependence on IT

Streamline existing information security processes to address gaps and concerns identified during the analysis phase

Co-ordination for Forensic and Penetration Testing and present the findings.

Development of Business Continuity Management Policy

Identification and analysis of business processes

Risk analysis and ranking of the risks identified and presenting the same to the steering committee with mitigation plans

Conduct Risk Assessment and Business Impact Analysis for the identified business processes to arrive at Recovery Time Objectives and Recovery Point Objectives for different processes

Develop Business Continuity Plans and communicate the same to IT department and guide them in development of Disaster Recovery Plans for critical IT Systems supporting Processes

Acting as a primary liaison and advisor to business units in the implementation of business continuity plan

Presentation to various management approval committees

Conducting and coordinating tests and documenting results

Obtain security management team’s approval for implementing the revised processes and procedure

Conducting kickoff meeting with the steering committee to scope ISMS implementation and obtain management commitment for implementation

Responsible for Characterization of Systems under scope, Security Policy, Threat Profiling and vulnerability assessments

Preparation of Asset Register encompassing assets of the organization and classification of the assets based on sensitivity and criticality of the same

Conducting brainstorming sessions with various stakeholders to arrive at threats for the critical assets

Conducting technical vulnerability assessment for the critical assets

Conducting GAP Audits against ISO 27001 Standards Compliance

Get the trainings conducted in all over India through the consultants (team of 5 consultants)

Analysis of the trainings feedback and results and report to the clients, with proper Corrective action plan for improvements (effectiveness of trainings)

DET NORSKE VERITAS AS (DNV) 2005- 2007

LEAD AUDITOR/ NORTH INDIA HEAD, INFORMATION AND COMMUNICATION TECHNOLOGY CERTIFICATIONS- NEW

DELHI, INDIA

Responsible for overall ICT (Information and Communication Technology) sector in Delhi region

Conducts Management System Audit for BS 7799/ ISO 27001 & ISO 9001: 2000 to ensure that the company's Quality

Overall responsible for Business development (ICT) and ICT Audits

Advise company on issues relating to audit and certification services

Conducted Trainings on Information Security and Quality Management System

BRITISH STANDARDS INSTITUTION (BSI INDIA PRIVATE LIMITED) 2004-2005 ASSISTANT MANAGER- NEW DELHI INDIA

Responsible for Business Development and Auditing (ISO 27001, ISO 9001)

Conducted several one-day awareness programs on ISO 9001 and Information Security Management system and other IT sector Systems standard, Data Protection Act, UK

Conducted trainings for the Sales persons in India on ERP package Salesforce.com

ICL CERTIFICATIONS LIMITED, 2002-2004

OFFICER- NEW DELHI INDIA

Responsible to conduct a quality management system audits and maintain business relationship with the quality

management consultants, Responsible for overall activities in North India, was also involved into trainings,

delivered ISO 9001 trainings to various levels of personnel including Management.

Delivered many One-day awareness programs for industries.

HI- CARE SOFTWARE TECHNOLOGIES PVT. LIMITED, 2000-2002 SOFTWARE DEVELOPER- NEW DELHI, INDIA

Responsible for Development of software on VB 6.0, Oracle

Assisted administrators in Network Administration

Formulated Operational Procedures, Network Security policy and Manual with Departmental Managers to comply with ISO 9001: 2000 Requirements

Co-ordinated and conducted Internal Quality Audits & System Audits

Report audit findings to the respective managers and follow up for corrective actions.

Participated in Management Review Meetings and in Surveillance/Certification Visits by our Systems Accreditors

Education and Credentials

Post Graduate Diploma in Information Technology and Management, Centre for Management Education, New Delhi, India

Bachelors of Science, Physics, Chemistry & Mathematics, SSJM Kanpur University, Kanpur Certified Lead Auditor BS 7799/ ISO 27001

Certified Vulnerability Assessor Leadership Training.

Certified Lead Auditor ISO 9001: 2000

Contact this candidate