Saurav Kumar Jha

1. Information Security Strategy
- Developing and maintaining an information security strategy that supports business objectives and aligns with industry standards
- Identifying potential security risks and vulnerabilities and developing strategies to mitigate them
- Staying up-to-date with the latest information security trends, technologies, and regulatory requirements

2. Policy and Procedure Development
- Developing, implementing, and maintaining information security policies, procedures, and standards.
- Ensuring policies and procedures are communicated effectively to all relevant stakeholders.
- Regularly reviewing and updating policies and procedures to address emerging threats and changes in the business environment.

3. Risk Management
- Conducting regular risk assessments to identify and evaluate potential security risks.
- Developing and implementing risk mitigation strategies and controls.
- Monitoring and reporting on the effectiveness of risk mitigation efforts to senior management.

4. Security Awareness and Training
- Developing and delivering security awareness programs to educate employees on information security best practices.
- Conducting regular training sessions to ensure employees understand their roles and responsibilities regarding information security.
- Fostering a culture of security awareness and compliance throughout the organization.

5. Incident Response and Management
- Establishing an incident response framework to respond to and manage security incidents effectively.
- Lead incident response efforts, including containment, investigation, and remediation.
- Coordinate with relevant internal teams and external stakeholders during security incidents.

6. Compliance and Audit
- Ensuring compliance with relevant industry regulations and standards such as PCI-DSS, ISO 27001, SOC 1 & SOC 2
- Coordinating and supporting internal and external audits related to information security
- Address audit findings and implement corrective actions as necessary
- Responding to new client-driven RFPs, RFIs, and external security/privacy questionnaires

7. Vendor Management
- Evaluating the security posture of third-party vendors and service providers
- Developing and maintaining robust vendor security management processes, including due diligence and ongoing monitoring

8. Security Governance
- Establishing and chairing the information security governance committee
- Providing regular updates and reports on information security status to senior management and stakeholders

9. Infrastructure Security Management
- Implemented network security equipment, including firewalls, two-factor authentication, and DLP solutions
- Administering and managing day-to-day operations of the IT infrastructure
- Developing document design specifications, installation instructions, and other system-related information.

- Conducting internal audit within the payment card organization as per the ISO 9001:2015 and ISO 27001:2013 standard.
- Performing Audit by Coordinating with Project Management Team, HR Team, Administration and IT Team to ensure the work goes as per policy and standard without any breach of information security.
- Worked as assistance to Chief Compliance Officer/ General Manager in managing the CIA of the organizational information while performing audits.
- Provide training on Information Security at various level employees in Organization.
- Authentication Server Log monitoring & validation.

- Access review of employees depending upon their job profile.

- Follow-up of audit finding, Risk Management and make sure that findings are closed as per the SLA.