Rahul Basu
Hyderabad,TG
Summary
A dynamic Information Security Solutionist and Consultant, with a proven track record of success at Enterprise and Strategic Business Unit level in security, technology, and support functions.
Overview
15
15
years of professional experience
1
1
Certification
Work History
GRC Technology Manager
YASH Technologies
Hyderabad
04.2022 - Current
- Work as advisory for organization, and advises various governance, risk, and compliance programs at business and enterprise level which may include Enterprise or Operational Risk Management, Regulatory Compliance, Cybersecurity, Internal Control, Internal Audit, Business Continuity, Data privacy,3rd party risk assessments
- Working as consultant towards creating Cloud Center of Excellence responsible for developing cloud best practices, governance, and frameworks that rest of organization can leverage to transform organizational business using cloud . As part of assessment roles and responsibilities include:
- Undertake planning and performance management for CCOE’s strategic plan for cloud
- Collaborate with stakeholders, employees, and help in establishing CCOE brand
- Regular monitoring of all CCOE activity
- Undertake assessment and audit of data needs of the organization along with developing solutions .
- Champion the cloud transformation process.
- Research and plan the logistics for cloud adoption.
- Provide guidance to the teams for the transition.
- Support and train the employees for a smooth migration.
- Introduce required cloud frameworks.
- Standardize processes around cloud adoption.
- Help employees to overcome any barriers for cloud adoption.
- Communicate clearly for any potential risks or issues.
- Review and reiterate on any change in the process for continuous improvement and to be aligned with the business objectives of the organization.
- As member of COE consulting services team responsible for all GRC Programs / Projects as relate to GRC Platform planning, design, configuration, and transition to operations services for customers
- Analyzing business processes, requirements gathering, designing solutions, understanding complex relationships, managing stakeholder expectations, communicating with customers, determining issues, and solving problems
- Analyze cybersecurity risks associated with implementation of security solutions, secure processes, and computing environments changes.
RISK MANAGER
Electrum
Hyderabad
10.2021 - 03.2022
- IT Risk and Compliance for Strategic Business Accounts, Define, update, manage, and govern information security policies and controls for Strategic Business Units: Objective is to create risk and governance framework to drive and dictate how organization security policies and procedures will be aligned to business unit Develop security programs to enable solutioning towards effective Risk Management of Strategic Business Units: Involves understanding Strategic Plan of business unit, and thereafter Identify and Prioritize Assets and Risks
- Mitigate and Track Impact of Prioritized Risks
- Conduct internal security audits and risk assessments and conduct administrate evidence collection and reporting as part of audit: Drive enterprise and account level audits post assessing assets within business and evaluating current security posture and identifying threats and vulnerabilities
- Assign risk scores to identified risks and threats post audit activity and determine corresponding action
- Monitor, remediate, and report security incidents: Work closely with the Incident Management team to identify who is the internal contact point for cyber security incidents Scrutinize and validate the different incident response tasks and the respective ownership Connect with the decision making and approving authority of the organization who would approve and authorize the response for the incidents
- Liaise with the legal team within the organization for incidents responses requiring legal and regulatory intervention
- Act as principal point of contact for third-party auditors: Be a frontrunner and flag bearer for the organization during external audits (enterprise level or account level) and establish a clear understanding of the terms of the audit engagement with the audit committee, including the objective of the audit, the responsibilities of the auditor and management responsibilities
RISK AND COMPLIANCE MANAGER
Tech Mahindra
Hyderabad
02.2017 - 10.2021
- Information Security Management System Implementation: Create the IT security framework, policy & guidelines across the business verticals in the organization; Discuss, validate, and plug BU specific information security policies into the overall information security guidelines
- Lead organization wide audits like ISO 27001, SOC 2 audits by working closely with external audit body (KPMG)
- Handle Client Audit and External 3rd Party certification audit for various accounts at
- Organization
- Extensive customer connects ensuring effective and seamless implementation of ISMS and information security governance framework into each of performing engagements for all 250+ clients across 3 critical clusters and entire enterprise support function
- Work closely with the internal assurance team to conduct internal audits for IT infra and projects/accounts/functions of Tech Mahindra, Hyderabad with ref ISO 27001,27701 & 22301 and client specific controls
- Conducting Risk assessments for new implementation from security perspective and highlighting possible risks to stakeholders and internal security forum for various clients Work in sync with Technical Security team to test and Identify critical flaws in applications and systems that cyber attackers could exploit
- Incident management and Business Continuity Planning- Coordinating with customers, internal teams for security incident response in case of any incidents/ breaches and creating and implementing BCP & DR planning across organization at account and functions level
- Develop and implement processes to anticipate, recognize and defend against changing Cyber and Information risk environments which threaten business stability.
PROJECT LEAD
Tech Mahindra
Hyderabad
06.2010 - 02.2017
- Administered medium to large size IT infrastructure projects of a complex nature and interface with Global teams; managed the implementation of network solutions (LAN) and delivery of services to enterprise customers of AT&T
- Involved in the Full Lifecycle Project Management & Successful Execution of LAN and WAN Migration of AT&T customers located geographically across the globe
- Supported and monitored existing infrastructure, supervised preventative maintenance and backup as well as performed other regular support activities to ensure effectiveness Steering successful roll-out of projects involving defining scope, setting timelines, analyzing requirements, prioritizing tasks, identifying dependencies, and evaluating risks & issues as per budgets
- Monitoring project progress & outstanding issues and ensuring the quality & timeliness of the deliverables; preparing monthly dashboard, project health check metrics and weekly & fortnightly status reports as well as extending post-implementation support to team members by identifying defects, inconsistencies & errors
- Analyzing user requirements to identify trends and resolve performance issues, preparing proposals, delivering business presentations to client, and controlling resource planning, effort estimation & risk management.
FRONT-LINE MANAGER
IBM
Hyderabad
06.2009 - 03.2010
- Efficiently managed team of 36 members in Inbound Level 1 UK Technical Helpdesk Process Successfully involved in Process Transition for Reputed UK Accounts – Car Phone Warehouse, Prominent Mobile Phone & ISP of UK
- Involved in Team Management, Performance Management, Met SLA & worked as SPOC for client queries
- Resolved issues quickly to maintain productivity goals
- Implemented program changes to identify and quickly resolve root cause issues bottlenecking production levels.
TEAM LEADER
Bank Of America
Hyderabad
02.2008 - 06.2009
- Efficiently managed team of 16 members in Sub-Process of Keying Centre of Excellence (KCOE) segment named Lockbox
- Tracking & Monitoring Individual & Team performances/Variation in Performances on weekly basis
- Involved in Goal Setting for Team, Driving Team's Performance, Competency Mapping, Team Management, and performance Management
- Conducted training and mentored team members to promote productivity, accuracy and commitment to friendly service
- Facilitated training for associates through daily coaching and regular performance appraisals.
Education
Bachelor Of Arts - English
University Of Calcutta
04.1997
High School Diploma -
CMS
Lucknow, UP03.1991
Skills
- Information Security Governance Process Compliance
- Risk Assessment & Mitigation
- Audit & Compliance Management Incident Management
- Security Awareness Training Documentation
- Business Continuity Planning Project Management Program Management
Certification
Certified Information Security Manager (CISM)
ISO 27001:2013 Lead Auditor Certification
AZ-500 Microsoft Certified: Azure Security Engineer Associate
Project Management Professional (PMP) Hyderabad, India 500090
Timeline
GRC Technology Manager
YASH Technologies
04.2022 - Current
RISK MANAGER
Electrum
10.2021 - 03.2022
RISK AND COMPLIANCE MANAGER
Tech Mahindra
02.2017 - 10.2021
PROJECT LEAD
Tech Mahindra
06.2010 - 02.2017
FRONT-LINE MANAGER
IBM
06.2009 - 03.2010
TEAM LEADER
Bank Of America
02.2008 - 06.2009
Bachelor Of Arts - English
University Of Calcutta
High School Diploma -
CMS