IT Professional with 5 Years of Experience in Information security auditing & IT compliance. Area of Experience in PCI DSS, ISO 27001, GECSP and ITGC, SSAE 18( SOC 2) and also client audit. Perform internal audits, risk assessment, risk mitigation, VAPT and also Configuration Audit for Network devices, MSA agreements review and also review & updates of IT security policy, procedures etc. Excellent analytical, problem solving and organizational skills. Ability to read and interpret business terms and conditions, contracts, and laws. Strong attention to detail with abilities to coordinate activities and multi-task.
Experience
Tech Mahindra
Feb 2022 – Present
Chennai
Senior Security and Privacy Analyst
Performing Internal Audits based on schedule basis and coordinating with respective team for the observation closure.
Facilitate PCI DSS, ISO 27001and SSAE 18 (SOC 2) audits and also client audit.
Documentation review and Management
Preparation of audit calendar on monthly basis and rollout to the respective team.
Publish the Monthly Audit reports to the top management.
Ensure that all incident Tickets and Change request are closed and working on streamlining the service request approval flow.
Photon Interactive Private Limited
Mar 2020 – Feb 2022
Chennai
Senior IT compliance Analyst
Teleperformance
Jun 2017 – Mar 2020
Chennai
Security Analyst
Facilitate PCI DSS, ISO 27001, GECSP and ITGC compliance audits.
Performing Internal Audits based on schedule basis and coordinating with respective team for the observation closure
Facilitate and Remediation of ASV scan and external penetration testing.
Perform vulnerability assessment and penetration testing using tools such as Nessus Scanner, Nmap , Burpsuite & Qualys.
Configuration Audit for Network devices Using Nipper tool.
Manage Security Systems or applications:
Arcsight SIEM - Device Integration and Log management and Review and investigate of arc sight alerts.
Tripwire - Monitor the Network configuration changes with proper change request.
McAfee EPO console - End point protection management
Manage the TP policy GRC tool to collect and review of control evidences and ensure that TP policy and GECSP Control requirements are met.
Perform IPS & Firewall benchmarking and also review of firewall ACL ruleset.
Documentation review and Management
Update of IT Policy & procedure.
Annual review of IT policy
Review of MSA agreements to ensure that client’s information security requirements are met.