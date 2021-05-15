Successfully reported this slideshow.
May. 15, 2021

Pankaj's CV Information Security GRC Professional

Thanks for checking out my CV. Feel free to contact me on pankaj.soni2@live.in | +919958684517.

  1. 1. Pankaj Kumar Flat No. A4/1902, Casa Greens 1, Greater Noida West, UP, 201318, INDIA Phone: +919958684517, Email: pankaj.soni2@live.in OBJECTIVE 10 years experienced Information Security Professional who is extremely proficient in ensuring security of Organization Information Systems. Adept at Third Party Risk Management, Compliance Assessment, ISMS Audit, Information Security Governance etc. Seeking an Information Systems Security / Governance Risk Compliance (GRC) role where I can apply analytical, technical & innovative skills to ensure ISMS & its objectives across organization and/or clients. HIGHLIGHTS  Approx. 8 years of experience in Information Security domain  Advance level experience in Third Party Risk Management, Complianc e Assessment, ISMS Audit (ISO 27001:2013, SSAE16 etc.) and Information Security Governance  Extensive experience in Configuring Technology Compliance & Performing Risk Assessment  Strong knowledge of Standards and Regulatory Compliance i.e. ISO 27001, GDPR, HIPPA, PCI etc.  Strong knowledge of Industry best practices and frameworks i.e. CSA, NIST CSF, NIST Risk Management Framework, CIS benchmarks, CyberSecurity Maturity model etc.  Extensive experience in Gateway, Network, Endpoint, Mobile & Cloud Security  Extensive experience in planning & implementing Security systems  Extensive experience in Vulnerability & Threat management  Handled heterogeneous IT projects  Strong work ethics TECHNICAL SKILLS  Good Experience in TPRM tools i.e. RSA Archer, Process Unity, Atlas SecurityScorecard etc.  Proficient in Information Systems Security – Threat & Vulnerability Mgmt., OWASP, Secure SDLC, (Nessus, Nmap, Burp Proxy tool etc.), Third Party Risk Management, Identity & Access Mgmt., Security Information & Event Mgmt. (SIEM), Security Operation Centre etc.  Strong knowledge & experience of SSAE18, ISO 27001:2013 audit, Information Security Policies, Procedure documentation, Incident, Problem & Change Management  Expertise in Gateway Security – Cisco ASA, Fortigate, Checkpoint etc.  Business Continuity Management – Business continuity planning, BCP DR Drills, Business risk assessment (IT Prospective) etc.  Great understanding of entire IT Infrastructure – Network, Server, Application Server, Web Server, Database Server, Other IT Infra components etc.  Expertise in Wireless Technology – Ruckus Wi-Fi, Cisco Wi-Fi  Expertise in Endpoint Security - Symantec DLP solution, Symantec Endpoint Protection Suite, Symantec Endpoint Encryption  Expertise in Routing & Switching – Cisco Router, Cisco L2 & L3 Catalyst Switch (VLAN, Switching, VSS, ACL, HSRP, QoS etc.)
  2. 2.  Extensive knowledge of Monitoring tool like Manage Engine Application Manager, Nagios, GFI Languard, Solarwinds, Spiceworks etc. PROFESSIONAL EXPERIENCE Senior Specialist Aug 2019 – Till Now HCL Technologies Ltd., Noida, India Responsibilities  Performing Third Party Security Assessments (pre and post third party onboarding) for our overseas clients across multiple time zones  Working on TPRM tools such as RSA Archer, Atlas SecurityScorecard, ProcessUnity etc.  Issue management (identified during third party security assessments)  Performing Compliance assessments of Information systems (e.g. Windows Servers, Firewall, Network Devices, Anti-Virus etc.) against defined SOP/baselines to ensure compliance to respective standards  Ensure client delivery as per agreed contract deliverables and T&C  Develop and maintain relevant PIKPIReporting mechanism to let client aware about key data points and project stats  As part of Project Governance, conducting weeklymonthly meetings with client SPOC as well as client leadership  Share relevant data with billing team in order to raise invoice. Resolve billing dispute if any.  Time to time review of Technology and Process to find out scope of improvement and implement improvement to fulfill client’s requirement and keep pace with respective standards  Establish and maintain good relationship with client, ensure highest level of client satisfaction  Develop and Maintain respective SOP and Knowledge Base  Manage team (resource planning and management) Senior Consultant Jan 2018 – July 2019 Genpact Enterprise Risk Consulting, Gurgaon, India Responsibilities  Leading the Configuration Compliance team  Developing Configuration baselines for all Information assets to comply the required compliance certifications  Providing Information & Cyber security consultation to the enterprise clients  Working on Governance Risk Compliance projects (RSA Archer)  Performing Vendor Risk Assessments  Working on Cyber Security projects  Perform Application Security Assessments & develop required Security controls for implementations Senior Network Security Administrator Oct 2013 – Dec 2017 PeopleStrong HR Services. Pvt. Ltd., Gurgaon, India Accomplishments  Awarded as "Best Employee of the Month" for my outstanding performance over the month on a project in February 2015  Awarded by "Exemplary Teamwork Certificate" consequently in two quarters for playing best role among team and completing project in stipulated time-frame in July & November 2015  Achieved continues no NC in SSAE18 assessment audit since last 3 years Responsibilities
  3. 3.  Leading SOC team which ensure Information Systems Security across the organization, activities like: - Ensure appropriate security controls across all layers, Security awareness training, ensuring risks at acceptable level, ensure business operation without Security loophole  Ensure Information Security controls in place at PeopleStrong Datacenter hosted in AWS, Azure & NxtGen cloud  Alien Vault OSSIM SIEM solution administration, activities like: - Log collection from all nodes, Log analysis & correlation, Log archiving as per defined policy, Identifying Incident & take necessary action etc.  Vulnerability Assessment (OWASP, PCI etc.) & Penetration Testing of Server, Application, Endpoint & Network by using Nessus Professional tool, Burp Proxy, Nmap & other manual scripting.  Risk assessment, Threat & Vulnerability management etc.  Implementing & maintaining Security in Software development lifecycle – Risk assessment, Security as core in Application architecture, Enforcing security controls in SDLC process etc.  Actively involved in Client engagement with Sales & Transition team, activities like: - Filling Information Security questionnaire, providing asked documents, Conveying PeopleStrong’s Information security posture, Having Technical discussion, Facilitating Client audit etc.  Firewall/IPS Administration – Cisco 5555X, Cyberoam 1000iNG, 500iNG, Fortigate 110C (Firewall, VPN, Web, Application Filtering, IPS, QoS, Log Analysis etc.)  Leading NOC team which ensure maximum Network uptime & function  Network Administration & Management – Cisco 4500, 3750, 2960 catalyst switch, Ruckus Wi-Fi solution, Internet Links & MPLS link management  Conduct IT BCP Drill across organization to ensure all business continuity  Lead Internal & External IT Audit to ensure all controls to be in place  Symantec DLP Suite, Symantec Endpoint Protection Suite, Symantec Endpoint Encryption Administration & Management  Ensure all Network & Information Security Policy & Procedure, Diagram & other Documents updated  IT Project Management which includes IT Infrastructure, Network, Server, Endpoint, Physical & Logical security setup  Handling Vendor Management, Change Mgmt., InfoSec Incident Mgmt. & Problem Mgmt. Senior Client Support Engineer Feb 2012 – Sept 2013 Smart Integrated Systems, New Delhi, India Responsibilities  Firewall Administration - Fortinet 110c, 60c, 50b, FortiAnalyzer  Network Administration – LAN, WAN, Cisco Catalyst 3560, DLink switches, Cisco Linksys WAP (VLAN, ACL, TCP/IP, SNMP, QoS etc.)  Server Administration - DC, DNS, DHCP, Mail, SQL Server, Antivirus Server on IBM Blade Centre HS22 (Creating deleting Users, Making Group Policy, creating deleting Email IDs, Making Alias of Email IDs etc.)  Storage & Backup Administration  200-250 Desktop & Laptop user over three regional offices administration with up to 5-member team.  User end Application Administration - Tally ERP 9, HR Portal, Oracle D2K, ERP, E-TDS etc.  IT Helpdesk team & IT Asset management
  4. 4. EDUCATION & CERTIFICATIONS ISO 27001:2013 Lead Auditor ITIL ® 2011 Foundation AXELOS CISSP (ISC) ² Master’s Degree - MBA – IT LPU DE, Jalandhar, India Bachelor's Degree - BA Program SOL, University of Delhi, New Delhi, India College Certificate - Higher Diploma in Systems and Networking NIIT Academy, New Delhi, India Senior Secondary - 12th Arts M.G College, Mehasi, East Champaran, Bihar, India Dec 2019 Certified Trained 2013 – 2017 2008 – 2011 2008 – 2010 2006 – 2008 INTERPERSONAL SKILLS  Excellent Problem-Solving Skills  Excellent Oral, Written and Interpersonal Skills  Excellent Team Management & Client Handling Skills  Initiative and Decision-making Nature  Good Project Management Skills  Self-Motivated person with Positive Attitude LANGUAGE ABILITIES English – Fluent Hindi – Fluent REFERENCES Upon Request

