Anirban Ghosh
Bangalore
Summary
Information Security Professional with over 15+ years of professional experience and proven ability to manage and assist in the implementation of enterprise-level projects including Information Security Strategy Design, Security Process Framework and Policies Development based on ISO 27001,NIST 800- 53 R4, Information Security Awareness Programs, Information Security Governance & Risk Management, Server Health Check, Patch Management, Identity Management and Entitlement Review Management, Security Audit, Control Effectiveness, ISO22301, ITIL frameworks, Firewalls, DLP, NAC, IDS/ IPS, IdAM, SIEM, Endpoint Protection, Anti-malware, Vulnerability management
Collaborative leader partners with coworkers to promote engaged, empowering work culture. Documented strengths in building and maintaining relationships with diverse range of stakeholders in dynamic, fast-paced settings.
Overview
15
15
years of professional experience
1
1
Certified Information Security Manager (CISM)
2
2
Certified Information System Security Professional (CISSP)
3
3
ISO 27001 LA
4
4
ITIL V3 2011
Work History
Manager
PWC
11.2021 - Current
- Worked on TPRM Audit examining design and effectiveness of controls.
- CCPA, CCA and DPA reviews, resource allocation and management, maintaining Utilization for the entire team, Coach the required employee, interview of a resources and Managing the entire project from POC to sign off for client and/or delivery partners.
- Third party Risk management, Vendor Risk management, Risk Management, Data Security, GRC, Vulnerability Management, Compliance with PCI-DSS.
- Managing a team of 20 members and performing project management activities related to client engagements by:
- Managing client relationships, handling escalations and reviewing the work of subordinates.
- Presentation of dashboard in front of clients during status calls.
- Managing the team and owning project deliverables.
- Providing guidance and sharing knowledge with team members.
- Suggesting to clients any areas of improvement in their Third Party Risk Management process.
- Assisting clients from industries like pharmaceutical, retail, banking and insurance in their Third Party Risk Management process by:
- Performing stratification of risk profile of their vendors by determining the inherent risk & analyzing the impact of the services they offer.
- Assessing the vendors through Vendor Assessment Questionnaire (VAQ) based on ISO 27001/ NIST framework, Standard Information Gathering (SIG) Questionnaire, Business Continuity/ Disaster Recovery Plan, Security Policy and various organization policies.
- Reviewing SSAE16 reports of the vendors.
- Creating detailed risk assessment reports based on the testing of controls of vendors which explain identified risks, describe potential business impact and prioritized recommendations for remediation.
- Following-up with the vendors on the identified gaps until those are closed.
Assistant Manager
[24]7.ai
01.2020 - 10.2021
- Worked on audit, GRC related team projects and initiatives as assigned by Global CISO.
- Contract review (Legal and Operational), Annual Training planning and launching for all employees in org globally, Risk Exception, Umbrella Exception and Maintain risk register.
- Third party Risk management, Vendor Risk management, Risk Management, Data Security, GRC, Vulnerability Management.
Lead
Wipro Technologies
12.2017 - 12.2019
- Leading CRRP (Cyber Resilience Readiness Program) to Perform control effectiveness assessment for cybersecurity and telecom security controls as per NIST.SP.800-53Ar4, NIST_CSF_Assessment, NCA as per Saudi Regulatory and Guidelines.
Information Security Delivery Specialist
IBM India
04.2011 - 12.2017
- Implementation/Redrafting of ISMS, IT Security Policy and Procedures and mapping it to ISO 27001:2013 (people, process and technology).
- Understanding the network architecture for both DR and DC and recommendation.
- Asset management, asset classification based on the calculation of asset value.
- Identity & Access Life Cycle Management.
- Entitlement review/Recertification/ID Re-conciliation: Periodic audit, recertification & sponsorship of accounts/access to maintain/revoke access in order to meet business/audit requirements.
- Customizing policies for the client as per tech specs in IEM.
- Layered approach for process implementation.
- Creating Risk Register, Risk control matrix (RCM) and discussing the same with the higher management for approval.
- Delivering Training and awareness organization wide.
- Designing the information security questionnaire and the training document.
- Server Health Checking and Patch management.
Service Technician
Goyal Info Tech Pvt Ltd
07.2004 - 09.2006
- Handle software/hardware installation, configuration & troubleshooting.
- Handle sale of computers and peripherals.
- Configuration of switches, routers, hub and other devices.
Education
B.Tech - Mechanical
IACR Engineering College
01.2010
Skills
- ISO 27001
- GRC
- Audit & Compliance
- Enterprise Compliance Management
- Vendor Risk Assessments
- Vulnerability Management
- NCA and CITC Regulatory Compliance
- Legal and Operation Contract Review
- Control Effectiveness for Applications, Network, Process, System and Operations
- Leadership development
- Operations management
- Strategies and goals
- Vendor relationship management
- Employee development
- Coaching and mentoring
- Decision-making
- Issues resolution
- Project management
- Team collaboration
- Program management
- Staff development
- Team building
- Project coordination
- Team management
- Goal setting
- Resource allocation
- Strategic planning
- Corporate communications
- Hiring and retention
- Performance management
- Cross-functional team leadership
- Process improvement
- People management
Certification
- Certified Information Security Manager (CISM)
- ITIL V3 2011
- Certified Information System Security Professional (CISSP)
- ISO 27001 LA
- Lean/Six Sigma training DMAIC and DMADV methodology
Regulations
- Monetary Authority of Singapore
- Gramm-Leach-Bliley Act (GLBA)
- Communications and Information Technology Commission (CITC)
- California Consumer Privacy Act (CCPA)
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- NIST CSF
- NIST SP-800 53
- CIS Controls
Frameworks Worked
- NIST
- PCI-DSS
- ISO 27001
- Center for Internet Security (CIS)
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Work Preference
Work Type
Full TimeImportant To Me
Career advancementWork-life balanceCompany CultureFlexible work hoursPersonal development programsHealthcare benefitsWork from home optionPaid time offPaid sick leaveTimeline
Manager
PWC
11.2021 - Current
Assistant Manager
[24]7.ai
01.2020 - 10.2021
Lead
Wipro Technologies
12.2017 - 12.2019
Information Security Delivery Specialist
IBM India
04.2011 - 12.2017
Service Technician
Goyal Info Tech Pvt Ltd
07.2004 - 09.2006
B.Tech - Mechanical
IACR Engineering College
Similar Profiles
Nawaaz Khan M SNawaaz Khan M S
Senior Associate at PwCSenior Associate at PwC
Anaïs VASRAMAnaïs VASRAM
Auditrice financière at PwCAuditrice financière at PwC
Prerna SoniPrerna Soni
Risk Consultant at PwCRisk Consultant at PwC
Darren TaitDarren Tait
Senior Associate 2 Team Lead FSCS Contract at PWCSenior Associate 2 Team Lead FSCS Contract at PWC
NAINIKA NAGIRIMADUGUNAINIKA NAGIRIMADUGU
Sr. Strategic Plan Specialist at Honeywell Technology SolutionsSr. Strategic Plan Specialist at Honeywell Technology Solutions