Summary
Overview
Work History
Education
Accomplishments
Certification
Skills
Work Preference
Timeline
Generic
Alan Janson

Alan Janson

Mumbai,Maharashtra

Summary

PROFILE SUMMARY Around 10 years of experience in Information Security.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Security Delivery Associate Manager

Accenture
06.2023 - Current
  • Global financial service company
  • Exposure received in performing Technology Risk Management, Risk Assessments, RCSA
  • Involved in capability development activities such as enablement sessions and other client management activities
  • Performed and managed Technology Risk Management
  • Activities involved performing risk assessments across technology
  • Triage discussion to understand the risk and evaluate the risk acceptance or risk mitigation approaches, finalizing the risk assessment template and seeking relevant approvals
  • Performed and managed periodic Risk Control Self-Assessment (RCSA) for the overall risk which impacts technology function for a global financial service company
  • Activities involved are as follows
  • Validating and freezing the risk applicability for the RCSA
  • Drafting the inherent risk
  • Evaluating the technology owned issues, control register and KRIs
  • Analyzing various enhancements/projects, technology forum updates etc
  • For drafting the control effectiveness, residual risks, and mitigation plans
  • Triaging with the respective stakeholders to validate and freeze the rating and then publishing it to the CITO.

Specialist

LTIMindtree, Formerly Larsen & Toubro Infotech Limited
06.2009 - 05.2021
  • Projects Worked: leading private sector bank in India
  • Exposure received in Azure Cloud Security architecture framework, Azure Security Solutions, SOC Maturity Assessment and Governance Risk Compliance
  • Involved in business development activities such as drafting proposals, taking interviews and other client management activities
  • Leading the TPRM practice within LTI
  • Drafted client deck, Questionnaires, and reports templates
  • Exposure on TPRM tool – Prevalent
  • Designed Cloud Security architecture framework and security solutions as part of a data platform project for a leading private sector bank in India
  • Activity involved understanding the existing cloud environments, security requirements and controls
  • Developed security design principles
  • Integrated with existing security solutions and leveraged Azure cloud native security controls
  • Validated security configuration and controls
  • Performed vulnerability remediation activity
  • Coordinated and managed third party audit performed on the platform
  • Published HLD and LLD documents
  • Performed Security operations center (SOC) Maturity Assessment for a leading private sector bank in India
  • Activity involved validating the SOC CMM requirements basis interview and evidence analysis
  • Published a SOC Maturity Assessment Report.

Manager

Jio Platform Limited
02.2021 - 04.2021
  • Exposure received in Risk Management, Policies and procedures development and management, Risk Assessment Checklist preparation
  • Developed and maintained Risk Register for Jio business such as Telecom, Technical Operations etc
  • Created Audit checklist for Application and Third-Party risk assessment.

Manager

Protiviti
01.2020 - 01.2021
  • Leading stock exchange in India, German telecommunications company, Swedish multinational clothing retail company, Leading Retailer, global service provider and a global payment processor
  • Exposure received in Data Localization (RBI Guidelines), ITGC SAP SOX governance services, PCI DSS audits, SEBI System audits, BCM, Capacity Planning, Quality Assurance Review & Third-Party Vendor Audits
  • Involved in business development activities such as understanding the client's requirements, resource management, drafting proposals, sales pitching, and other client management activities
  • Involved in policies and procedures revision in-lining with ISO 27001 (ISMS), ISO 20000 (ITSM) and ISO 27701 (PIMS)
  • Delivered Data Privacy training to stakeholders
  • Performed system audit as per SEBI approved scope for the leading stock exchanges in India
  • Activity involved auditing the trading application/infrastructure and other related systems as per SEBI Term of Reference (TOR), circulars and additional areas
  • Published a System Audit report (SAR)
  • Involved in ITGC SAP SOX governance services for a German telecommunications company
  • Activity involved assessing current state and identifying relevant processes, documenting the control design, evaluating current processes & controls, designing and implementing solutions for control gaps to meet yearly SOX compliance requirements
  • Executed PCI DSS audits for a Swedish multinational clothing retail company across global stores
  • Activity involved assessing the infrastructure, reviewing the PCI DSS controls and interviewing store personnel
  • Published Report on Compliance (ROC) and Attestation of Compliance (AOC)
  • Performed vendor audits for a global financial services company
  • Activity involved understanding client’s policy and procedures, drafting control testing procedures for the assessment, auditing and report preparation for each IS domain
  • Performed Quality Assurance Review (QAR) for the multiple internal audits for a leading insurance company in Switzerland
  • The scope of work involved reviewing the audit process as per ISACA Information technology assurance framework (ITAF) and International Professional Practices Framework (IPPF) frameworks
  • Performed Data Localization audit as per RBI guidelines for a leading global payment service provider
  • Audit scope involved assessing end to end Indian transaction infrastructure and evaluating the existing controls and processes
  • Published a System Audit Report (SAR)
  • Performed BCM implementation for a leading global service provider
  • Involved in formulating BCM plan, IT DR Plan and IT DR testing runbook
  • Assisted in IT DR test for the critical application with the report
  • Also developed capacity management process and templates
  • Managed and performed multiple vendor risk management assessments for a leading global retailer
  • Activity involved assessing the vendor basis the client’s policy and procedures through ServiceNow portal.

Deputy Manager

Deloitte Touche Tohmatsu India LLP
02.2018 - 01.2020
  • Projects Worked: leading public sector bank in India, global oil & gas Company, leading Swiss multinational investment bank and a global payment processor
  • Exposure received in PCI-DSS Compliance Consulting & Advisory, Vulnerability Management, Process Review, IS audits, Third Party Vendor Audits, MAS TRM Gap Assessment & GDPR Compliance
  • Executed PCI DSS related consulting and advisory for a leading oil and gas company across global market
  • Activities involved assessing of projects from PCI DSS applicability and suggesting them relevant controls
  • This project assessment lifecycle involves Business Impact Analysis (BIA), Legal & Regulatory Assessment (LRA), Data Privacy Impact Assessment (DPIA) and Control Selections in RSA Archer GRC platform
  • Involved in PCI DSS assessment across markets
  • Involved in end-to-end risk assessment for new releases of the mobile applications
  • Also performed vulnerability management for the PCI scoped systems
  • Developed Data Privacy (GDPR) training content for stakeholders
  • Performed IS audits for a leading insurance based client in India
  • This involved assessing the IS controls for their branch offices and datacenter in line with the ISO 27001 standard
  • Performed third party vendor audit for a global payment processor
  • Activity involved assessing the vendor basis the client’s policy and procedures
  • Published Vendor Audit Report
  • Involved in gap assessment of MAS TRM guidelines for a leading Swiss multinational investment bank
  • Activity involved tracking the design effectiveness and operative effectives for the respective controls for the applications
  • Also involved in BOT creation using Automation Anywhere RPA tool for few controls
  • Performed process review for an Indian based Bank for their mobile app
  • This involved understanding various enhancements and assessing them from a security perspective.

Sr. Associate Consultant

Paladion
09.2014 - 02.2018
  • Worked: leading private sector bank in India, leading retailer in India, leading payment gateway in Thailand and a leading utility company in Saudi Arabia
  • Exposure received in PCI-DSS, Merchant Compliance, ISMS Management, Cybersecurity Awareness Framework development, Data Flow Analysis, ISO 27001, Risk Assessment and Policy creation
  • Also worked as a Security Analyst in 24/7 IT Security team
  • Performed troubleshooting of Networks and devices
  • Also involved in Service and Incident /Problem Management
  • Executed Merchant and Service Provider Compliance project for acquiring bank towards PCI DSS standard
  • Project involved understanding of end-to-end transaction flow of Bank’s applications to evaluate the PCI DSS applicability
  • Seek compliance status against VISA International Operating Guidelines /MasterCard/ RBI Guidelines, Policies and Practices
  • Identifying Merchants and Service Provider levels and their environment for PCIDSS Applicability and suggesting them suitable PCI DSS document/ SAQ
  • Reviewed PCI DSS Compliance documentation / evidences provided by merchants to Validate complete transaction process
  • Conduct Con-calls with merchants and service providers to communicate validation requirements
  • Hands-on experience on enhancement and development of PCI DSS portal hosted by Paladion
  • Conducted QA signoffs to multiple PCI DSS engagements like merchants and service providers which involved understanding of PCI DSS requirements, cardholder data flow and controls in place
  • The activity involves evaluating the Report on Compliance (ROC) document, Attestation of Compliance (AOC) and the mapped evidences to verify completeness and accuracy of the observation in alignment with the PCI DSS v3.1 and PCI DSS v3.2
  • Also created policies for services providers
  • Implemented Data Protection Framework and conducted process audit for various business processes for banking industry in India
  • Project Involved in identifying business critical and customer sensitive data in the business processes and sub-processes followed within the Bank
  • The activity involves preparation of Data Flow Diagram, Data Register and Threat Identification
  • Recommendations and follow up on remediation
  • Understanding of ISO 27001:2013 standard and performing ISMS Internal Audit for an insurance Industry in India
  • Audit involved documentation and reporting of non-conformances
  • Provided recommendations for remediation of non-conformances
  • Ensured findings are reported to the Internal Audit Team and that action plans are documented and tracked
  • Involved in implementation of Information and Cybersecurity Awareness framework for a retailer company in Saudi Arabia
  • Activity involved assessing the maturity level, Gap Analysis, Establishing an ICA Framework, Cybersecurity Awareness Plans, Awareness Material Development and Awareness Session
  • Exposure received in Malware Protection System i.e., WEB MPS, Email MPS, File MPS and Mandiant (FireEye), Firewall (Checkpoint and Juniper), Proxy (Cyberoam and ISA Server (Forefront TMG)), Antivirus (Symantec Endpoint Protection), SSL VPN (F5), SMG (Symantec Mail Gateway), IPS (IBM Proventia, Intel McAfee, and HP Tipping point), Load Balancer I.e., Local Traffic Manager and Global Traffic Manager (F5), SFTP server and other security devices
  • Managed network and security devices at Tier 4 Certified Data Center and managed Bank's dealing application setup.

Jr. Analyst Infrastructure Security

Paladion
09.2014 - 08.2015
  • Projects Worked: leading private sector bank and leading Retailer industry in India
  • Worked as a Security Analyst in 24/7 IT Security team
  • Performed troubleshooting of Networks and devices
  • Also involved in Service and Incident /Problem Management
  • Exposure on Malware Protection System i.e., WEB MPS, Email MPS, File MPS and Mandiant (FireEye), Firewall (Checkpoint and Juniper), Proxy (Cyberoam and ISA Server (Forefront TMG)), Antivirus (Symantec Endpoint Protection), SSL VPN (F5), SMG (Symantec Mail Gateway), IPS (IBM Proventia, Intel McAfee, and HP Tipping point), Load Balancer I.e., Local Traffic Manager and Global Traffic Manager (F5), SFTP server and other security devices
  • Managed network and security devices at Tier 4 Certified Data Center and managed Bank's dealing application setup.

Education

Bachelor's Degree - Electronics and Telecommunication Engineering

Don Bosco Institute of Technology

HSC - undefined

NES Ratnam Junior College
2010

SSC - undefined

St Xavier's High School
2008

Accomplishments

  • Experience in conducting IS audits, PCIDSS Compliance & advisory, Information Security Management Systems (ISMS), Business Continuity Management (BCM), Risk Management, Risk Control Self Assessment (RCSA), Data Localization (RBI), Third Party Risk Management (TPRM), Data Privacy, Data Protection Framework implementation, IT General Control (ITGC) SAP SOX governance services, SEBI System audits, ITGC Assessment, Quality Assurance Review (QAR) Review, SOC Maturity Assessment, Vulnerability Management, Process review, GDPR, Network Security and Cybersecurity Awareness framework implementation
  • Experience in designing Azure Cloud Security architecture framework and Azure Security Solutions
  • Expert in troubleshooting of networks and devices
  • Also performed Service and Incident /Problem Management
  • Expert in security device management for Malware Protection System, Firewalls, Intrusion prevention systems, Load Balancers, Proxy, SFTP, Antivirus and Mail gateway
  • Managed and executed projects for client located in Indian and across globe
  • Involved in project management, Interviews, business development and sales activities
  • Certified Information Systems Auditor (CISA) | ISACA
  • Lead Auditor ISO/IEC 27001: 2013 | Exemplar Global, Inc | License CC-17343IS
  • Lead Implementer ISO/IEC 27001: 2013 | NQA Global | License NQA/ISMS/LI/20/01
  • Lead Auditor ISO 22301: 2012 | Exemplar Global, Inc | License CC-17237BC
  • Lead Auditor ISO/IEC 20000-1:2011 | Exemplar Global, Inc | License CC-17231IT
  • Certified Ethical Hacker | EC-Council | License ECC73124074179, ITIL Foundation Certificate in IT Service Management | EXIN | License 5341760.20391344
  • Implementation Workshop on PCI DSS v4.0 | QRC Assurance and Solutions Pvt Ltd | License PCIDSSv4.0/05092022/016
  • Privacy Management Professional | Onetrust | License C6536
  • Third Party Risk Management | SecurityScorecard | License 3rddcedwv5wu
  • CNSS Certified Network Security Specialist | ICSI | License 18212172
  • Lean Six Sigma Yellow Belt Certified | Anexas Europe | License YBDL010220/1531/13
  • CyberArk Certified Trustee | CyberArk | License 315023
  • AWS Security Fundamentals | AWS
  • FireEye Systems Engineer | FireEye | License 259479
  • Check Point Certified Security Administrator | CheckPoint | License CP0000082186
  • Cisco Certified Network Associate (CCNA R & S) | Cisco | License CSCO12726708
  • FireEye Partner Sales Certification| FireEye | License 259479
  • Accredited Configuration Engineer - PAN-OS 7.0 Version | Palo Alto Networks
  • Solarwinds Certified Professional | SolarWinds | License SCP4130
  • TIC CIU Certified Security Associate | Cambridge Intercontinental University| License TCCSecA591845042
  • Cyber Security | DeVry University MOOC | License UC-MB162094
  • Scrum Fundamentals Certified | SCRUMstudy | License 79407
  • SAP01 | SAP | License EC1110511
  • Courses
  • BigID Professional Course | BigID
  • Payment Card Industry Data Security Standard PCI/DSS | Cybrary | License SC-65d131ce-96a019
  • Diploma in Digital Marketing | Shaw Academy
  • Big Data Foundation | IBM
  • CB Protection Administrator | Carbon Black
  • Android Certified Programmer - Industry Integrated Android Programming | Monster India
  • Basic PLC | Siemens
  • ITouch Robotic Arm | Technophilia | License C74E0923
  • Embedded Systems | Vivta Embedded Technology
  • Programming C, C++ & JAVA | CAT Education Pvt Ltd | License CR 779 & CR 782

Certification

Google Cloud Certified - Cloud Digital Leader | Google | License xS6alV Microsoft Certified: Security, Compliance, and Identity Fundamentals | Microsoft | License I305-2202 Microsoft Certified: Azure Fundamentals | Microsoft | License H460-5359 Automation Anywhere Certified Advanced RPA Professional | Automation Anywhere | License AAADVC-21564115 Juniper Networks Certified Associate, Cloud | Juniper | License 337F81QS0FE1Q69N

Skills

  • Compliance with Security Requirements
  • Risk Management Assessments
  • ISO 27001
  • NIST Security Standards
  • Risk Mitigation Plans
  • Security Consultation
  • Data Privacy
  • Risk Identification

Work Preference

Work Type

Full Time

Location Preference

RemoteHybridOn-Site

Important To Me

Work-life balanceWork from home optionFlexible work hoursCompany Culture

Timeline

Security Delivery Associate Manager

Accenture
06.2023 - Current

Manager

Jio Platform Limited
02.2021 - 04.2021

Manager

Protiviti
01.2020 - 01.2021

Deputy Manager

Deloitte Touche Tohmatsu India LLP
02.2018 - 01.2020

Sr. Associate Consultant

Paladion
09.2014 - 02.2018

Jr. Analyst Infrastructure Security

Paladion
09.2014 - 08.2015

Specialist

LTIMindtree, Formerly Larsen & Toubro Infotech Limited
06.2009 - 05.2021

Bachelor's Degree - Electronics and Telecommunication Engineering

Don Bosco Institute of Technology

HSC - undefined

NES Ratnam Junior College

SSC - undefined

St Xavier's High School

Similar Profiles

CREATE PROFILE
Alan Janson