Chetan Kumar

• To facilitate multisite enterprise ISMS implementation based on ISO 27001:2022 standards
• Independently handled Internal Audits and Certification Audits
• Involved in Threat Assessment as a part of Risk Assessment across various departments based
• Tracking Governance and Compliance standards towards ISO 27001
• Maintaining Risk Register and tracking of technical issues pertaining to ISMS alignment.
• Performed Test of Design(TOD) and Test of operating effectiveness (TOE) during ISO 27001:2022 transition.
• Working with ISO 27001 standards in implementation of Physical, People, Organizational and Technical controls
• Lead operations for the security set-up framework for the organization
• Defining appropriate risk levels and taking corrective actions as part of Governance, Risk and Compliance team
• Sound knowledge on global laws and regulations like GDPR, HIPPA, CCPA, GLBA, PCI DSS and SOX compliance
• Ensuring and Implementing controls to eliminate incidents in future using periodic GAP Analysis and needed closure with various stakeholders
• Working with security related technologies like IdAM, Encryption, DLP, Antivirus, Firewalls, Solunk, Fusion, Phantom, GRC Archer, BMC Remedy, BMC Discovery, vulnerability assessment.
• Auditing significant documents, schedules, case studies and investigation reports for detailed analysis for formulating effective and robust mitigation plans
• Facilitating IT audit towards ITGC controls and continuously reviewing it for improving effectiveness
• Conducting Audits, LOD1 twice a year and LOD2 once in a year as part of Internal and External Information Security audit management and support
• Knowledge on industry standards such as SOC1, SOC2
• Managed third party risk management (TPRM) for vendors and onboard them as per risk tolerance
• Worked on Business Continuity Plan and Disaster Recovery Plan in line with ISO 22301 - BCMS
• Understanding of Business Impact Analysis, System Impact Analysis, RTO, RPO, MTO, MTTF, MTTR, MTBF in deriving BCP and DRP plans
• Development of training program on InfoSec for newly joined Employees and Third party vendors

• To implement information security management system according to ISO 27001-2013 standard

• To perform Information Security Risk Assessment based on ISO 27005-2018 standard and develop Risk treatment

plan for identified risks. Maintain Information Security Risk inventory

• To develop and implement ISM policies and Standard Operating Procedure (SOP)

• Being part of internal audit team to perform internal audit as per calendar.

• Periodic evidences review and gap assessment based on defined Standard Operating Procedure (SOP)

• To implement of Business Continuity Management System and related activities (BIA,BRP,BCP testing

etc.)

• To develop and conduct information security and business continuity awareness program

• To develop and implement Third Party Risk Management (TPRM) process and assessing risks related to service

providers and it’s a monitoring