Security Auditor Information
Resume:
MILIND TRIVEDI
Contact: +91-987-***-**** E-Mail: ********.**@*****.*** Location: Mumbai, India
LinkedIn: https://www.linkedin.com/in/milind-trivedi-9852b92 Creative & result driven information security professional with more than 15 years of progressive experience covering wide spectrum of domains that includes Technology Risk Management, Managing IT Audits, Application Security, Governance Risk & Compliance, Data Privacy, Cloud Security & best practices, ISO 27001, PCI-DSS & NIST framework controls and Infrastructure Security. Committed to driving security culture and enhancing customer experience by establishing focused on growth, performance and productivity.
~Areas of Expertise~
Infrastructure Security GAP Analysis Audit Reporting Disaster Recovery Planning Risk Framework Strategic Planning Risk Management Governance Risk & Compliance Team Management Delivery Management Cloud Application Security Budgeting and Cost control
C E R T I F I C A T I O N S
Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Chief Information Security Officer (C CISO)
ISO 27001 Lead Auditor
PCI-DSS Implementation
CyberArk Sentry Administrator
Cisco Certified Network Professional ( CCNP : Routing & Switching)
Microsoft Azure Cloud Fundamentals (AZ-900)
ITIL Service Intermediate
Microsoft Security Administrator
Six Sigma Green Belt
P R O F E S S I O N A L B A C K G R O U N D
Wipro Limited – Principal Consultant Aug 2019- Present As Security Auditor
Lead team of 7 professionals in various IT Audit engagements of clients ranging from BFSI, Manufacture, FMCG, Energy and Telecom domain sectors.
Managed Audit engagements economics to ensure maximum staff efficiency; helped to obtain 80% realization rates for audits.
Ensuring regulatory compliance for the clients and taking risk-based approach for providing solution.
Administrating ISO 27001 & NIST controls, PCI-DSS controls implementations, COBIT framework planning and testing IT general controls to meet several regulatory compliance.
Lead IT Audits such are: Risk and control self-assessment (RCSA), IT general controls (ITGC), Infrastructure Audits, Access Management Audits, Vulnerability Mitigation Audits, Process Audits across the years for clients.
Involved in complete Audit life cycle – Planning to Reporting, Team development and evaluation.
Consulting business & IT senior management for ongoing & emerging technology risk, control & governance. As Security Manager
Provided consultation to drive implementation of information security, Risk Management & Strategic plans for sustainable execution across APAC region clients.
Managed Security Portfolio of 5 clients with annual business revenue in seven figures for each of the client.
Managed and Oversee various security solutions support such are – Privileged Access Monitoring ( PAM), Data Security ( DLP, Antivirus, Email Gateway), Perimeter Security ( Firewalls, WAF), SOC Management (ArcSight) & VAPT closures
Successfully mitigated 1000+ vulnerabilities in a calendar year for clients to enhance security posture.
Performed fine-tuning of Policies, Rules in security solutions and developed use-cases to cater latest threats and boost security coverage.
Executed regular reviews of change requests in Change Advisory Board (CAB) and assuring change implementations were aligned with the Organization’s policy and standards.
Led RFP proposal for Vendors, prepared security budgets and doing proof-of-concept (POC) for the security solutions. TATA Communications Limited - Information Security Manager Jun 2019- Aug 2019
• Part of Audit and Risk consulting team to provide drive compliance for the customer.
• Work in offshore team for various customer on Risk Consulting. Larsen & Toubro Defense - Information Security Manager Feb 2018- May 2019
Established project governance model by developing project charter, communication plan, project plan, risk management strategy and KPI reporting mechanism for management.
Remediation of 500 + vulnerabilities reported in VA report such are – Insure database configuration, missing security patches, unauthorized changes, misconfiguration privileges, weak passwords and other vulnerabilities.
Reduced Vulnerabilities in security device by improving device configurations (Hardening documents & best practice) by 60% and enhance process of performing changes.
Performed IT audit as a member of Internal Audit team for the inter-department security area and preparing audit reports.
Successfully delivered security API integration projects with the Indian Navy systems ‘IT environment with the stipulated time and within allocated budget.
Partnered with Enterprise Architecture (EA) teams for buy-in risk mitigation and implement several best practices. National Stock Exchange of India Ltd - Information Security Lead June 2007- Jan 2018
Worked with senior business management and group CISO teams in the development & implementations of BFSI enterprise –wide security infrastructure, improvement of vulnerability assessment remediation program.
Developed business continuity plans and participated in DR drills to ensure regulatory requirements & business requirements are met and activity concluded as per the defined TAT.
Led 24*7 SOC & Security Device Management’s operational activity with team of 35 resources along with WAF, Brand monitoring, social media accounts & DDoS monitoring.
Created information Security Policies, Standard of Procedures (SOPs), Incidents Response templates, Customized CISO & business dashboards, Baseline documents for the information security.
Acted as SPOC for the external regulatory Audits and managed all Audit requirements in terms of data gathering and verification before submitting further.
Collaborated with line of business program teams with a holistic approach for data protections (Risk register, Risk Classifications) and periodically review the risks accepted by the departments.
Executed Security Awareness trainings to new joiners of the organizations as part of security compliance and designed customized security quiz for various departmental stakeholders to boost security campaign across organization.
Managed Datacenter operations including monitoring and configuring Network switches and routers to ensure seamless connectivity for regional offices.
A C A D E M I C C R E D E N T I A L S
Bachelor of Engineering (Computer), Dharmsinh Desai University, India (2003 - 2007)
Master of Business Administration in Finance from ICFAI University, India (2009- 2011)
Contact this candidate