Rakesh Sharma
B.Tech, PGD IT, CISM, CISSP, ITIL, Prince2, PMP, Six sigma
Address : Flat No. 190, DDA Apartment, Sector 18 B, Dwarka
New Delhi - 110078, INDIA
Mobile : +91 - 981******* (or) +91-896*******
Email : ******.*.******@*******.*** (or) ***********@*****.***
Skype : libra08cool
Residency : India Permanent Resident
Visa : Singapore (Multiple Entry) & USA B1/B2 Visa (Multiple Entry)
Seasoned IT Professional & Sr. MANAGEMEnT
Summary of Skills and Experience
Leader with diverse experience of 17+ years in Tier-1 IT Services companies of proven experience solving challenging business problems with innovative enterprise solutions aligning business needs to IT capabilities
Insightful, results-driven IT professional with notable success directing a broad range of corporate IT security initiatives while participating in planning, analysis, and implementation of solutions in support of business objectives. Excel at providing comprehensive secure network design, systems analysis, and full life cycle project management. Hands-on experience leading all stages of system development efforts, including requirements definition, design, architecture, testing, and support. Outstanding project and program leader; able to coordinate and direct all phases of project-based efforts while managing, motivating, and guiding teams.
Proven cyber security executive with experience delivering $125M+ portfolios, building and leading customer-facing security services, and corporate Information Security
Proven information security leader with success in guiding implementation of leading-edge technology solutions while balancing security initiatives to risks, business operations and innovations. Specialties include network design, systems architecture, configuration management, and systems administration with extensive experience healthcare, financial, cloud computing, and software development industries. Volunteer for the board of directors for the Silicon Valley Chapter of the Information Systems Security Association (SV-ISSA).
Advises executive customers of security threat and operational trends in quarterly briefings Compelling presenter with credibility to engage customers and win business
Certified Information Systems Security Professional (CISSP) with experience evaluating the application of technology controls to business functions in the areas of manufacturing, transaction processing, finance, and protection of non-public personal information. I am also a Certified Payment Card Industry Security Manager/Auditor (CPISM/A), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified Information Privacy Professional (CIPP). My practical risk management experience includes risk assessments in the areas of program development life cycle, network vulnerability, multi-platform security, and application and data threat analysis.
Published author, representing rich cyber security experience in books, papers, and executive briefings
EDUCATIONAL QUALIFICATION:
Degree / Diploma
Institute/Board
Year
CGPA
Post Graduate Diploma in Information Technology (MBA - IT)
Symbiosis International University, Pune, India
March 2012
63 %
B.Tech (Electronics And Communication Engg.) Hons. (B.Tech)
Guru Nanak Dev University, Amritsar, India, Department Of Electronics Technology
May 2003
68.06%
Senior Secondary (SSC) (Non-Medical)
CBSE
1999
65.20%
Higher Secondary (HSC)
CBSE
1997
66.66%
PROFESSIONAL EXPERIENCE:
HP (Hewlett Packard) / DXC Technology November 2013 – Till Date
Sapient Corporation Inc.
October 2009 – November 2013
Accenture Technologies Inc.
January 2007 – October 2009
CitiXsys Technologies Inc.
January 2006 – December 2006
iBilt Technologies Ltd.
June 2003 – January 2006
Magus Info Com Pvt. Ltd.
June 2001 – March 2003
Professional Experience
HP (Hewlett Packard), aka DXC technology November 2013 — Present
Head for IT Cyber Security and Risk Management – AMEA (Asia Pacific, Middle East & Africa)
(Singapore, India)
Responsible for IT Security and Risk Management of rapidly growing $20+ Billion HPE - ES(now DXC technologies) managed security portfolio, directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program. Governed all county security policies, procedures, designs, networks, application deployments, and implementation of all facilities. Established and implemented security program policies and standards for 40+ departments and over 200 locations. Presented Information Security topics for business-specific issues to senior leadership, department heads and the board of supervisors. Served as the Regional Security Officer, establishing programs and evaluating compliance. The scope of responsibility will encompass communications, applications and infrastructure, including the policies and procedures which apply and as given below:
Developed and implemented a strategic enterprise IT security and IT risk management program to ensure that the integrity, confidentiality and availability of information
Developed and executes a global information security risk assessment for HP/DXC
Proven cyber security executive with experience delivering $35M+ portfolios, building and leading customer-facing security services, and corporate Information Security
Built multiple dedicated Security Operation Centers (SOC) in India/Malaysia and security teams for operations, device management and future enhancement needs for multiple customers across geographies (APAC) and business domains (energy, entertainment, gaming, insurance, BFSI, retail and Cloud sectors).
Directs global team of team of senior security investigators to hunt threats using advanced threat intelligence, security telemetry and advanced analytics
Responsible for executing Cyber defense Security Operations Center vision, strategy, and program.
Develop innovative and effective procedures for the Security Operations Center to enhance response time, coordination and incident response operations, and build a world class team of Cyber Security Eyes on Glass /Active monitoring and Triage, L2 level analyst team who will be involved in quality analysis, investigations.
Delivers and cultivates rapid threat detection and mitigation using Sourcefire IPS with AMP, ThreatGrid sandboxing, advanced threat intelligence using CIF, Soltra, and OpenSOC, including Hadoop for consuming, parsing and analyzing 6 Gbps at each PoP, with all forms of system telemetry and syslog
Delivers expert security device management including monitoring, planned changes, patch management, and architectural growth
Delivers hosted security solutions (anti-spam, advanced malware protection) across 600 customers globally, growing at 150% y/y
Built security solutions (Cyber, Threat) to provide competitive and unique offerings in the market, contributing in sales growth with new and existing customers. Includes SaaS based solutions and on premise solutions, along with security vendors partnership.
Developed and implemented an on-going global Information Security Awareness program.
Coordinate security issues with all business units, including executive management. Formed the Global Technology Risk Management Council, consisting of members from the US, Europe, and Asia.
Supported to international regulators and auditors including global IT Sox compliance and PCI programs.
Leading the IT E-Discovery efforts, teaming with corporate legal to develop sound and compliant practices. Leads or coordinates forensic investigations as required.
Led an award-winning infrastructure transformation/network consolidation project, securing $3.65M in annual savings for company (OPEX) and $1.2M in initial CAPEX. Consolidated 40 enterprise domains into single forest, decreasing serves by 27%, reducing help desk tickets by 50%, cutting support costs by 20%, boosting bandwidth by 300%, reducing domains by 95%, and reducing domain administrators by 85%.
Developed an enterprise information security framework. Ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.
Deployed a Mobility strategy that includes Windows Tablets, IOS and android devices. Increasing security through MDM solution and encompassing a BYOD policy
Migrated to a Private Cloud EMR to address Disaster Recovery and back up compliance while increasing security and real time data reporting
Lead on-going security risk assessments and status reporting efforts for all company clients
Provided guidance and recommendations to clients and company on prioritization of investments and projects that mitigate risks, strengthen defenses
Working as primary company control point during follow-up on significant information security incidents, oversee development of response plans, and provide timely update reporting.
Advise the management team on risk issues that are related to information security and recommend actions in support of Sybersense's wider risk management programs.
Well-versed in regulations and standards related to risk management and security, including Sarbanes-Oxley, HIPAA, ARRA/HITECH, NIST, DoD, ISO 27001 and 2, and the Payment Card Industry Data Security Standard.
Ability to clearly communicate security and risk management concepts to non-technical audiences.
Align practical risk mitigation with business objectives and foster a risk-conscious corporate culture.
Continued innovative development, implementation, and delivery of the Managed Security Services (MSS)
Participating and leading the decision making on the overall design, implementation and operations of SOC infrastructure and delivery of MSS services
Corporate responsibilities included managing the information security budget of $3.7M, selecting security technologies and services in support of the security program and allocating funds to adequately meet the company's security program objectives
Provided leadership to the security team in conducting an extensive internal NIST 800-53 rev. 3 gap analysis, assessing several hundred discrete security controls across the company's global SaaS, cloud computing infrastructure to provide transparency and decision support in preparation for process reengineering, technology procurement and personnel acquisition
Implemented a program and road-map to address the critical need to acquire the Federal Information Security Management Act (FISMA) Certification & Accreditation Moderate level pursuant to the compliance requirements of a Govt. contract valued at over $100M.
Led PCI-DSS 2.0 audit preparation activities and guided the CIO in implementing supporting technology and effective security control processes within the development and operation environments. This effort led to successful recertification of PCI-DSS 2.0 Tier 1, which is a mandatory requirement, for the company's Internet SaaS platform which processes over $1B customer transactions world-wide.
Reengineered information security business processes globally including IS technology vendor & services procurement, DDOS response and mitigation, PCI-DSS, ISO 27002 and NIST/FISMA compliance programs. This resulted in greatly improving program efficiency, reflecting an immediate cost savings of $580K and projected future savings of $1.5M over three years
Implemented a risk-based governance, risk and compliance information security management model by realigning each discrete security discipline such as incident management, threat & vulnerability management, monitoring, logging and analysis with internationally accepted best practices. This, in addition to implementing a reporting mechanism to give the rest of executive management timely visibility into the status of security controls and risks for enhanced business decision support
Researched and provided a blueprint of complementing technologies, including, Security Information & Event Monitoring (SIEM), Information Security Management System (ISMS) and identity Management System to provide a real-time internal Security Operations Center (SOC) capability and customer facing Security Portal with feature sub-set functionality
Conducted the global security awareness training for company officers, executives and managers and revised the awareness program to include an online Learning Management System delivery component for anywhere, anytime information security policy education and employee training verification
Sapient Consulting October 2009 — November 2013
Senior Manager of Cyber Security and Risk Management
The process owner for all ongoing activities that served to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Formulated security strategy and baseline controls for a heterogeneous operating system environment. Developed security solutions that facilitate the strategic needs of the business in conjunction with the fulfillment of senior management’s fiduciary and legal responsibilities based on ISO 17799/27002 standards.
• Developed and implemented policies on information asset protection, data classification, operating system platform security, network security, and acceptable computing resource use.
Managed security for multi-year end-to-end development of an integrated national labor market (complex IT platform) for government ministry – covering security architecture using SABSA, personal identifiable information (PII) assurance framework, threat modeling, risk assessment, penetration testing cycles, DevSecOps, standardization, processes and security operations governance.
Worked with vendors and partners to identify, evaluate, and test solutions.
Developed and maintained Business Continuity and Disaster Recovery Plans.
Strengthened organization image and reputation by handling security project and deliveries purely by AEC with in consortium.
Hired, supervised, guided and headed teams of subject matter experts, penetration testers, SOC analysts and IAM engineers.
Produced security matrices for monitoring and reporting.
Provided strategic consultancy by leading technical proposals.
• Project Lead for the Secure Business Environment project encompassing network vulnerability, E-Commerce data protection, and Virus Management.
• Collected, analyzed, and interpreted information and data to support sound, cost effective recommendations for business improvement and to secure the information system environment.
• Coordinated with the business organizations to ensure the implementation of proper controls and maximum security with a minimum impact to functionality or purpose
• Performed information security risk assessments and compliance audits for information security processes regarding AS/400, AIX, OS/390, Windows 2000, and network appliances.
• Evaluated AS/400 system security values, UNIX system security files, RACF SETROPTS parameters, Windows 2000 user and workstation policy settings, firewall rule-set parameters, and router configuration files.
• Performed network vulnerability, malware, port, and IP payload scans
• Implemented processes to identify threats to the organization information assets and computer resources
• Monitored compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties.
• Monitored internal control systems to ensure that appropriate information access levels and security clearances are maintained.
• Participated on the Incident Management Team for the organization's disaster recovery and business continuity readiness.
• Coordinated and conduct intrusion event investigations and forensic reconnaissance.
Accenture Technologies
January 2007 — October 2009
Manager of Information Security
Providing Risk Management and mitigation recommendations for projects in large healthcare clients covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.
Identify business objectives and key Business Risks, as well as critical business processes and information assets.
Developed an information security and IT compliance programs for health system consisting of 3 hospitals and 40 outpatient facilities
Established an Information Security Steering Committee and served on IT strategic planning committee, corporate compliance committee, and enterprise risk committee
Guided the development of a project management office and an ITIL based service desk to aid in better resource management and customer service
Provide regular briefings on the state of security to the Board of Directors and senior leadership
Developed a risk management framework use to prioritize IT risk mitigation and budgeting
Oversaw implementation of governance, risk and compliance (GRC) management platform to monitor compliance with regulations and standards such as HIPAA/HITECH, PCI, FACTA, NIST, ITIL, COBIT
Spearheaded identity and access management (IAM) program to streamline user account creation, termination and moves on systems throughout the enterprise
Initiated deployment of network access control (NAC) solution to identify and authorize all devices that attach to enterprise and monitor for compliance
Established an Access Management program creating 5 man years of productivity saves
Established state of the art Threat and Vulnerability Management process
Established Vendor Security processes using industry best practices, remediating regulator audit issues
Established Software Security program that includes embedding controls into the SDLC saving costs and improving overall quality
Established a risk assessment methodology simple enough for anyone in the company to use, with standard enterprise metrics allowing different risk types to be aggregated for total enterprise risk.
Established a Data Loss Protection program spanning electronic and paper based data loss
Successfully led the company through an end to end review of new security program with the FFIEC with zero findings
Managed end to end cyber security for an integrated national labor market (complex IT platform for 9 million users and integrated with 19 agencies) for government ministry – covering security for critical infrastructure, threat modeling, risk assessment, penetration testing cycles, DevSecOps, standardization, processes and security operations governance.
Worked with vendors and partners to identify, evaluate, and test solutions.
Build the supporting architecture to achieve the defined strategic roadmap leveraging the Cyber Reference Architecture framework and blueprints.
Define Enterprise Security Architecture principles, framework, models, security profiles, etc.
Define design scope and deliverables and produce design artifacts.
Identify appropriate technologies.
Define the technical controls necessary to support policies and reduce risk.
Ensure clean transition into operations and adapt or define appropriated security processes with roles and responsibilities.
Align service operations with a service management system (ITIL/ISO 20000).
Citixsys Technologies
January 2006 — December 2006
Manager of Information Security
Performed risk assessments that identify threats to security of information, systems, and computing assets throughout the IT infrastructure. Applied technology and audit best practices to address business needs.
Security Strategy: Drive overarching security vision, existing security programs and conduct analysis of present and anticipated threats and define new programs to plug in identified gaps.
Security Operating Model: Created cost effective and efficient security operating model for solid security posture.
Security Architecture: Develop security guiding principles as well as logical security architecture for Applications, Data and Infrastructure EA layers. Proficient in deep diving into multiple layers for detailed security design
Security Governance: setup up Enterprise Security Governance organization in large enterprises and helped structure program, define roles and responsibilities and help in establishing decision making, RACI, risk management & escalation matrix framework
Develop, maintain and publish information security related policies, standards and procedures
Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from service providers.
Develop and enhance an information security management framework based on the following: National Institute of Standards and Technology (NIST) Cyber security Framework and ISO-27K standards as well as any requirements and best practices required by the San Manuel Gaming Commission.
Liaise with the solution architecture and planning and design team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
Manage security incidents and events to protect Tribal IT assets, including intellectual property, regulated data and San Manuel's reputation.
Establish relevant threat intelligence feeds and monitor the external threat environment for emerging threats. Advise relevant stakeholders on the appropriate courses of action.
Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
Oversee and refine effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.
Develops and maintains strong working relationships to collaborate and partner with key stakeholders and external solution providers to advocate for appropriate security practices
iBilt Technologies Ltd.
July 2005 — December 2005
Information Security Analyst
Deliver network and infrastructure support for Valley Oak Systems' complex Java J2EE, iVOS claims management product development environment and Software as a Service (SaaS) platform. Supporting enterprise user base with offices in multiple locations as well as 25% remote workforce.
Successfully completed SAS/70 type 2 audits on time and budget, without exceptions or qualifications required. (SSAE16 SOC1 and AT101 SOC2 type 2 reports).
Re-architected the network infrastructure and re-numbered the entire network with zero customer or internal impact in a single change window.
Introduced change management policies and procedures for infrastructure changes reducing the number of unscheduled or unplanned outages by 75%.
Reduced non-staff IT costs by 20% while maintaining key metrics through VMware virtualization, application rationalization, legacy system retirement, and SAN storage consolidation.
Implemented a new operating system deployment scheme for all new Linux and windows servers using PXE boot and Kickstart / Slipstream which reduced time to deploy by 25%.
Re-architected SaaS infrastructure to provide high-availability using Linux Cluster services and Global File System (GFS) along with Oracle Real Application Clustering (RAC) providing for 99.99% up time.
Managed 9 direct reports with differing focuses including Linux Systems Administrators, Windows Systems Administrators, Network Engineers, Database Administrators, and Information Security.
Managed capital budget of $1.7M and completed all documented projects on time, and within budget.
Created a capacity planning model for internal facing systems and virtualization as well as hosting architecture to predict spending needs.
Successfully implemented centralized log management and intrusion prevention systems increasing auditability of network infrastructure.
Managed Private Branch eXchange (PBX) supporting analog and digital systems (SIP / H.323)
Deployed private Jabber / XMPP system for internal instant messaging
Planet PCI Infotech Ltd.
July 2003 — July 2005
Information Security Analyst
Provided company-wide risk and exposure assessments to meet regulatory requirements for the finance, financial services, and mortgage industries including FDIC, PCI, and Privacy Regulations such as SB1386, HIPAA. Managed IT Security Devices.
Lead engineer for company-wide risk and exposure assessment and audit.
Performed quarterly infrastructure audits and penetration testing for mortgage software ASP
Deployed and Maintain firewalls and multi-platform VPNs creating highly available secure network.
Collaborated with IT, development, and MIS to implement companywide security measures and business continuity planning.
ACHIEVEMENTS:
Received IT Innovation Award 2008 from Golder Associates for security led innovative ideas and effective implementation of IT in solving the business problems, leading to reduction of operational cost for the organization.
All India Rank 53 in the Entrance Test conducted by Punjab CET office for admission to B.Tech curriculum.
University Gold Medal during Bachelors of Engineering.
PMP certified project manager with good years of experience in full life cycle development of web and Client/Server applications.
Won Sapient Leadership Awards for Q1, Q2, and Q3 2009-2010.
Won Accenture Industrialization Award for year 2008-2009.
Industry Certifications:
Certified ITIL v3 Foundations, 2011
Certified Six Sigma – Green Belt, 2013
Certified Information Security Manager (CISM)
Certified PRINCE2 Foundation and PRINCE2 Practitioner Certified (PRINCE2), 2011
Certified CISCO CCNA (Routing and Switching certification) Professional, 2013
CISSP - Certified Information Security Systems Professional
CEH – Certified Ethical Hacker
• CIIP – Certified ISO 27001 Implementation Practitioner
• CSTA – Certified Security Testing Associate
• CSTP – Certified Security Testing Professional
• CWSP – Certified Wireless Security Professional
• CFIP – Certified Forensic Investigation Practitioner
• CSIS – Certified Security Incident Specialist
PERSONEL DETAILS:
Father's Name - Mr. S.C.Sharma
Date of Birth - 08/Oct/1981
Sex - Male
Personal E-Mail - ***********@*****.***, ******.*.******@*******.***
Land Phone/CELL - +91-172-*******, 0091 981*******
Passport Number - E1072392