Summary
Overview
Work History
Education
Skills
Certification
Disclaimer
Personal Information
Residing Location
Languages
Timeline
Generic

Santhosh Kumar Nagarajan

Bangalore

Summary

Professional with over 14 years in information and cyber security, specializing in technology risk assessments, security architecture reviews, and compliance evaluations. Proven track record in conducting vulnerability assessments and penetration tests for diverse industries, including banking and e-commerce. Expertise in testing web and mobile applications, ensuring robust security measures are in place. Committed to achieving goals through creativity and thorough follow-through.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Manager

Zeta Tech
Bangalore
07.2022 - Current
  • Led proactive team in executing internal audits and third-party security assessments, including PCI DSS and ISO 27001.
  • Designed and implemented templates for FOSS Risk Assessment, Product Risk Assessment, and Enterprise Risk Register.
  • Evaluated and integrated GRC Tool to meet Zeta's governance, risk, and compliance requirements.
  • Developed comprehensive policies and procedures for FOSS and product risk assessments.
  • Facilitated PCI DSS training for over 50 team members to enhance compliance awareness.
  • Established efficient processes for User Access Review and Risk Governance activities.
  • Performed detailed FOSS Risk Assessments, addressing technical and legal risks with treatment plans until closure.
  • Collaborated with management to devise quarterly resource allocation plans for optimal capacity utilization.

Senior Manager

Standard Chartered Global Business Services
Bangalore
05.2020 - 06.2022
  • Spearheaded team in risk reporting to identify, assess, monitor, and mitigate ICS risks.
  • Acted as backup lead to ensure timely delivery of project milestones.
  • Conducted high-level assessments of security controls across various domains for compliance coverage.
  • Executed issue management process by validating issues from inspections and submissions to minimize bank risks.
  • Engaged stakeholders to ensure remediation of identified issues or control gaps within defined scope.
  • Validated evidence against implementation of action plans and tracked progress toward closure.
  • Tested secure handling of production data to confirm masking of personally identifiable information before migration.
  • Trained new joiners and conducted peer reviews, mentoring team on areas for improvement.

Team Lead

Ocwen Financial Solutions Pvt Ltd
Bangalore
12.2018 - 04.2020
  • Executed Risk and Control Self-Assessment across multiple domains, including Information Security Operations and Software Development Services.
  • Conducted risk assessment and control testing to evaluate effectiveness of controls.
  • Presented assessment results to stakeholders, registering identified risks in Metric Stream for management and mitigation.

Assistant Manager

PricewaterhouseCoopers Pvt. Ltd.
Bangalore
10.2014 - 12.2018
  • In a leading Australian Bank, I handled the team and was responsible to assess and identify the information and technology risks during the design and implementation phase of a project. I had understood the security aspects of the project design and identified the gaps related to security and suggested the solution architect to implement the control gaps in the banking environment. The risk was assessed for identified control gaps based on the CIA ratings of the information assets. Once the risk assessment was completed, the results were presented to the business stakeholders and educated them to understand the importance of the control requirements and help them to take the right design.
  • Performed the detailed security design review to identify the security control gaps for the implementation of new hardware and software for PAS and implemented the core components and relevant controls. The assessment outcomes help the business to implement the solution successfully by having all the required controls in place to make the system robust.
  • Conducted risk assessment for outsourcing share investments to the third party. Based on the outcome of the audit, we have identified various risks that could impact the business and bank reputation. We have recommended implementing appropriate controls to ensure the protection of bank customer information as per the industry best practice.
  • I had performed vulnerability assessment and penetration testing for all public IPs and Internal IPs which includes web application servers, database servers, etc. to identify OWASP Top 10 vulnerabilities and provide them a detailed report.
  • I had conducted a configuration review on their network parameters to identify the control gaps in their configuration.
  • I have performed web application and mobile application testing for all public facing applications and internal applications to identify OWASP Top 10 and SANS Top 25 vulnerabilities and provided detailed reports with mitigation steps.
  • I had performed a third-party assessment to identify the risks and a security control gap which helps the client to understand the risks introduced by their vendors.

Senior Associate Consultant

SISA Information Security Pvt. Ltd.
Bangalore
04.2011 - 09.2014
  • Adept at conducting security risk assessment, risk management, Business Impact Analysis, Security audits, developing & implementing security policies.
  • I have done PCI DSS Assessment for various clients like E-Commerce, BPO, etc.
  • I have done a handful of Internal and External (ASV) vulnerability assessment and penetration testing for various clients like Information Technology related organizations, online shopping, Telecom Service provider, Banking sectors, Airlines, Mobile manufacturer.
  • I have a good experience in Mobile and Web Application security assessment for clients like ecommerce, various payment gateways, Government sectors, etc.
  • I have enough knowledge in vulnerability assessment and penetration testing tools like Nessus, QualysGuard, Nexpose, IP watcher, Nmap, Metasploit, Backtrack, etc.

Junior Server Admin

Square Brothers Information Technology Pvt. Ltd.
Chennai
08.2010 - 03.2011
  • Support Web Server issues. Includes logging into the web server, monitoring the Users, Server processes, File system utilization. Log messages and Network Utilization.
  • DNS issues. Including checking zone files for syntax; restoring default zones; and checking legitimacy of hosts in zone. Email issues, such as failure to send, failure to receive, excessive queuing, and multiple delivery. Required to check logs and analyze configurations.
  • Responding to tickets raised by customers. Tickets range from issues in individual accounts to server wide issues (usually on Dedicated Servers).

Education

PG Diploma - Information Security and System Administration

DOEACC Center
Calicut, Kerala
01.2010

Bachelor of Technology - Information Technology

Sudharsan Engineering College
Pudukkottai, Tamil Nadu
01.2009

HSC -

E. R. Higher Secondary School
Trichy, Tamil Nadu
01.2005

SSLC -

E. R. Higher Secondary School
Trichy, Tamil Nadu
01.2003

Skills

  • Microsoft Windows and Linux platforms
  • Security auditing tools
  • Risk and vulnerability assessment
  • Access control strategies
  • Policy development and compliance

Certification

  • Advanced Auditing for CSA STAR Certification
  • QCGS (Qualys Guard Certified Specialist)
  • CPISI (Certified Payment Card Industry Security Implementer)
  • Certified in Cyber Security from ISC2

Disclaimer

I hereby declare that all the information furnished above, is true to the best of my knowledge and belief.

Personal Information

  • Date of Birth: 11/28/87
  • Nationality: Indian

Residing Location

Bangalore, Karnataka

Languages

Tamil
First Language
English
Upper Intermediate (B2)
B2

Timeline

Manager

Zeta Tech
07.2022 - Current

Senior Manager

Standard Chartered Global Business Services
05.2020 - 06.2022

Team Lead

Ocwen Financial Solutions Pvt Ltd
12.2018 - 04.2020

Assistant Manager

PricewaterhouseCoopers Pvt. Ltd.
10.2014 - 12.2018

Senior Associate Consultant

SISA Information Security Pvt. Ltd.
04.2011 - 09.2014

Junior Server Admin

Square Brothers Information Technology Pvt. Ltd.
08.2010 - 03.2011

PG Diploma - Information Security and System Administration

DOEACC Center

Bachelor of Technology - Information Technology

Sudharsan Engineering College

HSC -

E. R. Higher Secondary School

SSLC -

E. R. Higher Secondary School

Similar Profiles

CREATE PROFILE
Santhosh Kumar Nagarajan