Milind Deshmukh

• At Qualys being part of Governance team, I am responsible for maintaining trust & compliance of Qualys cloud platform. Participating in rigorous audit by independent third-party companies and government bodies of Qualys software services for compliance with various global and regional standards. I lead different programs such as Vendor risk assessment, Security assessment questionnaire, Legal document review, Maintaining Trust & compliance portal, Implementing Unified control framework & Secure control framework, Creating unique policy library, Data security document creation, Handling document management system to achieve the business objectives of the Qualys ISMS program
• Implemented compliance policies and procedures, ensuring adherence to regulatory requirements and minimizing operational risks.
• Coordinated internal audits and assisted external auditors with regulatory examinations, demonstrating strong control environments within the organization.
• Developed insightful reports for senior management that highlighted key findings from risk assessments and compliance reviews.
• Created a structured approach for managing issues identified during audits, leading to prompt resolutions while minimizing future occurrences of similar concerns.
• Provide review and update security processes, policies, standards, procedures, and guidelines
• Identified areas of improvement in security solutions periodically by looking at some improvements
• Create and review the security procedures and provide management with updates on security aspects
• Conduct Vendor security assessments, reviews, and audits
• Create security templates and quality gates for different design documents, policies, procedures, standards, and guidelines
• Interact with different vendors and subject matter experts to provide guidance required to meet the customer expectations
• Identify data for measurement of KPI and KRAs of individuals working on the project
• Plan for milestones which are practical
• Develop and conduct training programs for the team members
• Play significant role in the delivery of GRC services for Qualys’ Information Security, maintaining quality and stakeholder satisfaction
• Working closely with Internal/External Teams to create key GRC deliverables (Security Strategy / Frameworks / Policies / Assessments / Solutions etc.) and lead security implementation initiative dependent upon requirements
• Provide advisories, assessments, and lead security initiatives at an enterprise level, ensuring that the overall security requirements are met
• Hands-on experience in participating, managing & driving Compliance & IT Security Audits
• Strong understanding & hands-on experience in implementation of Data Privacy, i.e., PCI-DSS, CCPA & GDPR
• Provide proactive approach to gain the absolute trust of all key stakeholders and closely work with them to achieve on-time target
• Independently lead and assess technical, process and policy control gaps/risks to advise, assist clients on Data Privacy Audits, security standards, best practice and providing Data Privacy solutions
• Revived & updated Qualys Information security policies & procedures structure & aligned it with NIST SP 800-53 R5
• As per NIST SP 800-53 R5 Identified control gaps & started work on mitigating controls to make Qualys ready for FedRamp High compliant
• Revived existing supply chain risk management policy & aligned it with different departments such as Procurement, Legal, Accounts payable, Corporate IT, Secops, GRC teams.

• At Wells Fargo Being part of extended leadership team of Technology control, I am handling Infrastructure risk assessment, Application risk assessment, Control blueprint, RCSA lifecycle, Mapping of NIST, COBIT, CSA-CCM, ISO 27001, PCI DSS, FedRAMP, GDPR, CCPA to Wells Fargo Technology information security requirement
• Subject-matter expert in Cybersecurity Framework such as NIST SP800-53 R5, ISO27001, COBIT, CSA CCM
• Successfully done the mapping of all above mentioned frame work with Wells Fargo Policies, Information security requirement, Control standards, Controls
• Actively involved in doing infrastructure risk assessment of 70+ device groups across globe for Wells Fargo from Information & cyber security perspective
• Coordinating with 3 lines of defense of Wells Fargo risk management framework to provide Oversight and advise on technology risk identification, risk assessment, risk mitigation, response and risk reporting across to operate within risk appetite and in compliance with Wells Fargo risk management framework
• Conduct regular meetings with key stakeholders to handle RCSA (Risk control self-assessment) to proactively Identify, report and manage Operational risk events and resulting issues / actions for management visibility and awareness
• Conducted periodic risk assessments & suggested governance improvement for India & Philippines technology control environment for 3rd party resources handled by Technology managers
• Experienced in designing and implementing governance and risk management solutions within a Technology control divisional/regional and global level Coordinating with global control leadership team on internal audits, Issue management, regulatory compliance requirement
• Leading project meetings for executive committees, functional leadership, Control officers
• Responsible for handling Infrastructure risk assessment for Wells Fargo.
• Reduced costs by negotiating vendor contracts and identifying areas for potential savings within department budgets.
• Collaborated closely with executive leadership to align department goals with overall company objectives, resulting in stronger organizational cohesion.
• Led cross-functional teams to deliver successful projects on time and within budget, enhancing company reputation in the industry.

Being extremely result orientedI used to manage 3 different accounts across United states.

• GE Haier appliances for Information security Governance.
• SunTrust Bank Inc. Now Truist as an endpoint security consultant
• IPOST Canada as an IT security consultant.

GE Haier appliances

· Role: Information security Governance.

· Direct report: Kenneth Brockhoff IT security director GE Haier appliances.

· Team size: 7

• This project is about IT security architecture review of GE Haier appliances & IT security architecture review of GEA’s vendor
• In this role, I have conducted Vendor Technology review of more than 200+ vendors of GE appliances across globe from cyber security perspective and work with leadership to appraise them on the progress and status
• Responsibilities include assessing, evaluating risks and control environments of the vendor’s inline to established standards, Policies and procedures
• Collaborating with business groups and risk stakeholders during onboarding and off boarding of vendors
• Highlight the risks to business as an outcome of the vendor technology review
• Update Leadership team on the High/Critical open findings
• Use strong business acumen and strategic thinking & enables vendor to provide Supplier review questionnaire & all documents related to their IT security architecture to understand how they are going to handle GE’s data
• Demonstrate success in assessing, Identifying, addressing information risks by reviewing PenTest remediation validation report, SOC2 report, PCI-DSS report, Vulnerability Management report study them & identify loopholes & asks vendors to fix them
• Deep subject matter expert in information security and foundational knowledge basis on that review Network security standard, secure development standard, Cryptography standard, SIEM configuration, Incident response standard, BC-DR standard, Identity & access management
• Brian storm Risk management framework with Kenneth Brockhoff gives suggestion & create Plan of action
• In addition, internally configured & implemented policies of Palo Alto Global protect VPN for GE
• Digital Guardian configuration with Log rhythm SIEM tool.

SunTrust Bank Inc. now Truist

· Role: Endpoint security consultant.

· Direct Report: Xavier Ashe Vice President Cyber Security Operations

· Team Size: 7

· Technology stack: Symantec endpoint protection (Anti-Virus & Malware protection, Firewall, IDS, IPS), Symantec Data loss prevention, Symantec protection engine for NAS, Crowd strike, Proof point email security gateway, Bit locker encryption, Cisco WSA.

· I am responsible for End-to-End service delivery on this project.

· It includes involvement in activities and decisions regarding security policies, standards and guidelines. We manage and maintain a network of 85000+ machines that includes all SunTrust bank branches, ATMs across USA.

· We manage different teams & technologies to secure banks network.

· It includes technologies such as Symantec endpoint protection, Symantec Data loss prevention, Symantec protection engine environment to secure Network attached storage devices, Crowd strike, Proof point email security gateway, Bit locker encryption, Cisco WSA.

· Manage & Co-ordinate with VDI team to create secure Master image in terms of information security perspective as outlined Enterprise security resiliency team of SunTrust.

· Manage & Co-ordinate with Vulnerability Management team & SCCM team to identify Vulnerabilities in SunTrust environment & get them patch by involving key stakeholders.

· I am responsible for setting up new endpoint security environment from scratch, Handling P1 risk outbreak situation, Identifying & mitigating Vulnerabilities, Built Symantec endpoint version 14 environment for entire organization.

· Perform IT risk assessment & create Monthly Audit report in Technology risk, For Cyber risk & business continuity creates Monthly endpoint metrics review, Monthly business review, creating weekly Endpoint reports & present it to Vice president, Cyber security Operations.

· Participating in weekly meetings & project meetings with senior management. Handling Security incidents, coordinating with Security operations center (SOC), Cyber incident response team (CIRT), Technological risk & compliance team (Trac), Solution center team, Malware defense team of SunTrust Bank Inc.

· Creating environment upgrade plan, Creating Application design documents & Infrastructure design documents of SunTrust Endpoint network & SunTrust Protection engine network for SunTrust senior management.

· Stream lining standard procedures, creating access request for tools & environment, Sharing SOP documentation with service desk team & Guiding Service desk team on tasks, Training resources on weekly & Monthly client reporting.

· Implement & manage Change request, Attends CAB meetings as a part of change management process. Attending P1 & P2 bridge calls & following ITIL processes in terms of handling incident.

· Organizing & leading weekly & monthly meeting of team, it includes SME from SCCM team, App packaging team, Citrix –VDI team, AV team, SQL DB team.

· Integration of SPLUNK with Symantec endpoint protection Manager for CIRT team to monitor daily events across networks.

· Integration of Symantec Quarantine server with Symantec endpoint protection Manager for CIRT team to monitor quarantined items.

· Recently I have taken over IPOST Canada account for Symantec endpoint protection, IIROC for Symantec Data Center Security & managing it successfully.

• Planning, designing and deploying Symantec Antivirus in a company varying from simple environments of 100 to Hybrid IT Environments spanning over 100,000 systems
• Handled 2000 plus Enterprise customers, with complex escalations
• Handled Business critical services account across globe in different time zones.
• Handling and resolving “Virus Outbreak” by implementing appropriate Plan of Action and providing guidelines to prevent infection and attack from security threats Configuring and defining Symantec Firewall Policies, Intrusion Prevention Policies, Antivirus & Antispyware Policies and Server – Client and server communication policies
• Interacting with the “Back line” team to make action plans for customer related issues after reproducing them in house
• Troubleshooting on various platforms Windows, Linux, and Mac
• Maintaining updated documentation for product fixes and knowledge base
• Hands on Experience: Symantec Endpoint Protection Installation, Configuration, Migration
• Symantec Client firewall Live update Administrator Replication AD integration with Symantec endpoint protection manager Threat and Virus Mitigation Log Analysis, Root cause analysis of an issue with a logical approach Migration of Sep SBE to Sep
• Cloud
• Hands on experience on Implementation of Sep
• Cloud environment.

• Client: Linksys, a CISCO Core business group North America
• Network Management: Hands on experience in troubleshooting of various networking Devices for the customers/users of Linksys (North America)
• JOB PROFILE: Responsible for assisting the customer in setting up and maintaining their home or small office networks
• Maintaining, installing and configuring routers, Adapters, Access Points, Gaming Adapters, print servers, Range Expanders, video camera, and other Linksys products
• Providing assistance in the installation and Troubleshooting for the Linksys product for users in North America.