RAVI MEENA
Summary
Experienced Cyber Security Professional of 15 years with a successful track record in developing and implementing effective security strategies and programs to safeguard organizational assets. Expertise in managing enterprise level vulnerability assessments and penetration testing programs. Experienced Auditor focused on improving business compliance, workflow and processes through detailed audits and optimization recommendations. Successful track record of fully evaluating information, structures and procedures and initiating corrective actions.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Sr. Cyber & IT Auditor
Honeywell International (I) Private Limited
01.2019 - 01.2023
- Tasked with strategically planning and executing cyber audits for high-risk enterprise processes, ensuring the validation of deployed controls' efficiency
- I actively identified emerging risks and technologies, incorporating them into the cyber audit scope
- Collaborated extensively with business, IT, and cybersecurity teams to advocate for effective and efficient practices
- Lead audit teams by setting priorities, adapting audit plans as needed, overseeing audit processes, and preparing comprehensive reports on findings
- Regularly communicated audit conclusions to the organization's leadership team
- Managed various audits, including IT, Cyber, Integrated, and specialized audits in collaboration with finance and other teams
- Identified the requirement and initiated the Internal audit automation project with ServiceNow GRC Audit Management module to reduce the audit timelines by 40%
- Planned and executed multiple cycles of ITGC/SOX controls for SAP systems and applications
- Innovatively developed a new Operational Technology (OT) Audit Framework for auditing manufacturing sites and smart factory initiatives
- Executed audits and assessments for key processes such as Vulnerability Assessment, Incident Management, Technical Configuration Management, Data Protection, and Product Security
- Conducted audits and assessments in alignment with internal Honeywell standards, ISO 27001, SOX, NIST frameworks and ISA/IEC 62443.
Manager - Information Security
Infosys Ltd
01.2014 - 01.2019
- Effectively managed the Vulnerability Assessment and Penetration Testing program to fortify the cyber infrastructure of the enterprise, covering networks, systems, information, and mobile devices against risks and threats
- Lead a team of 20 + professionals to oversee the entire process
- Orchestrated an enterprise-level Vulnerability Assessment and Penetration Testing Program, providing coverage for 400K+ information assets globally
- Successfully integrated the Vulnerability Management (VM) program with critical detection solutions such as SIEM, SOC, GRC, SOAR, enhancing overall cybersecurity capabilities
- Assessed and implemented advanced Qualys solutions to optimize and elevate the efficiency of the Vulnerability Management (VM) process
- This encompassed the strategic deployment of scanners at more than 60 locations globally
- Steered and successfully cleared ISO27001 External Audit multiple times for the Vulnerability Assessment and Penetration Testing process
- Spearheaded the Application Security Assessment process and also lead the development of a security management program for IoT devices
- Implemented and managed the solutions like Application Firewall (WAF), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Database Activity Monitoring (DAM), and Dynamic Application Security Testing (DAS) for applications and database servers
- Proficiently utilized a range of tools and technologies including Qualys, Nessus, Rapid7, Kali Linux, Fortify, Checkmarks, Burp Suit, IBM App Scan, and Imperva, Splunk, AWS & AZURE.
Sr. Information Security Consultant
Crestech Software Systems
01.2010 - 01.2011
- Consultant for Information Security Management Systems (ISMS) and preparing organizations for ISO 27001:2005 audits
- Crafted Information Security Policies, Procedures, and Guidelines for clients
- Conducting Risk Assessments and internal audits aligned with ISO 27001:2005 standards
- Executed Risk Assessment, Application/Network Vulnerability Assessments, Penetration Testing, and conducting thorough reviews and designs for secure network architecture.
Information Security Consultant
ASG
01.2008 - 01.2010
- Consultant for Information Security Management Systems (ISMS) and preparing organizations for ISO 27001:2005 audits
- Crafted Information Security Policies, Procedures, and Guidelines for clients
- Conducting Risk Assessments and internal audits aligned with ISO 27001:2005 standards
- Executed Risk Assessment, Application/Network Vulnerability Assessments, Penetration Testing, and conducting thorough reviews and designs for secure network architecture.
Education
B. Tech computer Science and Engineering -
GGSIPU
01.2006
Skills
- SOP Adherence
- Risk Mitigation Strategies
- Internal Controls
- Root Cause Analysis
Certification
- CISSP - Certified Information Systems Security Professional, ISC2, Active
- CISA - Certified Information System Auditor, ISACA, Active
- CICP - Certified Industrial Cybersecurity Professional, Abhisam Software, Active
- EJPT - eLearn Security Junior Penetration Tester, INE Security, Active
- ISO27001: 2005 Lead Auditor and Lead Implementor, BSI, Expired
- Certified Payment Card Industry Security Implementer (CPISI), PCIDSSv3.0, SISA
Languages
Fluent in French (native), English; Conversational Proficiency in Chinese
Technical Skills
Java, PHP, Javascript, HTML/CSS, MATLAB
Area Of Expertise
- Cyber Security Audit
- Vulnerability Assessment
- Penetration testing
- Application Security
- Cloud Security
- Product Security
- Data Protection
- Network Security
- Technical Configuration Management
- Process Improvement and optimization
- Business Continuity
- Incident Management
- ISA/IEC 62443
- ISO27001/27002
- NIST Framework
- SOX /ITGC Testing
Personal Information
Title: Information Security Manager | Sr. Cyber & IT Auditor
Timeline
Sr. Cyber & IT Auditor
Honeywell International (I) Private Limited
01.2019 - 01.2023
Manager - Information Security
Infosys Ltd
01.2014 - 01.2019
Sr. Information Security Consultant
Crestech Software Systems
01.2010 - 01.2011
Information Security Consultant
ASG
01.2008 - 01.2010
B. Tech computer Science and Engineering -
GGSIPU
Similar Profiles
SAGAR GOYALSAGAR GOYAL
Accountant at Private LimitedAccountant at Private Limited
Saddam HussainSaddam Hussain
Sr Project Engineer at Private LimitedSr Project Engineer at Private Limited
Ivie AghariaIvie Agharia
Self-employed hair business Owner at ISelf-employed hair business Owner at I
MANSI PANDYAMANSI PANDYA
Cyber security auditor at 360 Smart NetworksCyber security auditor at 360 Smart Networks
Dedrick Pearce BineyDedrick Pearce Biney
Cyber Security Auditor at Verigent Inc.Cyber Security Auditor at Verigent Inc.