Sign in

Information Security Management

St. Louis, Missouri, United States
February 20, 2018

Contact this candidate


Email: Ph: +1-314-***-**** Location : St Louis, MO

Professional Profile

IT industry experience spanning Project Management in Information Security, IT General Control SOX Compliance and Auditing, ITIL process support, Testing and Quality Assurance

Performed Project Planning, Budget management, vendor management, scope management, team management, issue management, Status reporting, Project closure, Review and prepare audit reports for multinational FMCG.

Involved in end to end projects across Requirement Analysis, Design, Development, Enhancement and Production Support across technology platforms. Setting up deployment strategy, version control and effective production handover processes

Experience in varied industry domains across Hi Tech manufacturing, Multilevel Marketing, Agricultural, FMCG, OIL and GAS

Certified Information System auditor (CISA) from ISACA, IT management and IT Governance (COBIT) from ISACA, Certified Project Manager (PMP) from PMI, ITIL Certified from EXIN, Information Security Management Systems Implementation Course from BSI, Six Sigma Black belt from Indian Statistical Institute. Trained and certified in Business Analytical Certification Program

Knowledge on Business Analytics methodology, data analysis using analytical tools R and SAS.

Professional Certification and Education

Certified Information Systems Auditor (CISA) certification, ISACA

ITIL V3 Foundation, BSI

COBIT 5 Foundation, ISACA

SIX SIGMA BLACK BELT, Indian statistical Institute


Work Experience

Unilever, India Oct 2014 – July 2017

Department: Hindustan Unilever Limited

Role: InfoSec Risk and Compliance lead

Location: Bangalore, India

Performed Project management of InfoSec activities, managed the InfoSec team, Risk management of application system, user access, vendor management, resource management, Issue tracking and escalation, status reporting, Budget management. Negotiated contracts with vendors. Reduced the overall spending on vendors by 20% by negotiating prices and fees.

Provided input to the quarterly IT Risk report for Company. Obtained security metrics and reporting those metrics to management

Executed periodic compliance checks and update the Information Security Policy to ensure alignment with the Unilever Global Information Security Policies, Managed security exceptions. Audit issues tracking and reporting and ensured audit issues timely closure. Analyzed Risk and provided actionable recommendation to mitigate risk. Performed Design effectiveness audit and Operational effectiveness audit.

Facilitated external ITGC SOX and ITGC statutory audit, provided closure for audit issues raised by external auditors. Review and prepare audit reports for IT SOX audit. Served as a liaison between external Audit team, IT teams, Global security team, Information protection network, business managers.

Maintained and Managed Disaster Recovery Plan, conducted periodic DR drill, Coordinated with business users to identify Recovery Time objective and Recovery point objective and came up with risk rating for the applications.

Followed-up on audit observations (SOX Audit, Corporate Audit, HUL Operations and other external Systems Audit engagements) with the individual IT Teams and obtained confirmation as to the implementation of the relevant controls

Participated in awareness programs and rolling out training programs to different teams on IT awareness

Assisted in implementing Unilever strategies related to Information security and audit controls.

Defined and tailored security policies for IT processes and assets and prepared and document SOP (statement of procedures).

SKS Consulting, India April 2011 – Oct 2013

Client: Hindustan Unilever Limited

Role: Risk and Compliance Manager

Location: Bangalore, India

ITGC internal SOX audit and compliance checks, interacted with vendor organization, process owners. Reviewed Infrastructure change management process, User access management, Patch management. Data center audit .Provided training and bringing SOX awareness in IT depts.

Monitored, Reviewed and Ensured that 20+ ITGC controls are enforced and proper evidences are generated based on frequency for Audits. Compiled evidences for each ITGC control based on risk and frequency of the control to demonstrate compliance with SOX. Communicated any violation of controls to appropriate team members and ensure compensating controls were implemented

Managed and fulfilled requests or tasks with External / Internal Audit and Control Owners for various regulation audits

Reviewed Service Level Agreements, SAS70 Type II reports, Contracts and complete Client Control Considerations

Worked with the business leaders, Internal Audit and project leaders to develop Roles & Responsibility to ensure segregation of duties (SOD)

Evaluated any known deficiencies and/or functional areas needing improvement and suggested actionable controls and monitored the efficiency of the controls. Coordinate in designing IT environment based on ISO 27000, SOX IT General Controls.

Closely worked with Business SOX Coordinator for Scoping and CISO to implement security Baselines

Participated in monthly steering meetings and presented on ITGC SOX and compliance issues.

Infosys Limited Oct 2000 – Dec 2009

Client: Syngenta Jan ’08 – Dec ’09

Role: Process Consultant

Location : Bangalore, India

Performed audit of the projects as per CMMi guidelines. Conducted training related to CMMi. Executed Six Sigma projects in the delivery unit.

Participated in the Risk assessment and gating reviews. Status reporting to the Delivery head .Tracked and reported metrics related to quality. Provided the feedback to management, development team using data collected.

Client: Cisco Sep ’04 – Dec ’07

Role: Team leader

Location : Bangalore, India

Performed Project management for multiple applications for maintenance and enhancement requests. Worked in Agile and iterative development methodologies, performed estimation of the requirements and ensured timely quality delivery. Performed Planning, supervising, and tracking the activities of team members. Developing documents, standards templates to be used by teams.

Analyzed information system needs, evaluated end-user requirements, custom designing solutions, troubleshooting for complex information systems management.

Client: Cisco Feb ’04 – Aug '04

Role: Developer

Location : San Jose, USA

Worked independently at client location to develop the department website in Perl. Worked with different teams to gather information. Responsible for improved product quality through the coordination and execution of software quality assurance and testing practices.

Client: Herbalife Mar 02 – Sep 02

Role: Onsite Coordinator

Location : Los Angeles, USA

Coordinated with customers and development teams for requirement gathering, development of use case, creation of design documents, test plans. Performed Issue resolution and status reporting, Development, Testing the application referring test plans.

Client: 3COM Aug ‘01 – Oct ’01

Role: Onsite developer and Secondary support

Location: Santa Clara, USA

Development and maintenance of multiple applications, Performed Requirement gathering and created design document and teat plans. Performed issue resolution and status reporting. Testing of application.

Contact this candidate