This resume summarizes the professional experience of an Information Security professional with over 13 years of experience implementing security standards like ISO27001, PCI-DSS, and SSAE 16. The candidate's current role involves automating security controls, managing audits, and leading a team as the IT-GRC Domain Area Lead Manager. Prior experience includes security roles at Bharti Airtel, Capco Technologies, and other companies managing security operations, audits, risk assessments, and projects.
ISO 27001 Security Professional with 13+ Years Experience
1. MO H A N .M
Mobile #: +91 9845062412 | Email: m.mohanswamiy@gmail.com | www.in.linkedin.com/in/mohanswamiy
INFORMATION SECURITY / NETWORK SECURITY / DATA CENTRE /IT SECURITY
PROJECT MANAGEMENT
RESUME SUMMARY:
Information Security professional with 13Years experience in designing,developing,implementing and monitoring the
Security Controls and practices for ISO27001, ISO22301, ISO18001, TL9000, PCI-DSS, and SSAE 16 Standards.
Implementing IT Governance Framework COBIT, ITIL and ISO 31000 to create value from IT for enterprises. Leading
team to integrate tools, automating controls for SOX Operations and IT-GRC Application solutions in Metricstream.
Managing Internal and External Audit Certification Programs.
In-depth Knowledge and hands on experience in performing Information Security Risk Assesment, Security Incident
analysis, vulnerability Assessment, Penetration testing, Data security and Privacy controls review. Conducting internal
audits and manage Client Compliance audits.
OBJECTIVE: To ensure information processing assets are adequately protected aligning with enterprises security
objectives and business initiatives in maintaining confidentiality, Integrity, availability and privacy of dàta through
technology and compliance standards.
ISMS, BCMS, TL 9000, OHSAS 18000, SSAE 16, SOC 1,2,3, COBIT, ITIL and SOX Audit Compliance Management
Data Centre and IT Infrastructure Security Compliance Management
IT-GRC UCF Controls Automation Project Management
SOX Operations, IT Risk Management, Client / Vendor Audit Management
Security Ops and Project Team Management.
Capco Technologies pvt Ltd.–Bangalore as IT-GRC Domain Area Lead Manager from February 2014
till date
Company Brief: Capco Technologies pvt Ltd is a global business and technology consultancy dedicated solely to the
financial services industry. Capco is specializes in six financial services sectors, Banking, Capital Markets, Finance- Risk
and Compliance, Insurance, Technologies and wealth and investment management.
Roles:
- Develop IT Security Strategic Plans and Implement the objectives of Organizational Information Security needs.
- Develop Audit Program, conduct and Manage Internal / External Certification Audits.
- Subject Matter Expert ISMS/BCMS and Client Compliance Management.
- Lead Manager for IT GRC Project and Security Operations domain.
Responsibilities:
- Design and develop Information Security Policies, Process and OperatingProcedures, Templates and
Compliance Metric Score card formats/Reports
- Identify the key Business Critical Information processing Assets across organization and develop risk assessment
methodology as per ISMS, COBIT and ISO31000 Frameworkin IT GRC Application Solution.
- Identify Threats,Vulnerabilities and weakness from Risk Assessment process across theGlobal Operations
locations,map the Risks Associated with Business assets and develop risk mitigation project plans toclose the
identified gaps in Metricstream Applications Solution.
Skill set Synopsis
2. - Develop Project Charter,Monitor theimplementation cycle, review the project progress compliance metric
scorecard through e-GRC Application and publish GRC Compliance Scorecard to top management and stake
holders.
- Monitor and Review of weekly Security Incident and reporting with stake holders per SLA.
- Monitor and review Security Events and Incidents from SIEM tool, identify potential threats and vulnerabilities
that effects the assets/ IT environments and generate client specific threat reports.
- Measure Risk process Compliance deviotion level of business critical Information processing assets patch, Data
Leak Prevention, change management from Symantec altiris, RSA Tripwire as per ITIL process.
- Scan IT infrastructure devices (firewall, routers, switches, proxy’s Operating system, applications and database
etc.) using NESSUS and Qualysguard tools to identify vulnerabilities and benchmark with industry leading
practices and procedures of NIST and ISO Standard.
- Recommend remediation with corrective action plan Supporting IT Operations team across all locations.
- Lead and Manage Certification audits of ISO 27001, ISO 22301, SSAE 16, SOC Type 1, 2 and 3 Audit.
- Develop and conduct Internal Audit as per schedule and reporting audit gaps report to CISO.
- Develop and Manage Client Compliance and Certification requirements in IT GRC Application Solution and
publish reports to functional Coordinators through e-GRC application automated solution.
- Plan BIA for existing and new projects and take sign off from process owners annually.
- Ensure BCP exercise conducted as per plan and suggest the improvement from gaps identified.
- Involve in site evacuation exercise and event crises management activities.
- Conduct Information Security awareness training to employees.
- Support in creation of security related technical presentations, compliance reports, risk dashboard and security
metrics etc for internal and client executive briefing.
- Support Business team in preparing response to Client Compliance documentation for financial services Clients.
E-GRC Project Management in Metricstream Application Solution:
- Automating of IT Audit Process in Metricstream
- Automating Information Security Policy documentation version, release and approval in Metricstream DMS.
- Developing Security Incident Management Automation process in Altiris Application.
- Conducting Internal Audit for IT Security Operations as per Schedule, Reporting gaps to management,
Monitoring identified controls gaps closer and reviewing.
- Measuring Audit report Compliance and Publishing audit reports to senior management .
Bharti Airtel Ltd, -Circle Network Security Head (November 2011 till January 2014)
Company Brief: Bharti Airtel Limited is a leading global telecommunications company with operations in 20 countries across Asia
and Africa. Head quartered in New Delhi, India. Bharti started its telecom services business by launching mobile services in Delhi
(India) in 1995. Since then has emerged as one of the top telecom companies in the world and is amongst the top four wireless
operators in the world. Bharti group operates under the ‘Airtel’ brand in 20 countries across Asia and Africa– India, Sri Lanka,
Bangladesh, Seychelles, Burkina Faso, Chad, Congo Brazzaville, Democratic Republic of Congo, Gabon, Ghana, Kenya, Madagascar,
Malawi, Niger, Nigeria, Rwanda, Sierra Leone, Tanzania, Uganda, and Zambia. Over the past few years, Bharti has diversified into
emerging business areas in the fast expanding Indian economy. The group offers a complete portfolio of – life insurance, general
insurance and asset management to customers across India.
Responsibilities:
Managing Circle Telecom Networksecurity architecturefor all technology platforms.
Ensure theExternal and internal riskassessment & compliance
Managing Core Nodes Technical LAN/WAN NetworkOperations
Telecom regulatory Compliance of circle operations
Leading ISO 27001,ISO22301, TL 9000,and OHSAS 18001 Internal & External Audit team
Managing Core Telecom Data Centre compliances
Managing LIS/LIM systems
Monitoring and maintainingappropriatesystem information access levels and security privilege
Third Party Audit and Risk Assessment.
ISMS Training & Awareness to all the employees of the organization all across the circlelocations.
3. Information Security Risk and Incident Management
ISMS Team Management to keep check on activities of all processes as per theISO27001 standards toensure the
compliance and technical assessment need to be carried out by the team.
Fire & Safety Audit for the organization toensure the safety compliance set by the team.
Business Continuity Management for theOrganization and testingthe same at required intervals.
Project Management
Implementation and Security Incident and Event Management System with all core networkelements (SIEM)
Migration of BS25999 BCMS standard toISO 22301 Standards Certification and Process.
Sparsh BPO Services Ltd, (Serco Group Plc). Bangalore, Manager ISMS –South (July 2008 to October
2011)
Company Brief: Currently a part of Serco Group PLC, Sparsh BPO Services Ltd is recognized as a leading Business Process
Outsourcing company in the Indian market. With 8 locations across India and 18 facilities, the company provides end-to-end services
covering contact center management, back office processing, finance & accounting, HR & payroll processing and technology support.
Key Responsability:
Manage IT security operations comprising4 Delivery locations with over 5000 Seats whileDeveloped and driven
Information Technology (IT) strategy tosupport theinformation security objectives,strategies and processes of the
business and the integration of IT into business plans.
Vulnerability Assessment,configuration bench marking, Network Scanning, complianc and gap analysis of Network
devices and servers
Audit IT systems across south centers for compliance management and certification.
Manage 6C compliance for management review and timely mitigation of risks.
Implementation of security-related technologies such as intrusion detection systems, authentication systems and
access control, Anti-Virus, content filtering and various other counter measures in accordance with ISM standards.
Periodic review of ISO27001 policy, procedures and guidelines.
Lead Internal and External audit for ISO27001 certification.
Incident and Problem Management. Endpoint Security,Identity Management,
Key Achievements:
Successfully transitioned security measures of bankingprocess to newly expanded operations centre.
Developed Security Cultureand Staff Security Awareness Program,Risk Assessment and management of ISO 27001
across organization
Migration of business process to new center of 1000 Seats without down time
Consistently maintaining100% complianceof Antivirus & WSUS Patch Servicedelivery uptime of 99.5% consistently.
TVS Motor Company Ltd., Hosur, Assistant Manager – Information Security (June 2003 - Jul 2008)
Company Brief: TVS Motor Company Limited, which is part of TVS Group, manufactures motorcycles, scooters, mopeds and auto
rickshaws in India. Over the years TVS Motor has grown to be the largest in the group, both in terms of size and turnover, with four
state of the art[6] manufacturing plants in Hosur, Mysore and Nalagarh in India and Karawang in Indonesia. TVS Motor is credited
with many innovations in the Indian automobile industry,
Responsibilities Profile:
ISO 27001 ISMS Information Security policy, procedure design, implementation across organisation locations.
Active directory policy, Antivirus, patch management, ISS/IPS monitoring and devices management.
BCP and SPOF management
Data center design, Deployment and compliance management.
Active Directory, DNS/DHCP/WINS Servers, and WSUS patch management Server and Symantec Antivirus Server
with proactive incident management
Design deployment and Administration of Domino6.5 Mail Server on Windows2K3/Linux OS
Data center designing of space, capacity, ups power, cooling and physical security planning and deployment.
Deployment and management IPS/ISS Alteon 5109 Checkpoint Firewall / Proventia G200.
Storage Array Network box management with VERITAS and backup policy.
Planning, design, deployment and configuration management of WAN/LAN Routers /Switch (38XX/26XX) /L3&L2
(4507R/37XX/35XX/29XX) ACL.
4. Managing the NOC with the help of 24*7 team
Penetration Testing and vulnerability assessment-Network, Host, Applications
Firewall, VPN, IDS and related network security design and implementation.
Slash Support (I) Pvt Ltd. Chennai Sr.System Administrator, (June 2002 - May 2003)
Company Brief: Slash Support is global IT Enabled service provider; Outsourcing Company provides a wide range of solutions
which include Customer Interaction Services, Transaction Processing Services and a comprehensive Technology consumer’s technical
support.
Responsibilities:
Managed all aspects of the IT requirements for the company including IT infrastructure planning, budgeting and
designing technology roadmap for the BPO operations; Designed & customized technology solutions according to
customer requirements while handling a team of telecom specialists; Managed disaster recovery plan & development of
operational procedures and process planning; Provided 24/7 support for LAN/WAN & Voice Networks.
Inabling Technologies Pvt Ltd. Chennai Manager POP Services, (July 2001 – May 2002)
Company Brief: Inabling Technology is the IT Enabled Telecom service Provider Company provides communication services to
end user in a cost effective transaction Processing Services and a comprehensive Technology consumer’s technical support.
Responsibilities:
Heading the state POP services centers at Madurai, Salem & Trichy for Technical operations
Design and implementation of project for expansion of Network across state data traffic analysis, forecasting
additional resources towards expansion of Network.
Technical Problem Analysis, support and providing solution, Conducting Technical Training for sales/Technical
Team on product up gradation & new products
MIS report generation, Analysis of QOS and CRM support function for customer Satisfaction and Pre sales
Presentation & demonstration to corporate client for product Sales.
Pacific Internet India Pvt Ltd. Chennai Network Operations Engineer (May 2000 – June 2001)
Company Brief: Pacific Internet India Pvt Ltd is the leading Internet Services provider in Singapore with unique needs
including High Speed Internet Access, IP VPN, Co-location and hosted email services.
Responsibilities:
Installation,configuration and Management of Cisco Router 36XX/ AS5300 RAS / 20XX switches for ISP operations.
MaintainingE1 / E1R2 /PRI Links /Systems between NOC and BSNL (STM1) Build of CorporateLease Lines between
NOC and customer premises in Co-ordinatewith BSNL/VSNL (gateway Service provider)for getting Dedicated E1
link/E1R2/PRI/BRI lines and AT Clearance/Approval/sanctions for Chennai NetworkNode
Implementing systems/procedures for day-to-day monitoring(24X7)to ensure Networkup time 99%
Capacity planningof infrastructuretoaccommodatethe expansion of customer baseand Network optimization for
efficient bandwidth utilization Project Management:
Executed the ISP project for Pacific Internet (I) Pvt. Ltd. in Chennai ,
NOC Acceptance Test with BSNL (AT Wing) for ISP operations
Telesistems India Pvt Ltd. Chennai Sr.Technical Engineer (July 1995 – April 2000)
Responsibilities:
Installation,Configuration,Troubleshooting and Administration ofCall Center Servers Win NT Server4.0,SCO UNIX
Server and Peripherals & its Devices.
Heading the Technical Department for O& M, Product Service/Support after Sales.
Operation and Maintenance of Radio Paging Network(UHF/VHF Equipment's and Antenna)
Radio Paging NetworkPlanning, Survey,Field Measurements, and NetworkVerification and Optimization
Liasoning with Government Authorities for SACFA Clearance and Approval and Connectivity of pa ging Lines (DOT,
IMS)
Achievements:
Involved in settingup of Paging Control Terminal, Repeater Station TX/ Rx Equipment's, digital Switchingexchange
and Message Handling system.
MicrowaveSurvey,Planning, and Execution of Radio Paging Project at Chennai.
5. WS Telesystem Ltd. Bangalore Sr.Technical Assistant (Sep 1990 – June 1995)
Responsibilities:
First level Servicing of C-Dot EPABX
Card level testing& Servicing
Planning & Coordination with sales and Production for Spares delivery.
PGDIT in Information Technology from symbiosis.
Diploma in Electronics and Communication Engineering with first class from Board of Technical Education Chennai.
ISO27001 Lead Auditor - IRCA Certified Information Security Management System Lead Auditor
(IRCA License No.ENR00089859)
ISO22301 Lead Implementer - BSI Certified Business continuity Management System Implementer
(BSI, License No.ENR00068054)
Certified Ethical Hacker (EC COUNCIL, License No.10992)
CDCP - EXIN / ICORE Accredited EPI Certified Data Centre Professional(License No.91130142109559)
Certified OCTAVE -Information Security Risk Assessment professional
Trained ITIL –V3 Foundation professional
CISSP - TUV Rhineland Certified professional
Sun Solaris 2.7 Certified Unix Administration - Radiant SoftwareLtd,Chennai
Technologies LAN & Wan Topologies, Frame relay,ATM, X.25, ISDN, Voice over IP
Hardware Compaq /HP, Dell & IBM
Voice Networking Avaya,Aspect, Verint,Avaya InteractiveVoiceResponse System,CMS
Data Networking Cisco/Juniper Routers,Switches,Data Encryption, X.25 Icon Gateways,Network
Access Controllers & NetworkManagement Centre
Access Gateway Alcatel 3600/7270 & 7470 Multiplexers
Operating Systems, NMS &
Content Filtering
Windows,Linux, NetIQ & WebSense
Network Security Solution Firewall,IDS, SSL & VPN, Cisco, Juniper , Retina Network Security Scanner,SSH,
Symantec AV, Mcafee,
Network Security Tools Audit pro, Nessus, Nipper, Nmap, and Solar Wind, MBSA
Mailing Services MS Exchange, Lotus Notes.
Passport Number Z3111194 Valid till 30th Dec 2024
Languages Known English, Hindi, Kannada, Telugu and Tamil
Date of birth 2nd June 1969
Present Address Flat # 101, First Floor, C-Block, Seven Hills Chariot Apartment,Brindavannagar,
Hosur. Tamilnadu -635109.
Hobbies Reading books, listening music,watchingTV and playingindoor games
*** Note: References: Available Upon Request
PROFESSIONAL CERTIFICATION
EDUCATION
TECHNICAL COMPETENCY
Personal Details