GANESH DAS
Summary
The Business Information Security Office (BISO) is responsible across the organization to coordinate initiatives and deliver guidance to the businesses and business partner groups on matters relating to information Security, Cyber Security, Data Protection, Data Privacy, Business Continuity and Record Management. Serve as an Operation Risk Manager of the Platforms Technology Risk and Control team, supporting a range of initiatives to enhance the control design and implementation across platforms Asset and Inventory Management, Obsolescence, Security and Configuration Management, Access Management, Vulnerability, Change management, Information security professional with rich experience in spearheading TISO, Application Security and L3 Messaging Support and program site (office and distribution set-up/warehouse); setting up required IT Security Expert in leading all projects through aggressive Information Security governance processes; developing relationships with business stakeholders and leadership teams across geographies and departments Pivotal in leading, mentoring & monitoring the performance of the team members to ensure efficiency in process operations and meeting of individual & group targets Develop, implement, and maintain an enterprise-wide information security strategy, also align security initiatives with organizational goals and objectives
Overview
19
19
years of professional experience
1
1
Certification
Work History
Senior Vice President
Bank of NewYork (BNY) International Operations (India) Pvt. Ltd
Chennai
08.2019 - Current
- Ensures internal controls related to information risks and security management are sound and effective
- Incumbents demonstrate a breadth of knowledge of information security management best practices and a thorough understanding of control and risk management concepts
- Cybersecurity is top priority for both technology and business. Liaise with information security division and corporate BISO Team to manage effectively
- Recognized as the Risk and Compliance information security point of contact and subject matter expert within the assigned business/business partner area
- Leverages information security control technique to achieve organizational goals and business objective
- Contributes to reducing the likelihood of reputational and regulatory impact due to non-compliance with the Banks information security management policies, procedures, guidelines, and standards, including local procedure specific to assigned risk and compliance areas
- At necessary, partners with business continuity coordinators to develop disaster test scenarios and methods for managing the risks
- Record Management coordinator point of contact ensuring to meet the organization policies, legal, regulatory requirement
- Recognized Point of contact as privacy steward and privacy champion to assess personal information in order to meet the polices and regulatory requirement.
Senior Risk Manager
Standard Chartered Global Business Services Private Limited
Chennai
09.2017 - 07.2019
- Design and Implement assessment programs to monitor the Technology Risk posture for the Platforms Infrastructure business; embedding governance and oversight to provide management with transparency over what these risks are and how these can be managed
- Risk assessment of technology Controls and processes in the bank by the internal review of high level policy documents, review of technology processes and design controls to find out the gaps
- Governance of business continuity plans of technology, review of DR strategy and DR testing plans for all business-critical applications.
- Periodically monitor KRIs, KCIs and ensure that the risk levels are in line with the risk appetite defined by the senior management, to further improve the technology line landscape.
- Collaborate in the development of a risk awareness program, and conduct training to ensure that stakeholders understand risk and to promote a risk-aware culture
- Understanding the information systems architecture (e.g platforms, networks, applications & databases) and do the period review of KCIs, KRIs and make sure effectively monitoring and communication of risk to senior management
- A holistic and proactive approach to managing the risks from current to desired organization state and continuous improvement and promote a risk aware business decision and value delivery
- Support delivery of all risk forums within the Domain(s) operates within the approved Terms of Reference (ToR), including membership, agenda, and frequency.
- Design, participate in, or provide SME support for programs to improve or remediate the technology control environment across Platforms Infrastructure
- Implement effective and efficient controls to minimize / mitigate operational impact – includes risk and controls – identification/ design, testing, reporting and monitoring
- Ensure proper management of risk and timely resolution of issues Internal and external audits
Team Manager
DBOI Global Services Pvt. Ltd.
Bangalore
08.2009 - 09.2017
- Data Quality & configuration governance tasks in IT Asset Repository. This is Bank's Golden Source for all application core details, configuration management database (CMDB) for IT Asset data
- To ensure appropriate documentation of information security risk management in their area of responsibility. This includes major decisions, identified and assessed risks as well as risk mitigation measures
- To ensure implementation of controls for identified information security risks in their infrastructures. If this is not possible or not desired, ensure that an appropriate dispensation to accept the residual risk identified due to the lack of controls is obtained via the Risk Acceptance Process as described in the DB Group Operational Risk Acceptance Policy; involving in BCM/DR planning from application Security point of view
- The ITAO frequently works in close collaboration in a consulting/advisory capacity with a number of other roles across the organization
- Responsible for Risk Analysis and Compliance Evaluation Certification, Audit Facilitation, NAR Data Quality Remediation & Technology Roadmap Compliance
- To manage and maintain the instance; ensuring compliance with applicable IT policies & procedures with specific consideration to IT Management and IS policies
- Responsible to work in collaboration with Production where instance expertise is required, including the provision of expert level / L3 production support services
- To implement a monitoring system to publish application related user events to a real-time monitoring tool
- To ensure compliance of the application in terms of management of risks & controls
- To remediate IT security gaps that occur in the application production environment
- Monitor security threats and vulnerabilities, and coordinate the remediation efforts.
- Accountable and support for Application Penetration and Internal Vulnerability Test
Sr. System Analyst
Foster Wheeler India Pvt. Ltd.
Chennai
03.2009 - 08.2009
- Conduct Risk assessment reviews, which involve analyzing risks as well as identifying, describing and estimating the operational risks affecting the business. Also manage third party risks by conducting risk assessment methodology.
- Managing gap analysis incident of emails for regulatory and compliance purpose
- Handling the GSX and Tivoli and security incident Alerts for Lotus Domino servers
- Perform or assist with IT internal Audit, Application audits, IT process reviews, IT Infrastructure Reviews, information security audits
- Highlight areas of control weakness by documenting findings clearly, discussing recommendations with management and liaising with the process heads to ensure closure of audit findings.
- Responsible and accountable for Incident, problem and change management
Senior System Analyst
Unisys Global Services
Bangalore
12.2006 - 03.2009
- Maintaining 110 Lotus Domino (R7.0.2 & R6.5.5) Servers, for mailing & application across all over World.
- Ensuring information security, regulatory, operational, controls are implemented and compliance monitored as mandate by Account Security Baseline Handbook, MSA, applicable regulatory, standards and Unisys / customer policies and procedures.
- Monitoring and reviewing security violations and investigate security incidents
- Dealing with NET-IQ incident ticket & monitor SMART Tool; conducting monthly housekeeping, find out all bugs as well as errors & fixed it; resolving the issues related to slow Domino server performance & Pending Mails
- Implementation & configuration of Groupshield McAfee Security for Lotus Domino Email Servers
- Managing Access Control and Roles of Lotus domino mail and application servers
Associate Consultant
Atos Origin India Pvt. Ltd.
Mumbai
01.2006 - 12.2006
- Risk assessment and compliance evaluation methodology for the IT assets and Infrastructure.
- Identify, assessment, response of cyber security risk to ensuring effective controls in place to mitigating the risk.
- Facilitated internal & external IT Audits as per pre-defined schedules
- Develop and implement a strategy to protect the organization's data, assets, and IT infrastructure
- Monitored reporting of program progress at regular intervals to internal & external stakeholders
- Ensured that new services were delivered as per defined levels of quality, time and within budget, as per program plan and program governance arrangements
- Defined service delivery standards, ensured adherence delivery model, defined the roadmap with toll-gate approach right from the award of contract to operations stabilization
- Ensure that all information assets and technologies are protected from internal and external threats
- Mapped and reviewed client Risk & Controls, Process Narratives and ensured proper documentation for each control.
- Managing and promoting a cohesive and collaborative work culture across geographies and virtual teams
- Recommended and enforced Information security procedures, standards and guidelines for across Line of Business
Education
MCA - Master of Computer Application
IGNOU
New DelhiBCA - Bachelor of Computer application
IGNOU
New DelhiSkills
- Application Management
- Team Management
- IT Infrastructure Operations
- Training & Development
- Disaster Recovery
- ISO 27001 Information Security Management System
- Data Privacy
- Business Continuity Plans
- IT Security Governance
- Incident Management
- Audit & Regulatory Management
Certification
- The Certified Information Security Manager(CISM)
- The Certified Information System Auditor (CISA)
- The Certified in Risk and Information System Control (CRISC)
- OneTrust GRC Professional
- Certified Ethical Hacker (CEH)
- Certified in COBIT 5 Foundation
- IBM Certified System Administration Lotus Notes and Domino R5, R7, R8
- IBM Certified Advanced System Administrator Lotus Notes and Domino R7
- Certified in ITIL Foundation
- Cisco certified Network Associate-3 (CCNA) Certification
- Microsoft Certified System Engineer (M.C.S.E) in Windows NT 4.0
- Certified in Microsoft Office Communication Server 2007, Configuration
Languages Known
English
Bengali
Hindi
Accomplishments
- Ensures internal controls related to information risks and security management are sound and effective
- Incumbents demonstrate a breadth of knowledge of information security management best practices and a thorough understanding of control and risk management concepts
- Cybersecurity is top priority for both technology and business. Liaise with information security division and corporate BISO Team to manage effectively
Awards
Global Silver Recognition Award on 2007
Timeline
Senior Vice President
Bank of NewYork (BNY) International Operations (India) Pvt. Ltd
08.2019 - Current
Senior Risk Manager
Standard Chartered Global Business Services Private Limited
09.2017 - 07.2019
Team Manager
DBOI Global Services Pvt. Ltd.
08.2009 - 09.2017
Sr. System Analyst
Foster Wheeler India Pvt. Ltd.
03.2009 - 08.2009
Senior System Analyst
Unisys Global Services
12.2006 - 03.2009
Associate Consultant
Atos Origin India Pvt. Ltd.
01.2006 - 12.2006
MCA - Master of Computer Application
IGNOU
BCA - Bachelor of Computer application
IGNOU