SUMMARY

➢ Skilled Information Security Assessor/Auditor and Analyst with working experience of 4.4 years
➢ Expertise in auditing facilities as per the compliance standards i.e. PCIDSS/SOX/ISO27001:2013/HIPAA and GDPR.
➢ Implemented PCI-DSS controls for business processes Expedia & Hire right to strengthen the
protection of CHD.
➢ Conducted Assessments to comply with PCI-DSS standards and Audited the facilities as per ISO
27001-2013 Standards.
➢ Conducted HIPAA Readiness Assessments
➢ Expertise in reviewing the information security and related risks, threats and vulnerabilities, legal
and regulatory and Payment Card Industry (PCI) compliance.
➢ Expertise in reviewing the CDE Systems Service Provider Management
➢ Good in Conducting vendor risk assessments/Third party risk assessment to identify, assess,
measure, and monitor information security risks in CDE for the services provided by third parties
➢ Support maintenance and development of the PCI Control Framework and related processes and
procedures
➢ Expertise in deploying policies in DLP, DLP monitoring, Analyzing and investigating DLP incidents
➢ Expertise in Third party Risk management, Incident management and vulnerability management.
➢ Expertise in auditing facilities as per the compliance standards i.e. PCI-DSS/SOX/ISO27001:2013.
➢ Very well efficient in monitoring security tools like Palo Alto firewall, web sense triton, Nexpose
Scanner, CISCO Content Security Management Virtual Appliance
➢ Expertise in Malware analysis/Reverse Engineering and pen testing.
➢ Knowledge on cloud Audit i.e. Microsoft Azure.
➢ Have hands on experience on cuckoo sandbox and pestudio Malware Initial Assessment tools
➢ Good in reviewing, examining, analyzing and preparing Threat risk Analysis (TRA) for latest
published vulnerabilities, zero-day threats, IT advisories, Cyber threats, KPI’s published in
various journals and security magazine’s
➢ Studying new developments in IT security to recommend, develop and implement new security
policies standards/controls, procedures across a major global enterprise.
➢ Conducting Training for all user’s in information security awareness

Core qualifications
➢ Risk assessments
➢ Incident Management
➢ Analysis and reporting
➢ Information gathering
➢ Team coordination and Team player mentality
➢ Meticulous attention to detail

Skills and tools
➢ Worked in Security operation Centre (Information security analyst)
➢ Good Knowledge on Analysis/Dashboard Tools and UI
➢ Working experience on different frameworks like ISO 27001:2013/PCIDSS/HIPAA/GDPR/NIST/CIS controls

WORK EXPERIENCE

➢ Working as a Lead Solution Advisor in Deloitte USI.

Project Name: Jefferson
Client: Thomas Jefferson University
Duration: 10th December 2018 – till date.
Role Played: Compliance Analyst
Environment: PCI-DSS and HIPAA

Job Responsibility-
• Developed a PCI reference architecture and Conducted readiness assessments for Payment Card
Industry Data Security Standard (PCI DSS)
• Performed PCI scope discovery and developed data flow diagrams for different payment
processes
• Created a PCI remediation roadmap and helped with remediation activities such as developing
policies and procedures, training program, business process standardization and consolidation
opportunities, scope reduction opportunities, service provider management program etc.
• Coordinated the PCI remediation activities with different client stakeholders
• Developed a PCI governance and sustainability program
• Performed validation for PCI controls and identified gaps
• Created a PCI roadmap for future compliance and sustenance
• Conducted assessments against healthcare specific regulatory and standard requirements such
as Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology
for Economic and Clinical Health (HITECH) Act and Health Information Trust Alliance (HITRUST)
Common Security framework (CSF) using Deloitte’s Healthcare toolkit, National Institute of
Standards and Technology (NIST) Special Publication 800-53 and NIST Cyber Security Framework
(NIST CSF)
Worked as a Senior Project Engineer in Wipro Limited

Project Name: Shell DS operations
Client: Shell
Duration: 29th November 2017 – till date.
Role Played: Compliance Analyst
Environment: PCI-DSS and IRM
Job Responsibility-
● Ensuring the Retail Class of Business is aware of the risks in terms of Confidentiality, Integrity,
Availability, Legal &Regulatory and PCI DSS compliance and ensure appropriate and enough
security controls are in place and tested to maintain a secure security posture in the
organization.
● Ensuring and supporting the PCI Attestations of Compliance (AoC’s) and Reports on Compliance
(RoC’s) are created and reviewed where relevant. It includes supporting Market Self-Assessment
Questionnaires and external assessments.
● Cyclic procedure of Gap Risk assessments, mitigations and Reporting on PCI DSS compliance.
● Ensuring all risk recommendations are properly followed-up and has action plans in the
enterprise risk management tool
● Keeping Shell management updated on the status of Vendor risk assessments, treatment and
closure
● Engaged in Evidences gathering process from Control Executors, validating them briefly and
reporting Gaps if any, identified to relevant authorities and consult preventive and corrective
measures and closures.
● Preparation of Standard procedure documents for operating controls
● Coordinate with various vendor managers on regular basis, weekly/bi weekly meetings, provide
monthly reports and ensure compliance.
● Ensure controls are operated as per the deadlines & operating frequency.
● Providing Monthly Compliance Assurance status for Internal and External Customers.
● working with external QSA and ISA for PCI-DSS Assessments to comply 3.2.1

➢ Worked as Lead in Info sec for Aegis limited (An ESSAR group)
Project Name: Aegis
Client: Aegis Limited
Duration: 8th AUGUST 2016 – 10 November 2017
Role Played: Leading team and Auditing
Environment: Info Sec
Job Responsibility-
● Part of Implementation of PCI-DSS controls for business processes Expedia & Hire right to
strengthen the protection of CHD
● Responsible for making sure all the controls are in place which complies for ISO 27001:2013,
PCI-DSS and SOX compliance.
● Conducted internal audits across all the facilities of organization Aegis.
● Worked closely in developing the specific data for ISO 27001, PCI-DSS audits in payroll, human
resources and with all departmental managers.
● Closely worked with external QSA for PCI-DSS certification Audit 3.2 and ISO 27001:2013
renewal audits.
● Implemented DLP solution to protect the data at motion i.e. CISCO Content Security
Management Virtual Appliance (Version: 10.1.0-052)
● Deployed customized policies as per the client requirements.
● Preventing Data loss and Data leakage of organization by implementing enough controls
● Monitoring Active Directory activities through an appliance manage Engine AD Audit plus.
● Preparing Monthly metrics/Dash boards to present to CIO and other stake holders.

 Worked as an Associate consultant for Bristlecone limited (Mahindra group).
Project Name: PMC
Client: PMC-Sierra (which is now Microsemi)
Duration: April 2015 – 15 July 2016
Role Played: Analyst and monitoring.
Environment: Information security.

Job ResponsibilitySOC Analyst April 2015 – July 2016
● Handling day to day task such as monitoring and analyzing the logs in PALO ALTO UTM,
Trend micro Office scan, IDS/IPS logs
● Worked on a tool Pestudio to perform static malware analysis and malware initial
assessments
● Taking care of vulnerability management of an organization
● Implement and manage a security incident management process according to the Security
Policy.
● Generated and worked on reports in Nexpose Scanner and Palo Alto daily bot net reports,
vulnerability remediation reports.
● Conducted risk analysis in accordance with TCP/IP protocols
● Checked for un-authorized access.
● Analyzing security incidents and liaising with customers on security instructions.
● Determining security alarms and preventing and controlling network intrusion
● Work experience in creating weekly and monthly excel report.
Good knowledge in service-now ticketing tool

EDUCATIONAL QUALIFICATION
Done Bachelor of Engineering in Electrical and electronics in 2012.