Information Security Manager
Resume:
An information security professional with * years of working experience with major bank and retail company; MS in Information Security, PCI ISA, CISM, and LPT (CEH and ECSA); specializes in security tools, technologies and best practices with focus on compliance, user awareness and technology risk. WORK EXPERIENCE
Core.ES – National Bank of Kuwait Kuwait
National Bank of Kuwait is one of the largest banks in the region and the first shareholding company in Kuwait and the Persian Gulf region with a total market capitalization of KD 4.2 billion. Position: Senior Specialist Compliance and user awareness (June ’16 – Present) Responsibilities:
Manage compliance group wide including PCI DSS (Payment Card Industry Data Security Standard) and other regulatory compliances and in International Banking locations
Manage PCI PIN Security (Visa PIN Security) compliance for bank
Planning and implementation of information security awareness program for users and customers across bank and International Banking locations.
Providing inputs for risk assessments of various IT teams and applications.
Maintaining and updating all security policies and procedures as required for compliance requirements
Coordinate with various team leads to maintain compliance in upcoming and existing applications.
M. H. ALSHAYA CO. WLL. Kuwait
M. H. Alshaya Co. is one of the most dynamic and successful retailers in the region with more than 2800 stores, Alshaya Retail franchises some of the world's best known brands such as Mothercare, Starbucks, H&M, Debenhams, P.F. Chang's, The Cheesecake Factory, Victoria's Secret, Pottery Barn and KidZania. Position: Supervisor Information Security (January ’14 – May ‘16) Responsibilities:
Manage PCI DSS (Payment Card Industry Data Security Standard) compliance of eCommerce websites and stores across MENA region
Coordinate with various team leads to conduct risk assessments in upcoming and existing applications and present findings to senior management
Manage ISMS compliance (ISO27001) across IT
Lead mobile application penetration testing
Established and manage a team for vulnerability assessment and penetration testing in India and Kuwait
Conduct organization wide training and awareness for ISMS, PCI DSS and general security practices
Planned and led migration from ISO 27001:2005 to ISO 27001:2013. Position: Officer Information Security (25th Aug ’11 – December 2013) Responsibilities:
Formulated guidelines and established procedures for conducting vulnerability assessments and penetration testing
MANISH SACHAN
Phone: +965-***-**-***
******.******@*******.***
Conducted vulnerability assessments and penetration testing and coordinated with various teams to close the gaps and vulnerabilities
Conduct PCI DSS compliance review of stores
Execute Risk Assessments and work with various teams to mitigate the risks
Conduct periodic ISMS compliance (ISO27001) review
Managed day-to-day incident response and investigation. TECHNOLOGY SKILL-SET
Security Tools: Nexpose, Nessus, W3AF, OWASP ZAP, Metasploit Framework, Nmap, SQL injection tools like SQL map, BSQL injection, Burp Proxy, Wireshark, Kali Linux
Platforms: Linux based, Mac OS and Microsoft Windows
Programming skills: C++, J2SE, VB, Python, Shell scripting, Ruby on Rails. INTERNSHIP
INDIAN INSTITUTE OF SCIENCE (May ’10 –July ’10) Bangalore, India Project: Studying & Addressing the Security Issues in E-Tendering System Description: Created a framework for the development of an E-Tendering system application that is user friendly, robust, transparent and secure, and practical and economically feasible to implement. EDUCATION/CERTIFICATIONS
November 2017 Key Management Training as per PCI PIN standard April 2015 Payment Card Industry – Internal Security Assessor January 2014 Certified Information Security Manager (Exam qualified) - ISACA July 2013 Licensed Penetration Tester (license No: MS13-42) - EC- Council August 2012 Certified Ethical Hacker & EC-Certified Security Analyst - EC- Council 2009-2011 Master of Science – Cyber Laws and Information Security Indian Institute of Information Technology, Allahabad 2005 – 2009 Bachelor of Technology -- Computer Science and Engineering Uttar Pradesh Technical University, Lucknow
PUBLICATIONS
Performance Analysis of Enhanced Mobility Model in Cloud Computing Description: Proposed a model to enhance the mobility services in Cloud by utilizing the concept of HMIPv6 in coexistent network and produce a performance analysis of the existing models with the proposed model. The proposed model reduces the burden on existing IPv4 addresses and enhances mobility as a service in Cloud Computing.
Published in: IEEE link to paper.
Contact this candidate