Immanuel V
Information Security Manager
Bangalore,Karnataka
Summary
I have 7+ years of experience in Information & Cyber Security / GRC / Internal & External Audit / Implementation of Compliance such as ISO, HIPAA, SOC2, PCI-DSS, CSA and IT Security domain and seeking a senior position that provides for an over-arching contribution and leverages my skills in the realm of Cyber Security and Information Security.
Overview
8
8
years of professional experience
4
4
years of post-secondary education
5
5
Certifications
Work History
Information Security Manager
Leadsquared- MarketXpander Services
Bangalore
2022.05 - Current
- Audit and Implementation: Performed Internal and External Audits for ISO 27001, HIPAA and SOC 2
- Cloud Security: Analyzed security of AWS Environment infrastructure to assess areas in need of improvement.
- Risk Assessment: Performed Risk Assessment based on ISO 27002, NIST and Octave Framework
- Vendor Assessment: Performed vendor assessment and created the process to assess vendor based risks
- Information Security management of AWS cloud environment, On-prem network, Secure SDLC Lifecycle, CI/CD, IT Security, etc.
- Product Security: Prepared SOP's, Training material, Quiz, and communicated policies on Information security for the Organization
- Customer Security Assessment: Responded to Customer RFP's and Vendor Questionnaires and supported Vendor Audits of BFSI sector
Senior Information Security Specialist
Optym India Pvt, Ltd
Bangalore
2020.04 - 2022.05
- Internal Audit: Performed Internal Audits based on Compliance such as ISO 27001 and CSA Star and supported external audits for the same.
- Compliance Evaluation: Assessment and evaluation of Legal, regulatory and compliance requirements as per business requirements, business locations based, type of product and Data collected, stored and processed. Such as Data protection and Privacy laws (GDPR, CCPA, etc.)
- Risk Assessment: Performed periodic Risk assessment of Organization, SaaS products, Cloud Infrastructure, War and Pandemic situations.
- Third-party vendor risk assessments: Performed Periodic vendor risk assessments by creating a risk assessment automated template using excel based on vendor type, data stored, level of access, location of data and adherence to our organizational requirements.
- Vulnerability Assessment: Performed Vulnerability assessment using Nessus and provided remediation support for the identified vulnerabilities.
- ISMS Management: Implementation, Monitoring, Management and Review of Security controls/solutions such as Events monitoring, Access controls, Anti-virus, Firewalls, WAF, Secure SDLC, VAPT, BCP & DR for IT infrastructure and Cloud Infrastructure.
- Governance: Conducting Management Reviews, analyzing compliance, legal, statutory requirements required for products and organization, Policy and Procedure reviews for ISMS.
- POC: Performing POC and Testing of security solutions such as Antivirus, Proxy, VA scanner, DLP etc.
- DevSecOps: Recommended and Implemented security controls for SaaS solutions, reviewed vulnerabilities, source code bug report, Container scanning, architecture Reviews of cloud and On-premise Data center.
Consultant
Ernst & Young, LLP. Technology Risk Services
Chennai
2018.10 - 2020.04
- ITGC Audit and Compliance: Performed SOC 1 & SOC 2 ITGC Audits, Review and testing of risks and controls for security of servers, Network device, Data base and cloud architecture.
- Data Protection Audit: Performed Data protection assessment to identify critical and sensitive data related to business, applicable regulations, compliance and security controls around it.
- Risk Assessment: Performed Risk assessment for using methodology such as OCTAVE Framework, FAIR Methodology, ISO 27001 etc.
- IRDAI Cyber Security Audit/Assessment: Performed Audit as per Insurance Regulatory and Development Authority of India (IRDAI) Cybersecurity Framework for Insurance companies.
- RBI ISMS Master guidelines for NBFC- Performed Audit as per RBI Master guidelines ISMS framework for Non-Banking Financial Corporations.
- ISO27001 ISMS Audits- Performed ISMS Audit, review and applied to other frameworks.
- FAIT- Financial Audit over Information Technology systems ITGC Testing for Manager Access, Manage Change and Manage IT operations.
Senior Associate Consultant
SISA Information Security Pvt. Ltd
Bangalore
2017.01 - 2018.09
- PCI DSS Audit v3.2.1- Performed Audit Support for PCI DSS Certification and Re-certification including Gap assessment, Evidence verification, PCI Scoping, Network Segmentation and PCI ASV scans.
- Network VAPT- Conducted Network Level VAPT, Network segmentation and Firewall rule review for Clients across globe, onsite and offsite to test the PCI Scope network with Vulnerability scanning tools and Penetration testing using Kali Linux.
- Configuration and Hardening Check- Network device configuration and Server hardening tests based on CIS Benchmarks, Nessus tools to validate the client implemented best practices.
- R&D support- To develop better Reporting tool (Customized Reports), Integration of results from different Vulnerability assessment applications to report vulnerabilities and appropriate solution
Client Technical Support Associate
Dell Technologies
Bangalore
2015.09 - 2016.09
- Resolving security Incidents- Virus Removal, Firewall Installation, Ransomware Troubleshooting, Data backup and recovery, System hardening.
- Hardening and Configuration- Installing anti-virus, additional firewall and Hardening the windows 7/8.1/10 and configuring backups for the customer based on requirement.
- Hardware and Network Troubleshooting- Hardware, software and Networking Issues for Dell US Customers.
Education
Bachelor of Engineering (B.E.) - Information Science And Engineering
Dr. Timmaiah Institute of Technology
KGF 2010.08 - 2015.06
Skills
Compliance- ISO 27001, PCI DSS, HIPAA, SOC1 & SOC2, CSA STAR, GDPR, IRDAI cybersecurity, NBFC ISMS, NIST.
Accomplishments
- Written an Article on “Cyber Security Risks in Social Media Banking” url: https://www.sisainfosec.com/blogs/cyber-security-risks-social-media-banking/
- EY Cybersecurity Bronze Badge
- ISC2 Candidate
Certification
Certified in Cybersecurity (CC) by ISC2
Courses
- Certified Information Systems Security Professional- CISSP (udemy)
- OWASP Top 10 fundamentals (LinkedIn)
- GDPR Essentials (LinkedIn)
- CompTIA security+ (cybrary)
- ITIL Foundations v3 (cybrary)
- Nessus Fundamentals (cybrary)
- HIPAA Fundamentals (cybrary)
- PCI DSS Fundamentals (cybrary)
- Cybersecurity Bronze Badge (EY)
- Microsoft Azure AZ-500 Security (Microsoft)
- AWS and GCP Fundamentals (Pluralsight)
Timeline
Certified in Cybersecurity (CC) by ISC2
2023-05
Information Security Manager
Leadsquared- MarketXpander Services
2022.05 - Current
Advanced Cloud Security Auditing for CSA STAR certification by BSI
2020-07
Senior Information Security Specialist
Optym India Pvt, Ltd
2020.04 - 2022.05
Consultant
Ernst & Young, LLP. Technology Risk Services
2018.10 - 2020.04
ISO 27001:2013 Lead Auditor
2018-07
CPISI-S by SISA
2017-04
CEH by EC-Council
2017-01
Senior Associate Consultant
SISA Information Security Pvt. Ltd
2017.01 - 2018.09
Client Technical Support Associate
Dell Technologies
2015.09 - 2016.09
Bachelor of Engineering (B.E.) - Information Science And Engineering
Dr. Timmaiah Institute of Technology
2010.08 - 2015.06
Similar Profiles
Chinmoy SahaChinmoy Saha
HR- Operations Specialist at LeadSquared (MarketXpander Services Pvt Ltd)HR- Operations Specialist at LeadSquared (MarketXpander Services Pvt Ltd)
Randhir GuptaRandhir Gupta
Software Development Engineer at InMobi Technology Services Private LimitedSoftware Development Engineer at InMobi Technology Services Private Limited
PRIYA SRIVASTAVAPRIYA SRIVASTAVA
Senior Manager - HR at MarketXpander Services Pvt. Ltd. (LeadSquared)Senior Manager - HR at MarketXpander Services Pvt. Ltd. (LeadSquared)