Naseer Anjum
Bangalore
Summary
Experienced Information Security and Risk Consultant with 10 years expertise in Enterprise Cyber Security, Compliance, Cloud Security, Data Security, Third Party/Vendor Risk Management, NIST, IT General Controls (ITGC), ISO27001, and IT control design, testing, and implementation. Proven track record of success in delivering comprehensive solutions to protect organizations from evolving cyber threats and ensure regulatory compliance. Skilled at developing and implementing robust security frameworks and risk management strategies to safeguard sensitive data and mitigate potential vulnerabilities.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Senior security and compliance advisor
Shell India Market Pvt Ltd
02.2016 - Current
- Managing the IT compliance and performing necessary risk assessments according to Shell enterprise risk framework
- Skilled in executing secure by design methodology as part of project delivery framework across 100+ projects and as well ensuring controls handover to service operations during project go live
- (Project Management/Transition to Support)
- Accountable in managing and driving the Control Designing, Implementing, and testing of IT, Financial and SOX controls to meet compliance requirements
- Expertise in remediating on internal and as well external audit gaps highlighted for applications and cloud IT services (IAAS/SAAS/PAAS) across Shell's landscape
- Responsible for Implementing ISAE3402/ISO27001/COBIT/NIST/PCI DSS framework across the organization
- Practiced data privacy assessments as per legal and regulatory requirement
- (ex
- GDPR, Geo political considerations)
- Developed and implemented system security policies using secure by design principles (Example - User access Management)
- Develop Work instructions as per IT control objective and help operations management in control execution and delivery
- Qualified in managing third party /supplier risk and controls and ensuring remediation of potential IT security gaps
- Knowledgeable in vulnerability management for web applications (OSWAP top 10) and reporting of security posture to management
- Assist security architects in system integration and security configurations as per CIS benchmark
- Experience in handling the security aspects related to merger, acquisition and divestment project
- Leadership Qualities:
- Currently assigned as lead which includes critical responsibilities like
- Escalation management
- Learning and training activities
- Performing Quality Checks and sign off on risk assessments for projects
Senior Information Security Analyst - Risk and
MICROLAND LTD
10.2013 - 02.2016
- Evaluated and provided reasonable assurance on risk management, control, and governance systems are functioning as intended and will enable the organization’s objectives and goals to be met
- Performed Information Security Audit based on ISO 27001/2 Security Requirements
- Reported risk management issues and internal controls deficiencies identified directly to the audit committee (Stake Holders) and provided recommendations for improving the organization’s operations, in terms of both efficient and effective performance
- Provided reports on regular basis, and as directed or requested, to keep the corporate compliance Committee and Senior management informed of the operation and progress of Compliance efforts
- Created Strategic, Tactical layer and KB’s (Knowledge Base) for each department and sent surveys to each department with the help of Modulo Manager Tool
- Applied SQL queries to generate customized Dashboards development in Modulo Risk Manager
- Performed Vulnerability Assessment on Web facing Servers, Desktops Using Nessus Tool
- Prepared a formal VA report
- Performed Program Specific Access Review Audit-Monthly for Various Programs
- Prepared and Reviewed MSA, SOW and Security Policy Checklist on Compliance Requirements and triggered Surveys on the same
- Tools:
- GRC-Archer, ServiceNow, Nessus, Power BI, Custom Dashboard and Reporting, Microsoft Excel, Microsoft PowerPoint
Service Engineer-Application
MICROLAND LTD
06.2013 - 10.2013
- Performing Technical Review (TRV) / Source validating the application
- Documenting, Unit testing and performing Quality checks for the applications (QA)
- Software Distribution through SCCM
- Testing the compatibility of the applications
- Application Review, analysis Prior to Re-Packaging Developing MSI and MST application as per the requirement
- Performed testing for the application packaged and delivering an error free Package to the Customer
- Involved in Troubleshooting and Customization's as per the standards of the Clients
Education
Bachelor of Engineering - Electronics and Communication
VTU
BangaloreSkills
- Communication Skills
- Leadership Training
- Governance Secure By Design Principles
- IT General Controls (ITGC)
- IT Operations/ Audit
- Sarbanes-Oxley Act (SOX) Compliance
- Security/ Vulnerability Management
- Risk Management
- Project Management
- Finding Management
- Information Security Management/ICT
- Business Continuity
- Service Management
- Monitoring
- ServiceNow GRC
- Issue Management
- Control design and implementation
Certification
- CISM - ISACA (2024)
- AWS
LANGUAGES
English
Accomplishments
CISM certified
Timeline
Senior security and compliance advisor
Shell India Market Pvt Ltd
02.2016 - Current
Senior Information Security Analyst - Risk and
MICROLAND LTD
10.2013 - 02.2016
Service Engineer-Application
MICROLAND LTD
06.2013 - 10.2013
Bachelor of Engineering - Electronics and Communication
VTU
Similar Profiles
Nischita RNischita R
Software Quality Assurance Specialist at Shell India Market Pvt LtdSoftware Quality Assurance Specialist at Shell India Market Pvt Ltd
SHISHIR SRIVASTAVASHISHIR SRIVASTAVA
Sales Officer at Shell India market Pvt. LtdSales Officer at Shell India market Pvt. Ltd
SUPARNO BHATTACHARYYASUPARNO BHATTACHARYYA
SERVICE ASSURANCE MANAGER at SHELL INDIA MARKET PVT. LTD.SERVICE ASSURANCE MANAGER at SHELL INDIA MARKET PVT. LTD.