NAGARJUN. M.S

• Help Project/Product Teams in tracking Product Security Improvement actions,
• Facilitate Development process changes, Coding practices ( Standard and Secure development),
• Facilitate external Audits related to NESAS , ISO 27001 and ISO 9001 along with other best practices in the industry.
  Provide necessary trainings in Product secure development process/practices for SW development teams
• Data analysis and presentation to teams and drive customer review actions
• Develop and maintain Business continuity and Disaster recovery plans at BU levels and perform testing at regular intervals.

Client : SABIC (Mar'19 – Aug'20)

Role: Architect – Enterprise Security

• Research, Plan and Design robust security architectures for any IT demand.
• Perform risk assessments and treatment based on SABSA framework.
• Lead information gathering discussions and identify security requirements for various IT demands and initiatives.
• Involve in IT project lifecycle from very beginning of project and provide required security input at right time to ensure security requirements are identified, managed, and delivered in proactive fashion.
• Prepare security Strategy, Plan and Design for requested business need.
• Liaise with Risk Management team to ensure Business and Domain risks are identified, assessed and controls are identified.
• Identify and define Control and Enablement Objectives to deliver required level of risk management for each domain.
• Guide security controls design to ensure all policies and information security requirements are met, to enable business request.
• Define and maintain domain security policies and procedures
• Develop content for improving IT Security Management Framework based on SABSA methodology.
• Define performance metrics for various security service delivery teams.

Client : Saudi Telecom Company (Aug'20 – Till date)

Role: Cyber Security Resilience Specialist

• Manage cyber resilience framework, including activities, Plans, resources
• Align CS Cyber Resilience requirements with STC business continuity teams to provide resilience against cyber disruption and minimize impact to STC in event of cyber-incident
• Assess cyber scenarios to target evaluation to ensure up to date Cyber Resilience Plans
• Test STC cyber readiness for identified cyber risks and update cybersecurity teams/ BC/DR to take needed corrective actions to elevate level of STC cyber resiliency
• Collaborate with STC business owners to assess & identify business impact related to target environments; and agree on actions to follow to ensure their confidentiality, integrity and availability
• Provide needed help to enable organization to withstand cyber incident linked unavailability of critical information, business applications and related technical infrastructure
• Design and manage cyber resiliency test plan (incl. Plans to review process and run-throughs cyber incidents and document lesson learned and areas of improvements)
• Manage audit findings pertaining to Cyber Resilience
• Created plans and communicated deadlines to ensure projects were completed on time.

Governance Risk and Compliance

• Coordinate and perform regular security related audits for IT environment for organization globally.
• Conduct periodic risk assessments in accordance with ISMS/PCI Standards to identify control weakness and to assess their impact on Herbalife information security.
• Interface with internal and external audit groups as well as risk management teams.
• Perform audit and assessments of information security / Cybersecurity policy and procedures being implemented and monitor their compliance, including appropriate technical and administrative controls being-maintained.
• Manage corporate Risk Register and coordinate remediation items for security risk management requirements.
• Schedule and conduct third party reviews for critical vendors and coordinate with GSS team for remediation.
• Contribute to development of process documentation, consistent practices, process maturity and improvement in all IS areas including Application Development, Infrastructure, Operations and Management.
• Consult different stakeholders for creation and implementation of new policies, establishing new reporting cycles.
• Develop and maintain Information Security Policies, Standards, Guidelines and Operating Procedures.
• Prepare and publish security dashboards for various key performance indicators and operational metrics.
• Review of MSA's and vendor contracts.

PCI: DSS

• Ensure PCI-DSS compliance for Herbalife Americas and closely monitor compliance on regular basis.
• Conduct PCI-DSS compliance reviews for in-scope applications and infrastructure. Secondary point of contact for external auditor (QSA), internal teams for certification audits

Information Security

• Conducting information security risk assessment.
• Performing assigned SDD (service delivery document) reviews and supporting account in implementing same.
• Conduct client requirement audits.
• Managing improvements to ISMS
• Conducting site readiness audits prior to audits
• Conducting and collection of information security metrics.
• Developing procedures & related documentation required for ISMS implementation.
• Contributing to ISO27001:2013 initiatives.
• Conduct and coordinating internal audits
• Managing improvements to ISMS

SOX

• Initial set up and creation of baseline policy compliance checks in VCM
• Scheduling of policy compliance reporting
• Updating policy checks as and when required (e.g. to correct a check if not reporting properly or if client policy change requires checks to be updated).
• Generating ad-hoc reports for HPE compliance team where required to check particular compliance areas
• Basic troubleshooting in VCM in case compliance checks are not delivering expected output.
• Provide specific details regarding what specific checks are reporting against on operating system as and when requested. Scheduling calls thrice week to give update on VCM capabilities.

Governance Risk and Compliance

• As part of client GRC team, worked on various capabilities with respect to compliance.
• Capabilities include Windows, Unix, Database, Backups, Antivirus and Patching etc.,
• Sending out evidence requests to delivery teams and
• Collecting relevant evidences to prepare monthly and quarterly compliance reports
• Preparing final compliance and metrics reports once after receiving all relevant evidences.
• Coordinating client internal audits.

InfoSec & TPRA

• Implement, maintain and improve information security management system
• Implement or facilitate implementation of security controls and best practices.
• Audit information security management system.
• Identify improvements in security policies and provide inputs on need for new policies.
• Document and implement security related procedures and best practices.
• Collaborate and work effectively with other stakeholders such as internal teams or external clients on security, privacy and compliance initiatives.
• Advise internal teams on security related issues and provide inputs on client RFPs, questionnaire etc. from security perspective.
• Socialize security policies and procedures within company and ensure implementation.
• Develop /provide inputs on development of security trainings within company.
• Respond and track security incidents to closure.
• Manage Data Loss Prevention (DLP) operations

IT Compliance & ISMS

• Oversee IT and ISO 27001 Compliance
• Reviewing and recommending Information Security Policies/Procedures and Guidelines
• Participation in Organizations internal and external audits
• Responding to client RFP questionnaires and review of MSA's & Contracts
• Contributing to obtaining ISO 27001 certification of Management System.
• Providing expertise advice and support to IS initiatives.
• Developed ISMS metrics to track performance in organizational efficiency.
• Understanding existing practices/ process followed in organization and implementation of ISMS in-line with ISO 27001 controls.
• ISO 27001:2013 recertification implementation and audits.
• Implementing Information Security policy & required controls.
• Conducting GAP Analysis & Risk Assessment and Treatment plans
• Finding improvement to ISMS policies, processes through IS Forums and Management review meetings.
• Reviewed internal systems and organized ISMS training plans to address areas in need of improvement.
• Conducting surprise ISMS audits at various locations and client requirement audits
• Asset Management & Incident Management
• Software licensing and Compliance Management

ISMS & GRC

• Ensure organization is compliant to Information and data security aligned to ISO 27001:2013 standards.
• Ensure company's alignment to Information security policies and procedures.
• Conduct internal audits ensuring organization's compliance towards Information Security Management System.
• Ensure proper functioning of IT services (ITIS) through surprise IT audits.
• Ensure customer information security requirements and policies are in place.
• Ensure organization's BCP is in place.
• Ensure risks are identified and mitigated at both organization and customer ends through Enterprise Risk Management framework.
• Conduct Risk Assessment and Risk Management aligned to ISMS standard.
• Drafting and review of ISMS Policies and Procedures.
• Monthly reviews across departments on ISO 27001 controls.
• Conduct Desktop and Software licensing audits.
• Conduct client requirement audits.
• Training and Awareness

Tech Support

• Database support
• Sales support
• Data Entry
• Technical Support and Troubleshooting
• Customer Service support