Information Security Management
Resume:
Curriculum Vitae
Name: Chinmay Saraswat
Gender: Male
Marital Status: Single
Nationality: Indian
Contact No.: +63-956******* (Philippines) / +917********* (India) Email: adlgxf@r.postjobfree.com
Summary (Highlight of hard/soft skills and major achievements)
Nearly 9+ years of industry experience of auditing and consulting in the field of Information Security
& IT Disaster Recovery, IT Risk Management, Information Security and IT Operations Audit, Third Party Information Security Audits, and Physical Security
Experience in gap assessment and documentation as per the requirements of Cyber Security Guidelines, Data Privacy Act of Philippines and PCI DSS v3.1
Experience in managing Information Security projects and programs for different domains includes Corporate and Housing Finance, Banking, Insurance, Research & Development, Telecommunications, Data Centers (Government and Private), IT Companies and others.
Conducted Information Security related audit as a part of audit team as well as a Lead Auditor.
Faced External Information Security Certification and Clients audit as an Information Security Team Lead/ Specialist
Prior to ECCI, worked as a Senior Consultant with Paladion Networks India under Consulting function, focusing on multiple ISMS (Information Security Management System) projects, internal audits and risk assessment engagements.
Worked as an Associate Consultant with Mitkat Advisory Services (India) performing critical activities of reviewing, planning and implementing Business Continuity Plans, Information Security and Service Management Design and Implementations
Also worked as a Technical Consultant with WebTek Labs Pvt. Ltd. (India) as a Technical Trainer where I used to deliver trainings to corporates and educational institutes on IBM RAD, IBM WID and IBM RFT, also implemented company wide Information Security Management System
An agile and a very engaging person as a professional due to exposure in multiple working culture and clients.
Educational Background
School/Location Degree/Diploma Period
Post-Graduation:
Symbiosis Centre of Information Technology, Pune
Post Graduate Diploma in
Information Technology and
Business Management
(PGDITBM)
2014 - 2015
Graduate School:
Jaipur Engineering College and Research Centre,
Rajasthan Technical University
B.Tech. (IT) 2006 - 2010
Higher Secondary School:
A.M.I. Shishu Mandir, Gwalior, Madhya Pradesh
Certificate (Mathematics and
Science Stream)
2004 - 2005
Personal Details
Curriculum Vitae
Professional Experience
Company Country Position Start/End Date
ECC International Philippines Philippines Senior Process Consultant November 2018- Present Paladion Networks Pvt. Ltd. India Senior Consultant March 2017 - November
2018
Mitkat Advisory Services Pvt.
Ltd.
India Associate Consultant January 2015 – March 2017 WebTek Labs Pvt. Ltd. India Technical Consultant July 2010 – May 2013 Professional Qualifications
Lead Implementer Asset Management- Management System- LI AS-MS ISO 55001
Lead Auditor Information Security Management System – ISMS (ISO/IEC 27001:2013)
Lead Auditor Information Technology Service Management System –ITSMS (ISO/IEC 20000-1:2011)
Lead Implementer Business Continuity Management System – BCMS (ISO/IEC 22301:2012)
Lead Auditor Business Continuity Management System – BCMS (ISO/IEC 22301:2012)
IBM Certified Technical Trainer on IBM RAD, IBM RFT and IBM WID Core Competencies
Design, Implementation, Auditing and
Sustenance of ISO 27001:2013 (ISMS)
framework
Design, Implementation, Auditing and
Sustenance of ISO 22301:2012 (BCMS)
framework
Information Security Risk Assessment
Vendor Information security Audits
Business Continuity plans, testing and exercising
IT Disaster Recovery Plan and Implementation
Project Management
Integrated ISMS-PCI approach
End to End PCI DSS 3.1 Framework Design and
Implementation
Training and Awareness sessions
Asset Management Lifecycle
Information Security Audits
Trainings Facilitated
ISO 22301 Business Continuity Management System
(BCMS)
Information Security Audit
ISO 27001 Information Security Management System
(ISMS)
Cyber Security Fundamentals
IT Security Control (ITGC) Understandings Information Security Roles and Responsibilities IT Disaster Recovery Practitioner ISMS Practitioner Training Curriculum Vitae
Projects Executed
Project Title Role
Time Period Description of project and contribution ISMS Design and
Implementation
(Based on ISO
27001)
Team Lead /
Senior
Consultant
2011 -
Ongoing
Perform Gap Analysis and Prepare Project Plans
Understand regulatory and compliance requirements and ensure company Information Security Framework align with those requirements
Design and documentation of Information Asset register and classification of assets based on criticality
Risk Assessment Framework Preparation for Information Security related risks
Documentation of Information Security Manual, related Plans, Policy and Procedures, templates etc.
Assist in Information security related tests and exercises
Assist and Coordinate in Information Security Incident response
Provide Information security related Awareness trainings
Assist/ Face External audits and ensure closure of findings
Present the Information Security Controls performance and progress report along with areas of improvement during Review meetings
Third party audits
(Information
Security)
Lead Auditor/
Auditor
2012-
ongoing
Formulation of checklist based on the requirements of ISO 27001 and Organization Vendor governance framework
Conduct the ISMS Audit of Vendors/ Suppliers
Finalize audit report and discuss the findings with Vendors/ Suppliers
Ensure the closure of findings with appropriate controls Internal Audits
(ISO 27001,
ITGC and
Regulatory
requirements)
Lead Auditor/
Auditor
2012-
ongoing
Review of policies and procedures developed against the requirements of standards and guidelines (ISO 27001, ITGC, Regulatory requirements)
Check the implementation and effectiveness of controls
Identify the gaps/ improvements areas in the existing framework
Preparing the reports and present to the management during
Assist in implementation of Corrective actions
Risk
Management
(Information
Security)
Project Lead
/ Consultant
2012-
ongoing
Perform risk assessments and identify the critical risk areas
Suggest the controls to minimize the risk
Present the result of Risk Assessment to relevant stakeholders
Ensure Risk Treatment plans are properly implemented
Review and monitoring of the risk treatment plan and implemented controls
Curriculum Vitae
Projects Executed
Project Title Role
Time Period Description of project and contribution IT Disaster
Recovery
Project Lead
/ Consultant/
Senior
Consultant
2011 -
Ongoing
Understand IT Infrastructure, Network Architecture and provide recommendations
Conduct Application BIA to identify the criticalities and recovery timelines
Assist in documenting IT DR plan, IT recovery strategies with appropriate roles and responsibilities
Assist in the testing of IT DR and document test results for review by CTO/ CIO/ CISO
Conduct Audits of IT Infrastructure, Applications and provide recommendations for findings closure
Other Relevant Projects
Project Title Role
Time Period
Description of project and contribution
Cyber Security
Framework
establishment
Cyber
Security
Team Lead
2017-2018
Perform gap assessment against the Guidelines of Cyber Security
Update/ Create the policies, procedures, plans, guidelines in accordance with the gap assessment report
Implement and maintain Information Security and Cyber Security Compliance
Training and awareness to the end users and management on cybersecurity framework
Present the progress to the top management during review meetings
Support during external compliance and regulatory audits PCI DSS Ver. 3.1
Design and
Implementation
Senior
Consultant
2016-2018
Perform assessment and controls review of infrastructure systems, network and security devices and Application Controls.
Create/ Update policies, procedures and other documents to comply with the requirements of PCI 3.1
Ensure that IT operations and infra team can properly understand the control requirements
Support relevant teams in implementation of PCI related controls
Coordinate for relevant test and exercises
Preparation of PCI performance reports and present to the management
Face PCI related Certification Audit
Suggest/ Assist in the closure of findings
Curriculum Vitae
Application Audit
Lead Auditor
(Audit Team)
2016-2020
Create checklist based on ITGC controls and regulatory requirements
Prepare Application Audit plan and conduct auditing
Review the application related documents and implemented controls (From Security and Operations perspective)
Identify findings/ improvement areas
Present the findings to the top management
Coordinate/ Assist in corrective action and closure of findings Data Privacy Act
of Philippines
Senior
Consultant
2019
Gap Assessment against the requirements of Philippines Data Privacy Act of 2012 (Republic Act 10173)
Present the gaps to the management
Assist in implementing the security controls to meet the Data Privacy Act requirements
Business
Continuity
Framework
(Design and
Implementation)
Team Lead /
Senior
Consultant
2017-2020
Assist in building Business Continuity Framework as per the requirements of ISO 22301
Documentation of Business Continuity Manual, related Plans, Policy and Procedures, templates etc.
Assist in Business Continuity related tests and exercises
Conducting Process BIA’s and Operational Risk Assessments
Assist and Coordinate in Business Continuity Incident response
Provide Business Continuity related Awareness trainings
Assist in External audits and closure of findings
Contact this candidate