Summary
Overview
Work History
Education
Skills
Certification
PERSONAL DETAILS
Timeline
Generic

Kiran C

Senior Manager - Information Security
Bangalore

Summary

Dynamic Information Systems Auditor with over 19 years of extensive experience in compliance, risk management, and information security, complemented by a strong background in IT service delivery. Proven ability to lead and shape IT strategies and initiatives that drive business excellence and enhance operational efficiency. Expertise in identifying vulnerabilities and implementing robust solutions to mitigate risks, ensuring organizational compliance with industry standards. Committed to leveraging deep industry knowledge to foster innovation and deliver exceptional results in senior leadership roles.

Overview

19
19
years of professional experience
14
14
Certifications
5
5
Language

Work History

SENIOR MANAGER INFORMATION SECURITY

Genpact India Pvt Ltd
BANGALORE
03.2023 - Current
  • Perform Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security / Cyber Security
  • Conduct ISO 27001:2022 Global Genpact Delivery Locations along with external assessors
  • PCI DSS 4.0 Migration / Certification for Global Customers
  • PCI DSS 3.2.1 Migration to the latest standard of PCI DSS 4.0
  • Perform pre- and post- implementation reviews of system implementations or enhancements
  • Customer specific Certifications Cyber Essentials / Cyber Essentials Plus
  • TruSight Assessment for US Banking Clients
  • Cyber GRX assessment for Genpact Enterprise
  • TISAX attestation for German Automotive clients (EUR Delivery Centers)
  • ISO 42001 Certification for AI
  • Common control mapping with various industry standard (NIST, NIST CSF 2.0, 80:53 Rev 5, CSF, ISO, ISAE)
  • US State regulation audits (NYDFS)
  • OKR Planning and execution
  • Established strong relationships with clients and stakeholders, ensuring long-term partnerships and repeat business.
  • Implemented and developed operational standards, policies and procedures.
  • Reduced costs, optimized resource allocation, and improved efficiency in managing projects.
  • Improved team performance by providing comprehensive training and fostering a collaborative work environment.

Information Systems Auditor

NTT LTD
BANGALORE
05.2020 - 02.2023
  • Perform Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security
  • Responsible for developing and maintaining the IT Risk Assessment at the Business Unit Level and/or Organizational Level; including identifying areas where business units should consider additional investment and areas internal audit should focus
  • Conduct audits of IT audits and reviews of systems, applications, and IT processes.
  • Prepare and report results to executive management
  • Perform pre- and post- implementation reviews of system implementations or enhancements
  • IT security audits (e.g., network, operating system, and data centre), including evaluating if security vulnerabilities are properly identified and mitigated
  • Coordinate the scope and performance of these reviews with business units and external security experts
  • Evaluate information general computing controls and provide value added feedback. Test compliance with those controls. Coordinate with Compliance and Cybersecurity teams as applicable
  • Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate
  • Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness, (including for risk assessments)
  • Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing
  • Conduct IT audits in operational Risk areas
  • Conduct Internal Audits
  • Implementation of Best Practices
  • Vendor Risk Assessment
  • Compliance activities for Europe, Australia, Sweden, France, UK, US
  • Discovery exercise for Platforms (Cloud and Virtual)
  • Containers Compliance
  • Compliance Activities
  • Mentored junior auditors as they developed their skills and knowledge in the field, fostering a supportive environment that encouraged team members to continuously strive for excellence.
  • Promoted continuous improvement within the organization through ongoing evaluation of policies, procedures, and technology implementations against best practices in information systems auditing.
  • Streamlined IT operations by performing thorough evaluations of internal control systems and procedures.

Lead Security Risk Auditor

Qualfon Technology support Services LLP, Gurgaon
GURUGRAM
06.2018 - 05.2020
  • Perform Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security
  • Responsible for developing and maintaining the IT Risk Assessment at the Business Unit Level and/or Organizational Level; including identifying areas where business units should consider additional investment and areas internal audit should focus
  • Conduct audits of IT audits and reviews of systems, applications, and IT processes.
  • Prepare and report results to executive management
  • Perform pre- and post- implementation reviews of system implementations or enhancements
  • IT security audits (e.g., network, operating system, and data centre), including evaluating if security vulnerabilities are properly identified and mitigated
  • Coordinate the scope and performance of these reviews with business units and external security experts
  • Evaluate information general computing controls and provide value added feedback. Test compliance with those controls. Coordinate with Compliance and Cybersecurity teams as applicable
  • Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate
  • Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness, (including for risk assessments)
  • Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing
  • Conduct IT audits in operational Risk areas
  • SOC2 Front Lead for India, US, Mexico, Guyana, Philippines

SENIOR MANAGER RISK AND COMPLIANCE

[24]7.ai, Bangalore
BANGALORE
09.2003 - 06.2018
  • Career Progression:
  • Senior Manager Compliance & Risk management (Aug 2015 Onwards)
  • Manager-Technology (Sep 2009 to Aug 2015)
  • Asst Manager-Technology (Jul 2006 to Apr 2015)
  • Network Engineer (Sep 2003 to Jun 2006)
  • Accountability:
  • Diverse responsibilities of managing Security Strategy, IT Governance, System/Network Controls Definition & Enforcement, Audit and Compliance to Standards.
  • Accountable to lead the team for IT Operation & Service Support management including Infrastructure Change Management, Problem & Incident Management, Root Cause Analysis as well as Patch Management
  • Managing implementation of the security strategy provided by compliance team in alignment with business requirements, objectives, and metrics.
  • Responsible as Server Administrator for managing 185+ servers and a team of 6 engineers in a [24]7 offshore delivery model for Level 1/2/3 roles.
  • Involved in change request review ensuring application of a structured methodology and lead change management activities after identification, analysis, and preparation of risk mitigation tactics.
  • Identifying and prioritizing technical/process issues, developing support standards, and identifying training programs for enhanced troubleshooting and customer service.
  • Spearheading incident/problem management including high & critical Incidents/user escalations by root cause analysis, resolution plan and deployment of same ensuring client satisfaction for Incident Management.
  • Providing forecasts/maintain Opex & Capex as per annual budget of the department, ensure Enterprise Asset Management for all geographies and implemented Sapphire IMS for effective asset management
  • Performing daily team administration routines as well as team development and people management activities to improve team productivities.
  • Participated in hands-on tabletop exercises and training workshops on Disaster Recovery and Business Continuity plans.
  • Managed user escalations for Incidents, user service requests, initiation of Problem Process for problems identified and ensured correct execution of Incident Management Processes.
  • Responsible also for E2E delivery of all contracted operational services and to ensure that all customer SLAs and expectations around IT service management are met and/or exceeded.
  • Achievements:
  • Recognized as “Best Asst Manager” – Category Amongst other KSP’s during Annual recognition awards year- 2007
  • Recognized as best performer 2016
  • Awarded as Team player 2017
  • Achieved ISO 9001:2015 and ISMS ISO 27001:2013 for India
  • Ontime Re-certification of PCI DSS 3.2 for India
  • Tracking / Governing of PCI DSS 3.2 other Geo’s (Nicaragua, Guatemala, Philippines, Colombia)
  • Established strong relationships with clients and stakeholders, ensuring long-term partnerships and repeat business.
  • Implemented and developed operational standards, policies and procedures.
  • Held monthly meetings to create business plans and workshops to drive successful business.
  • Provided strong leadership to enhance team productivity and morale.

Customer Support Executive

Connoisseur Electronics (P) Ltd., Bangalore
BANGALORE
11.1997 - 09.2003
  • Accountability:
  • Reported to the Managing Director and led a team of 6 resources for installation and support of Desktops, Laptops and Servers as well as management of entire IT services post sales.
  • Managed acquisition & renewal of Annual Maintenance Contracts along with Facilities Management Contracts providing day-to-day IT Support to 2500+ Base installations.
  • Responsible for service support delivery for all IT assets (post sales), ensuring availability & integrity of the equipment’s
  • Involved in development and management of client relationships proper service support of infrastructure, contract renewal and inventory management.
  • Achievements:
  • Achieved ISO 9001:2008 certification for Bangalore
  • Achieved Intel Premium service provider status as first 500 companies across globe
  • Improved customer satisfaction by efficiently addressing and resolving inquiries, concerns, and complaints.
  • Listened to customers' questions and concerns to provide answers or responses.
  • Provided excellent customer service by efficiently resolving issues and responding to inquiries.
  • Managed high-stress situations effectively while maintaining a calm demeanor and providing empathetic support to customers facing challenges or frustration.

Education

Bachelor of Business Administration - Business Administration And Management

Madurai Kamaraj University
Madurai
11.2013

Skills

Certification

Certified Information Security Manager - CISM

PERSONAL DETAILS

  • Location Preference: Any where
  • Nationality: Indian


Timeline

SENIOR MANAGER INFORMATION SECURITY

Genpact India Pvt Ltd
03.2023 - Current

Information Systems Auditor

NTT LTD
05.2020 - 02.2023

Lead Security Risk Auditor

Qualfon Technology support Services LLP, Gurgaon
06.2018 - 05.2020

SENIOR MANAGER RISK AND COMPLIANCE

[24]7.ai, Bangalore
09.2003 - 06.2018

Customer Support Executive

Connoisseur Electronics (P) Ltd., Bangalore
11.1997 - 09.2003

Bachelor of Business Administration - Business Administration And Management

Madurai Kamaraj University

Similar Profiles

CREATE PROFILE
Kiran CSenior Manager - Information Security