Page * of *

Tanmay Kumar Kundu

CISM®, CEH®, Lead Auditor ISO 27001, ISO 9001

Lead Implementer ISO 27017, ISO 27701, Six Sigma Black Belt E-Mail : adj9o3@r.postjobfree.com Contact No. : +91 – 931*-***-*** Professional Summary

Over 13 years of proven track record into for Information Security Management System, Quality Management System, Risk Management, Data Loss Prevention, Process Improvement, & many more. Projects includes designing, architecture, solutioning, consulting, advisory, implementing, compliance and delivering managed services for information security, quality management, and process improvements related to international standards namely ISO 27001 for Information Security Management System, ISO 9001 for Quality Management System, ISO 31000 & ISO 27005 for Risk Management, ISO 27004 for Monitoring, Measurement, and Improvement, ISO 22301 for Business Continuity, DLP for Data Leak/Loss Prevention, Six Sigma for Statistical Process Improvement, Total Quality Management, 5S, KAIZAN, etc.

Journey so far includes experience into vivid market sectors like, Big-4 consulting, e-learning, IT & ITES, Background Screening, Risk Management Services, and Reverse logistics. Skills

• ISO 27001 (ISMS), ISO 27002 • ISO 9001 (QMS)

• ISO 31000 (Risk Management) • ISO 27005 (InfoSec Risk Management)

• ISO 27004 (Monitoring, & Measurement) • ISO 22301 (BCMS)

• ISO 27017 (Cloud Services) • ISO 27018 (Protection of PII)

• OHSAS 18001 • ISO 27701 (PIMS)

• CISM, CEH certified • Six Sigma Black Belt, and Green Belt

• CISSP, CISA trained • Stakeholder Management

• Risk Management • Quality Management System

• Consulting, and Managed services • Continual Improvement

• DLP (Data Leak/Loss Prevention) • Managing External & Internal Audits

• GDPR, SOC2 • RCA (Root Cause Analysis)

• Program Management • Handling Audit Findings

• Management Reviews • Skill Building, Training, and Awareness

• Corrective Actions • Statistical Analysis, QC Tools

• Visualization, and Data Analysis • Agile and waterfall methodologies

• GRC Archer • Customer Satisfaction Surveys (CSAT)

• Cyber Essentials plus attestation • Attack & Pen test Program Management Professional Certifications

ISO Lead Auditor International Certifications (IRCA Approved):

• ISO/IEC 27001:2013 (Information Security Management System) from BSI.

• ISO 9001:2015 (Quality Management System) from INTERTEK.

• OHSAS 18001:2007 (Occupational Health & Safety) from INTERTEK. ISO Lead Implementer Certifications:

• ISO 27701:2019 (Privacy Information Management System) from EYCP.

• ISO 27017:2015 (Code of Practice for Info. Security Controls for Cloud Services) from EYCP Information Security Certifications:

• CISM® from ISACA

• CEH® from EC Council

• CISA Certificate of Continuing Education Completion from Cybrary

• CISSP Certificate of Continuing Education Completion from Cybrary

• Cloud Computing Certificate of Continuing Education Completion from Cybrary

• PCI DSS for Corporates from Udemy

Statistical and Process Improvement Certifications:

• Six Sigma Black Belt (certified) from Advance Innovation Group, Noida.

• Six Sigma Green Belt (certified) from Indian Statistical Institute (ISI), Delhi. Technical Tools

• Advance Excel • eGRC Archer • MindManager • SharePoint

• Minitab • MS PowerPoint • MS Projects • MS Visio Page 2 of 3

Work Experience

EY (Ernst & Young)

Designation: Manager (Supervisory Associate) – Information Security Tenure: Dec’2014 – Till Date

Key Responsibilities:

• Program manager and solution architect for ISO 27001, ISO 9001 & other security framework.

• Implementing, managing, and consulting for ISO 27001 (Information Security Management System) for EY’s global offices, partner & member firms, internal clients, data centers.

• Design, develop, customize, and control information security frameworks as per client’s need based on ISO 27001, and other ISO 27000 series standards.

• Consulting & managing service delivery for Risk Management, DLP (data loss/leak prevention), BCM/BCP, BIA, Continual Improvements, Compliance, & other information security functions.

• Onboarding support for certification for new entities, clients, member/ partner firms.

• Leading risk management, monitoring & measurement, continual improvements.

• Program management, corrective actions, management reviews, audits findings, KPIs.

• Manage internal and external audits, ISO documentation.

• Share periodic dashboards & health of the ISMS with the stakeholders for decision making.

• Maintain healthy client relationship through query resolution, regular connect, meetings, etc.

• Establish collaborative relationships with business, functional teams, & relevant stakeholders.

• Support organization to gain client’s trust and confidence by building a robust information security framework, regular program updates, improvement suggestions, etc.

• Versed with information security frameworks like DLP, Cyber Essentials (CE and CE+), NIST, and other best practices conforming to client and business requirements.

• Team building through coaching, mentoring, knowledge sharing, and training.

• Drive information security awareness campaigns.

Compunnel Technology India Pvt. Ltd.

Designation: Manager– Total Quality Management

Tenure: Sep’2010 –to- Oct’2014

Key Responsibilities:

• Management Representative and Solution Architect for ISO 9001, and ISO 27001 standards.

• Implement and manage ISO 9001 and ISO 27001 framework for the organization.

• Ensure compliance to Quality and Information Security Management System.

• Run risk assessments, drive risk treatments plans for the business and support functions.

• Lead management reviews, run internal audit programs.

• Handle ISO external audits and client audits.

• Handle audits findings, corrective actions, monitoring & measurement, continual improvement.

• Drive business continuity program (BCP), change management, root cause analysis.

• Create and control ISO documentation for both ISO 9001 and ISO 27001 standards.

• Lead customer satisfaction survey program to share voice of customer with the management.

• Suggest and drive improvements through gap analysis, data analysis, trend analysis.

• Problem solving and quality initiatives using Six Sigma, Minitab, and various quality tools.

• Collaborate with certification bodies, external auditors on certification program, audit program.

• Design and update process flow-diagrams, process mapping for new and existing services.

• Ensure effective process adherence through regular monitoring, reporting and audits.

• Keep management up-to-date about the health of ISMS and QMS though periodic reporting.

• Run awareness programs for ISO implementation, information security, quality management.

• Conduct training programs on process compliance, internal auditor’s trainings, etc.

• Implemented Agile software development process.

AuthBridge Research Services Ltd.

Designation: Senior Executive- Compliance

Tenure: Oct’2009 –to– Aug’2010

Key Responsibilities:

• Implement, manage, and compliance of ISO 9001and ISO 27001 standard.

• Handling External & Internal audits.

• Handling Management Representative responsibilities.

• Handling process improvements, customer satisfaction surveys.

• Conducting trainings like ISO awareness, Compliance etc. Page 3 of 3

Aforeserve.com Ltd.

Designation: Engineer- Quality & Process

Tenure: Aug’2008 –to– Sep’2009

Key Responsibilities:

• Implement, manage, and compliance of ISO 9001 standard.

• Heading QC department.

• Handling External & Conducting Internal audits.

• Conducting ISO awareness trainings.

• Handling all MR activities for ISO 9001 standard. RT Outsourcing Services Ltd.

Designation: Quality Analyst

Tenure: July’2007 –to– Aug’2008

Key Responsibilities:

• Involved in ISO 9001 compliance.

• Executing Quality control checks & audits.

• Involvement during External & Internal audits.

• Involvement in ISO awareness trainings.

• MIS and quality reporting for the team.

• 5S, KAIZAN activities and awareness.

Academics

M.B.A. (distance learning) specialized in Production & Quality Management from Annamalai University, Chennai, India (passed out in 2010).

B.E. (full time) with Electronics & Communication from Maharishi Dayanand University, Haryana, India

(passed out in 2007).

12th (Non-Medical), and 10th (General) from D.A.V Public school, Faridabad, Haryana, India affiliated to CBSE (passed out in 2002 and 2000 respectively). Professional Achievements

• Executed ‘50+’ (and counting) implementation projects on ISO 27001 and ISO 9001 standards, including certification, re-certification and surveillance audits.

• Conducted more than 600 person-days of Internal Audits both for ISO 9001 & ISO 27001 standards.

• Bagged with ‘Extra Miler’ achievement award in EY, within a year of joining.

• Became ‘Management Representative’ for ISO 9001, and ‘Information Security Manager’ for ISO 27001 within a span of three years from the start of professional career.

• Received the title of ‘Best Debutant’ in the 2nd month of joining for outstanding performance in AuthBridge Research Services Ltd.

• Recognized as ‘Best Performer’ within three months of joining for good performance in RT Outsourcing Ltd.

Personal Dossier

Year of Birth : 1984

Languages well versed with : English, Hindi, and Bengali Current Location : Faridabad, Haryana. India

Interests : Travelling, Photography, and Listening to Music Valid Passport : Yes

Contact this candidate