Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Courses
Timeline
SoftwareEngineer
Immanuel V

Immanuel V

Information Security Manager
Bangalore,Karnataka

Summary

I have 7+ years of experience in Information & Cyber Security / GRC / Internal & External Audit / Implementation of Compliance such as ISO, HIPAA, SOC2, PCI-DSS, CSA and IT Security domain and seeking a senior position that provides for an over-arching contribution and leverages my skills in the realm of Cyber Security and Information Security.

Overview

8
8
years of professional experience
4
4
years of post-secondary education
5
5
Certifications

Work History

Information Security Manager

Leadsquared- MarketXpander Services
Bangalore
05.2022 - Current
  • Audit and Implementation: Performed Internal and External Audits for ISO 27001, HIPAA and SOC 2
  • Cloud Security: Analyzed security of AWS Environment infrastructure to assess areas in need of improvement.
  • Risk Assessment: Performed Risk Assessment based on ISO 27002, NIST and Octave Framework
  • Vendor Assessment: Performed vendor assessment and created the process to assess vendor based risks
  • Information Security management of AWS cloud environment, On-prem network, Secure SDLC Lifecycle, CI/CD, IT Security, etc.
  • Product Security: Prepared SOP's, Training material, Quiz, and communicated policies on Information security for the Organization
  • Customer Security Assessment: Responded to Customer RFP's and Vendor Questionnaires and supported Vendor Audits of BFSI sector

Senior Information Security Specialist

Optym India Pvt, Ltd
Bangalore
04.2020 - 05.2022
  • Internal Audit: Performed Internal Audits based on Compliance such as ISO 27001 and CSA Star and supported external audits for the same.
  • Compliance Evaluation: Assessment and evaluation of Legal, regulatory and compliance requirements as per business requirements, business locations based, type of product and Data collected, stored and processed. Such as Data protection and Privacy laws (GDPR, CCPA, etc.)
  • Risk Assessment: Performed periodic Risk assessment of Organization, SaaS products, Cloud Infrastructure, War and Pandemic situations.
  • Third-party vendor risk assessments: Performed Periodic vendor risk assessments by creating a risk assessment automated template using excel based on vendor type, data stored, level of access, location of data and adherence to our organizational requirements.
  • Vulnerability Assessment: Performed Vulnerability assessment using Nessus and provided remediation support for the identified vulnerabilities.
  • ISMS Management: Implementation, Monitoring, Management and Review of Security controls/solutions such as Events monitoring, Access controls, Anti-virus, Firewalls, WAF, Secure SDLC, VAPT, BCP & DR for IT infrastructure and Cloud Infrastructure.
  • Governance: Conducting Management Reviews, analyzing compliance, legal, statutory requirements required for products and organization, Policy and Procedure reviews for ISMS.
  • POC: Performing POC and Testing of security solutions such as Antivirus, Proxy, VA scanner, DLP etc.
  • DevSecOps: Recommended and Implemented security controls for SaaS solutions, reviewed vulnerabilities, source code bug report, Container scanning, architecture Reviews of cloud and On-premise Data center.

Consultant

Ernst & Young, LLP. Technology Risk Services
Chennai
10.2018 - 04.2020
  • ITGC Audit and Compliance: Performed SOC 1 & SOC 2 ITGC Audits, Review and testing of risks and controls for security of servers, Network device, Data base and cloud architecture.
  • Data Protection Audit: Performed Data protection assessment to identify critical and sensitive data related to business, applicable regulations, compliance and security controls around it.
  • Risk Assessment: Performed Risk assessment for using methodology such as OCTAVE Framework, FAIR Methodology, ISO 27001 etc.
  • IRDAI Cyber Security Audit/Assessment: Performed Audit as per Insurance Regulatory and Development Authority of India (IRDAI) Cybersecurity Framework for Insurance companies.
  • RBI ISMS Master guidelines for NBFC- Performed Audit as per RBI Master guidelines ISMS framework for Non-Banking Financial Corporations.
  • ISO27001 ISMS Audits- Performed ISMS Audit, review and applied to other frameworks.
  • FAIT- Financial Audit over Information Technology systems ITGC Testing for Manager Access, Manage Change and Manage IT operations.

Senior Associate Consultant

SISA Information Security Pvt. Ltd
Bangalore
01.2017 - 09.2018
  • PCI DSS Audit v3.2.1- Performed Audit Support for PCI DSS Certification and Re-certification including Gap assessment, Evidence verification, PCI Scoping, Network Segmentation and PCI ASV scans.
  • Network VAPT- Conducted Network Level VAPT, Network segmentation and Firewall rule review for Clients across globe, onsite and offsite to test the PCI Scope network with Vulnerability scanning tools and Penetration testing using Kali Linux.
  • Configuration and Hardening Check- Network device configuration and Server hardening tests based on CIS Benchmarks, Nessus tools to validate the client implemented best practices.
  • R&D support- To develop better Reporting tool (Customized Reports), Integration of results from different Vulnerability assessment applications to report vulnerabilities and appropriate solution

Client Technical Support Associate

Dell Technologies
Bangalore
09.2015 - 09.2016
  • Resolving security Incidents- Virus Removal, Firewall Installation, Ransomware Troubleshooting, Data backup and recovery, System hardening.
  • Hardening and Configuration- Installing anti-virus, additional firewall and Hardening the windows 7/8.1/10 and configuring backups for the customer based on requirement.
  • Hardware and Network Troubleshooting- Hardware, software and Networking Issues for Dell US Customers.

Education

Bachelor of Engineering (B.E.) - Information Science And Engineering

Dr. Timmaiah Institute of Technology
KGF
08.2010 - 06.2015

Skills

    Compliance- ISO 27001, PCI DSS, HIPAA, SOC1 & SOC2, CSA STAR, GDPR, IRDAI cybersecurity, NBFC ISMS, NIST

Security Solutions: Akamai WAF, AWS Guard duty, Sophos AV & Firewall, Forcepoint DLP, Manage Engine Desktop Central, BlackBerry Cylance, Cynet 360, IBM QRadar, SolarWinds, Crowd strike, Zscaler, Aqua Scanner, SonarQube, CISCO ASA, Meraki, Microsoft Intune, Azure Information Protection, VMware vSphere

Risk Assessment Framework- Octave, FAIR, ISMS ISO 27002, NIST 800-53

Cloud Technologies- Cloud Security and Infrastructure Azure, AWS, Kubernetes, Linux, Windows, Dockers & containers

VAPT Tools- Nessus, Qualys, Nexpose, Trivy scanner, Kali OS, Metasploit, Nmap, Wireshark, etc

Programming Languages known- HTML & CSS, php, Java Script, Python, Java, C, C

Industries worked: Cloud-based SAAS product, Banking, Financial, Insurance, e-wallet, e-commerce, Manufacturing, Payment gateway, IT/Application support & services

Technologies- Anti-virus, DLP, Firewall, Proxy, Network devices, Servers, Database & Endpoint systems

Accomplishments

  • Written an Article on “Cyber Security Risks in Social Media Banking” url: https://www.sisainfosec.com/blogs/cyber-security-risks-social-media-banking/
  • EY Cybersecurity Bronze Badge
  • ISC2 Candidate

Certification

Certified in Cybersecurity (CC) by ISC2

Courses

  • Certified Information Systems Security Professional- CISSP (udemy)
  • OWASP Top 10 fundamentals (LinkedIn)
  • GDPR Essentials (LinkedIn)
  • CompTIA security+ (cybrary)
  • ITIL Foundations v3 (cybrary)
  • Nessus Fundamentals (cybrary)
  • HIPAA Fundamentals (cybrary)
  • PCI DSS Fundamentals (cybrary)
  • Cybersecurity Bronze Badge (EY)
  • Microsoft Azure AZ-500 Security (Microsoft)
  • AWS and GCP Fundamentals (Pluralsight)

Timeline

Certified in Cybersecurity (CC) by ISC2

05-2023

Information Security Manager

Leadsquared- MarketXpander Services
05.2022 - Current

Advanced Cloud Security Auditing for CSA STAR certification by BSI

07-2020

Senior Information Security Specialist

Optym India Pvt, Ltd
04.2020 - 05.2022

Consultant

Ernst & Young, LLP. Technology Risk Services
10.2018 - 04.2020

ISO 27001:2013 Lead Auditor

07-2018

CPISI-S by SISA

04-2017

CEH by EC-Council

01-2017

Senior Associate Consultant

SISA Information Security Pvt. Ltd
01.2017 - 09.2018

Client Technical Support Associate

Dell Technologies
09.2015 - 09.2016

Bachelor of Engineering (B.E.) - Information Science And Engineering

Dr. Timmaiah Institute of Technology
08.2010 - 06.2015

Similar Profiles

CREATE PROFILE
Immanuel VInformation Security Manager