VIPIN GUPTA

As a BISO for Allstate India, I :

• Integrate security into business processes to help protect assets and build trust with Business Units and stakeholders.
• Identify, assess, and mitigate organizational security risks as part of Risk Management.
• Create, review, and implement security policies and controls in collaboration with the Information Security Teams.
• Serve as the primary security liaison for the leadership team and business executives in communications regarding security requirements, decisions, and incidents.
• Monitor compliance to ensure adherence to security regulations and standards.
• Manage and coordinate responses to security incidents.

In addition to the core responsibilities, I am also required to:

• Lead and manage the Allstate Information Security vertical at Allstate India, which includes the Global Security Fusion Centre, Identity and Access Management, and Governance, Risk, and Compliance functions.
• Support all Information Security-related activities and strengthen the Information Security posture of Allstate India.
• Align the Enterprise Information Security goals and objectives with those of Allstate India.
• Collaborate with Business on reviewing and validating Information Security requirements and controls.
• Responsible for training and creating awareness of Information Security best practices among employees at Allstate India.
• Review the implementation and monitoring of cyber security programs for Allstate India.

Manage Information Security Governance, Business Continuity and Security Operations and Identity and Access Management for Ocwen and it's subsidiaries.

• Spearheaded strategic planning initiatives, aligning organizational objectives.

• Enhanced operational efficiency by implementing process improvements across departments.

• Developed talent management programs to nurture employee growth and retention.

• Oversee the organization's security budget, negotiating high-value contracts and securing advantageous outcomes.

• Facilitated the adoption of automation in security operations, streamlining processes and enhancing efficiency across the organization.

Governance Risk and Compliance:

• ISO27001 and ISO22301 framework implementation and certification activities.
• Business Continuity program implementation including Risk Assessment/ Business Impact Analysis, Recovery Strategy, Training and awareness and Testing exercises
• Responsible for Crisis Management and provided leadership for coordinated response in ensuring employee safety and continuity of critical business operations during incidents
• Governance on User Access Management and Review of regular and privilege access.
• Threat Intelligence from top industry sources and issuing advisory to internal IT team and third-party vendors
• Training and Awareness campaign to improve Information Security awareness within organisation
• Policy and procedure update, implementation and testing with Business
• Risk Assessment and Treatment based on defined thresholds
• Incident management for Information Security incidents within organization and Vendors
• Exceptions management process for privilege access and policy exceptions
• Define metrics to measure effectiveness of Information security controls and report as part of dashboard for CISO and CRO
• Issue Management of identified Information Security Risks through Governance Risk Management and Compliance tool

• Regulatory compliance with NYDFS and other compliance requirements.

Security Operations:
• Cyber Security Threat monitoring and Threat management
• Incident Management and Response
• Vulnerability Management program
• Application Security program
• Web traffic and Email monitoring
• Zero day threat management

• Spearheading Information Security domains including Security Operations (Network & Peripheral), Identity & Access Management, Information Security Governance & Compliance and Business Continuity
• Defining vision, leadership and development of Governance, Risk and Compliance (GRC) Program
• Advisor to Enterprise Risk Committee on risk management issues including risk assessment, analysis and mitigation
• Manage end-to-end delivery of Information Security program
• Driving compliance and governance activities with IT and business stakeholders
• Managing Security Operations and Incident Management
• Represent Ocwen's during External audits from Regulators, Investors and Rating agencies
• Define effort estimation, budget, statement of work and control definitions
• Review contractual and regulatory requirements for all third-party engagements
• Business Continuity and Resilience program for organization
• Identity and Access management program including governance
• Creating & driving high performance teams for managing complex IT Security solutions
• Define and report metrics for CISO & CRO dashboards for effective Information Security management
• Collaborated closely with peers from other departments to drive organizational success jointly as one cohesive unit
• Demonstrated exceptional adaptability in navigating complex situations or rapidly changing environments with ease

• Peripheral Security and Identity & Access Domain
• Information Security Governance
• ISO27001 and ISO22301 Framework Implementation and Certification Operations
• Cyber Security Threat Monitoring and Threat Management
• Incident Management and Response
• Vulnerability Management Program
• Application Security Program
• Perimeter Security of the network
• Threat Monitoring and Management
• Daily Ticket Management and Operations
• Web Traffic and Email Monitoring
• Security Patching for Zero Day Vulnerability

• Managed large scale operations with a team size of 340 Agents, 25 Team Leaders and 5 Assistant Managers at Ocwen's Customer Care/Collections Center
• Developed an inhouse Collections team focussing on high delinquency accounts
• Directed the Business Continuity Plan and the Disaster Recovery Plan for all sites across the globe for Customer Care Centre
• Ensured tests were performed periodically for the Business Unit and the results were published on-time
• Led the Information Security Audit at Customer Care Centre for ISO 27001 certification; worked with asset register and risk analysis framework for adhering to the confidentiality, integrity and availability of all assets

• Instrumental in the designing and implementing a suite of tools and metrics for eliminating manual data collation, process level rework by improving input quality, forecasting tools to build resource optimization models
• Collaborated with Operational Heads, Customer Groups & Business Service Heads across regions for realizing metrics framework, evaluating work nature and recommending appropriate metrics for risks mitigation and healthy & profitable business
• Worked for standardizing the metrics and automating the reports to measure operational, employee and business performance across region

• Directed the daily operations of Collections Contact Center with over 100 Full Time Employee (FTEs) and 8 Assistant Managers in front-end collections; delivered the Management Information and Six Sigma Projects for the Collections Centre of Excellence (CoE) with over 450 FTEs in additional role
• Collaborated with the Management and Dialer Team for devising the dialer strategy, shift scheduling, penetration targets, prime time occupancy to achieved the set business objectives
• Guided the team through coaching excellence and implementing the best practices by tunings within Operations and Skills Development Team to attain better customer experience
• Accomplished appropriate staffing levels through assessing the attrition and hiring backfill level ensuring no impact to business and no potential revenue loss
• Drove the Business Information Security Office (BISO) through: Executed Information Security policies across all global collections CoE
• Accomplished the Risk Assessment for the Business Unit at all global collections CoE
• Collaborated for business impact analysis and business continuity plan activities for the CoE as a Business Continuity Champion
• Coordinated with the Business Continuity Team and Business units in Collections CoE for performing the call tree exercises and stress tests as an annual activity
• Managed the MIS: Used analytical skills for interpreting performance and receivable data resulting in strategizing the action plans for meeting the set goals and mitigating the potential risk
• Recognized and combined key performance indicators; standardized performance measurement system across Collections CoE
• Successfully implemented the Six Sigma Projects and accomplished: Overall operating efficiency from 48% to 71% aiding team to absorb new migration of 22 FTE within the existing FTEs
• Improved the occupancy & utilization by 18% and 13% respectively resulting in deriving a benefit of 7.5 FTEs and 11 FTEs
• Decreased in the Loan Impairment Charges for the high risk bucket by $1.4 million for 2010
• Optimized the right party contact from 0.22 per hour to 0.45 per hour generating total benefit of $1.2 million a quarter in Loan Impairment Charges in 4th quarter of 2011
• Increased update % on vendor skip accounts from 38% to 75% for increasing total dollars collected by $69000 for 2nd quarter in 2011

• Managed a team of 12 Customer Service Executives (CSE) for a high voice process and lead them to achieve daily team and individual targets
• Responsible for managing the management information for a department of 268 FTE's and provided the same to the higher management
• Solely responsible for performance management and goal setting for the department