Kishen Shetti

• Core responsibility of ensuring compliance of Applications with information security principles and coordinating with Senior management, business management and technology function to ensure fulfillment of agreed information security services globally.
• As part of Risk assessment validation activity reviewing Asset risk profile, Campaign screening and technical risk profile for applications and IT assets.
• Performing quality assurance of application inventory with regards to data quality and feed issues and coordinating with applications stakeholders to ensure remediation.
• Support audit engagement, coordinate, review and submission of IS audit deliverables and ensure the remediation of audit concerns.
• Responsible for creation of lockdown rules for user access by restricting access to entitlements based on need-to-know concept by taking into consideration the confidentiality of data.
• Defining the functional taxonomy rules at entitlement and roles level which translate functionality of entitlements into business function with DB as part of segregation of duties principles.
• Tracking on Lockdown rules violation and Functional Taxonomy alerts and taking appropriate action to resolve toxic combination of user access rights.
• Validating the compensating control measures ensuring entitlement contain controlled risk.
• To ensure entitlements and business roles are appropriately documented.
• Conducting periodic risk assessment in related to application to ensure compliant with defined set of CISO requirement.
• Performing recertification of user accounts, entitlements, critical access rights, group accounts, etc.
• To perform dormant access review.
• Documenting Identity and access concept for all the applications.
• Reviewing the key operating documents for applications.
• As part of monthly activities keeping track of KPI’s like Identity and access rights, Racer status (Risk, assessment, Compliance, Evaluation, remediation), Segregation Of Duties and Recertification.
• Daily BAU task like-Audit: Handling request regarding audit data from internal or external auditors, Record self-identified issues in global finding management system and ensuring all SII are tracked and remediated in time bound manner. Approving the change request by ensuring no negative business impact occurs by the change.

• Responsibility of ensuring compliance of ICT assets as per defined information security Standards.
• Performing risk assessment activities.
• Performing user access management review, tracking risk exception.
• Validating business process and conduct walkthrough and review of IT controls according to the ISO 27001: 2013 standards to ensure fulfillment of agreed information security services.
• Conduct review of critical application.
• Handling internal and external audit.
• Support audit engagement, coordinate, review and submission of IS audit deliverables and ensure the remediation of audit concerns.
• Defining performance metrics based on KPI and KRI for solutions like EDR, WAF, APT, PIM, DLP, 2FA, FIM, Proxy and Email Security

• Worked as a (L2) for managed security service project for banking client.
• Performed deployment and troubleshooting on following products Symantec Server security (DCS), Gemalto MFA, Arcos PIM, Symantec DLP, Blackberry DRM and MDM, Checkpoint MTP.
• Performed Patch implementation, Rule fine-tuning for security solutions.
• Responsible for security policies creation and customization of Data centre security. Mobile device management, Mobile threat prevention, Data leakage prevention and Privilege identity management solutions.
• Investigating DLP Alerts.

Project name: India First Life Insurance

Project responsibilities:

• Performed Identity and access management review.
• Performed third party Risk assessment.
• Performed Proof Of Concept for information security solutions.
• Responsible for Handling security solutions (Rule fine tuning, Monitoring Key performance indicators and Key risk indicators).

Project Name: Star India

Project responsibilities:

• Responsible for providing administration support for Mobile device management solution.