SlideShare a Scribd company logo

Vijay Amarnath - Updated

Download as DOCX, PDF
V
Vijay Amarnath
1 of 3
VIJAYAMARNATH E-MAIL: VIJAYAMARNATH@GMAIL.COM C: +919788219201 SUMMARY An IT RISK, ITGC, SOx, ISO27001, SOC1 & 2 and ACCESS MANAGEMENT SPECIALIST whose qualifications include a master’s degree in Computer Applications with ISO-27001 Lead Auditor certification & ISO 20000 Lead Implementation. Detailed knowledge of technologies and best practices in GRC space. 9+ years of IT experience which includes GRC (Governance Risk & Compliance), IT General Controls with extensive knowledge on ISO 27001 , SOx Regulatory ACT, IT Risk Management, Access Management, SOC1 & SOC2 Type I and Type II Audit, Change Management, L2 Support & Maintenance and S/W licensing. BUSINESS SKILLS  Project Lead with 9+ years of experience in managing projects on Internal Audit  Successfully led a team of 11 members in ITGC space  Excellent Project Planning skills and documentation (especially in PPT, excel and SOP preparation)  Experience with all stages of audits which includes identifying, planning, execution/ evaluation, reporting and testing in areas of Access Management  Sound knowledge in IT Risk Management  Thorough understanding of existing process and strong drive for strategy, innovation and in driving automation & simplification of process  IT General Control areas of Sarbanes-Oxley Act (SOx) 404 and vast experience in handling Level-2 IT support activities  Internal audit of ‘Access Management’ and ‘Change Management’ Projects  Certified ISO270001 LA, ISO 20000 LI , ITIL V3 foundation , GREEN BELT and LEAN SIX SIGMA KEY SKILLS IT Risk Management lifecycle, Access Management, ISO 27001, IT General Controls & Framework, Regulatory Compliance (SOx), SOC1 and SOC2, Change Management BCP & DR, PCI DSS, Six Sigma concepts and ITIL V3 Foundation KEY PROJECTS Future Group Pvt Ltd (AS a Lead Consultant)  Security Risk assessment and consulting for creation of IT policy for FG covering the below - Worked on for an executive Management report that includes clear recommendations on security policies along with Potential Risk against each recommends and - Mapping of recommended controls measures against ISO & PCI - Prepared a summary listing all the implications if recommended controls Third Party Assessment - Idea Cellular (As a Lead Consultant)  Design and Deployment of Supplier Security Compliance Framework  Vendor Categorization & Criticality  Development of Self-Assessment Questionnaire  Manage VRM using CoVi Compliance Tool ISMS Design and Implementation along with PCI DSS - Network 18 (As a Lead consultant)  End-to-end delivery of the project (Ensure the Org is implemented with ISO 27001 standards)  Organized and executedproject as per the project plan  Designed policies and procedure as per ISO 27001:2013 guidelines
Page 2  Roll out of 3 InfoSec awareness training sessions across the Org  Effective stakeholder engagement & work closely with Operation Teams, Risk, Legal & Compliance, IT Technical Team to understand their current day process and lay out optimal ‘TO BE’ process.  Develop Unified Compliance Framework with Mapping ISO 27001 controls with PCI DSS requirements to ensure the organization is compliant with both  Provide technology roadmap for control automation Risk Management – GE Capital Treasury (As a Project Lead)  Work with the IT Leader to address, manage and facilitate the Risks identified during Risk Assessment  Upload the Risk itemsin the EOR tool (Enterprise & Operational Risk) and track these Itemsuntil closure  Conduct Bridge calls between Risk Owner, IT Owner and external/internal Auditor to address the risk status and plan the further steps  Suggest on the Mitigation measure and counter the risk with ideal controls  Follow up with the Risk owner until the Risk is either Transferred or addressed with appropriate measures Access & Change Management - GE Capital Treasury (As a Project Lead)  Interacting with respective Application Owner’s (AO) team to resolve compliance issues and provide recommendation, communication on status of action resolution and bringing to management issues that require attention tracking corrective actions and to comply with SOX requirements  Perform periodic accounts audits across SOx/Non-SOx applications, network domains, servers and databases  Perform periodic review of accounts for all Critical/Non-Critical assets.  Reviewing Segregation of Duties (SoD) matrix reports in Production & Non-Production environments like Development, QA and Test  Perform Change Management control testing for all the samples provided by Business Quarterly - System Access Reviews - GE Capital Treasury (As a Technical Lead)  Conduct audits on all in-scope (i.e., Sox / Trade and Banking / Mission Critical) applications comply with DS5 – Ensure System Security (according to COBIT Framework) review controls and its associated infrastructures to ensure that all users having appropriate level of access to the systems.  Handover the audit findings to the Asset Owner and follow up on the remediation action until closure  Work with the External Auditors and facilitate them on their finding  Preparation of SOW, SOP and other important project related documents like revamping and enhancement requirementsto the project  Accountable for identification of any IT Risks and treating it appropriately Software License Management – GE Capital  Perform Audits on all Business, Corporate and Vendor requests  Rollup or remove components / freeware
Page 3  Collect entitlements. Compare installs to entitlements to reuse licenses from existing pool resulting in savings. Transfer entitlements under one user to other or one machine to other  Release software for terminated resource & resource who don’t require the software anymore  Assign licenses & Remediate defects L2 Support & Maintenance - ADVANCE COMMERCIAL BANKING SYSTEM – ACBS  Foremost job done in As400 area was to submit the EOD Batch process requested by Business users on demand.  Provisioning and de-provisioning user access per the pre-defined system  Assisting in DR report - Providing RPO and RTO information to Post-Mortem report  Submission of post-mortem report of ACBS application to the DR Team Leader  Capture RTO and RPO values in AS400 while mocking DR environment testing  Taking BRMSDAILY backup jobs KEY CURRICULUM PROJECT Project is about compressing two audio files, making into one and sending it to the receiver such that even when an intruder intrudes he could not find the hidden audio file. Applied the concepts of Cryptography EDUCATION PGDEIM (PG Diploma in Export and Import Management) BSc in Computer Science MCA (Masters in Computer Application) MCA (Masters in Computer Application) CERTIFICATIONS  ISO 27001:2005 Lead Auditor  ISO 20000 Lead Implementer  2 Green Belt  2 Lean Six Sigma Project  6 Kaizen Project  Certified in Computer Hardware and Network Administration  Completed ITILV3 Foundation  Pursuing CRISC EMPLOYMENT HISTORY Happiest Minds Technologies Associate Manager Jan 2016 – TILL DATE IGATE Global Solutions Project Lead Sep 2007 – Dec 2015 PASSPORT & VISA INFORMATION N5441307 H1 B VISA (Approved & Stamped) REFERENCES Available on request

Recommended

The security sdlc
The security sdlcThe security sdlc
The security sdlcMohamed Siraj
 
Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultantdcs HH
 
Swetana A Purohit
Swetana A PurohitSwetana A Purohit
Swetana A PurohitSwetana Purohit
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
Independent Software Assessments
Independent Software AssessmentsIndependent Software Assessments
Independent Software AssessmentsDCG Software Value
 

Recommended

The security sdlc
The security sdlcThe security sdlc
The security sdlcMohamed Siraj
 
Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultantdcs HH
 
Swetana A Purohit
Swetana A PurohitSwetana A Purohit
Swetana A PurohitSwetana Purohit
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Resume_IshitaKundu_CISA
Resume_IshitaKundu_CISAResume_IshitaKundu_CISA
Resume_IshitaKundu_CISAIshita Kundu
 
Independent Software Assessments
Independent Software AssessmentsIndependent Software Assessments
Independent Software AssessmentsDCG Software Value
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
cv 2015
cv 2015cv 2015
cv 2015Michael Wu
 
cv 2015
cv 2015cv 2015
cv 2015Michael Wu
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering trainingBryan Len
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS CertificationDigital Security
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011dma1965
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
Itil prc review
Itil prc reviewItil prc review
Itil prc reviewSteven Ragsdale
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingTonex
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
James Butler - Resume 2018
James Butler - Resume 2018James Butler - Resume 2018
James Butler - Resume 2018James Butler
 
Find your own iOS kernel bug
Find your own iOS kernel bugFind your own iOS kernel bug
Find your own iOS kernel bugGustavo Martinez
 
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...International Charitable Foundation “AIDS Foundation East-West” (AFEW-Ukraine)
 

More Related Content

What's hot

PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering trainingBryan Len
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS CertificationDigital Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011dma1965
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingTonex
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
James Butler - Resume 2018
James Butler - Resume 2018James Butler - Resume 2018
James Butler - Resume 2018James Butler
 

What's hot (20)

IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
cv 2015
cv 2015cv 2015
cv 2015
 
cv 2015
cv 2015cv 2015
cv 2015
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering training
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS Certification
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
Itil prc review
Itil prc reviewItil prc review
Itil prc review
 
Critical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC TrainingCritical Infrastructure Protection (CIP) NERC Training
Critical Infrastructure Protection (CIP) NERC Training
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
James Butler - Resume 2018
James Butler - Resume 2018James Butler - Resume 2018
James Butler - Resume 2018
 

Viewers also liked

Find your own iOS kernel bug
Find your own iOS kernel bugFind your own iOS kernel bug
Find your own iOS kernel bugGustavo Martinez
 
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối Cùng
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối CùngSách Osho Thiền - Tự Do Đầu Tiên Và Cuối Cùng
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối CùngNhân Nguyễn Sỹ
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Extremis products presentation 2017
Extremis products presentation 2017Extremis products presentation 2017
Extremis products presentation 2017Extremis
 
Sempurna buku program mssr 2014
Sempurna buku program mssr 2014 Sempurna buku program mssr 2014
Sempurna buku program mssr 2014 yusmie
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowingPeter Hlavaty
 
SMi Group's 4th annual Immunogenicity 2017 conference
SMi Group's 4th annual Immunogenicity 2017 conferenceSMi Group's 4th annual Immunogenicity 2017 conference
SMi Group's 4th annual Immunogenicity 2017 conferenceDale Butler
 
SMi Group's MilSatCom USA 2017
SMi Group's MilSatCom USA 2017SMi Group's MilSatCom USA 2017
SMi Group's MilSatCom USA 2017Dale Butler
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsStefan Esser
 
Textual analysis
Textual analysis Textual analysis
Textual analysis jvillacci
 
Lessons Learned When Automating
Lessons Learned When AutomatingLessons Learned When Automating
Lessons Learned When AutomatingAlan Richardson
 
Targeting the iOS kernel
Targeting the iOS kernelTargeting the iOS kernel
Targeting the iOS kernelSeguridad Apple
 
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
 

Viewers also liked (20)

Find your own iOS kernel bug
Find your own iOS kernel bugFind your own iOS kernel bug
Find your own iOS kernel bug
 
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...
Роль регламентуючих документів у профілактиці поширення нелегальних наркотикі...
 
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối Cùng
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối CùngSách Osho Thiền - Tự Do Đầu Tiên Và Cuối Cùng
Sách Osho Thiền - Tự Do Đầu Tiên Và Cuối Cùng
 
Mission Statement
Mission StatementMission Statement
Mission Statement
 
Presentation - Leo
Presentation - LeoPresentation - Leo
Presentation - Leo
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
Extremis products presentation 2017
Extremis products presentation 2017Extremis products presentation 2017
Extremis products presentation 2017
 
Sempurna buku program mssr 2014
Sempurna buku program mssr 2014 Sempurna buku program mssr 2014
Sempurna buku program mssr 2014
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowing
 
Death of WAF - GoSec '15
Death of WAF - GoSec '15Death of WAF - GoSec '15
Death of WAF - GoSec '15
 
SMi Group's 4th annual Immunogenicity 2017 conference
SMi Group's 4th annual Immunogenicity 2017 conferenceSMi Group's 4th annual Immunogenicity 2017 conference
SMi Group's 4th annual Immunogenicity 2017 conference
 
SMi Group's MilSatCom USA 2017
SMi Group's MilSatCom USA 2017SMi Group's MilSatCom USA 2017
SMi Group's MilSatCom USA 2017
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
 
Textual analysis
Textual analysis Textual analysis
Textual analysis
 
Lessons Learned When Automating
Lessons Learned When AutomatingLessons Learned When Automating
Lessons Learned When Automating
 
Back to the CORE
Back to the COREBack to the CORE
Back to the CORE
 
Targeting the iOS kernel
Targeting the iOS kernelTargeting the iOS kernel
Targeting the iOS kernel
 
Judges
Judges Judges
Judges
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
 

Similar to Vijay Amarnath - Updated

CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
David Dewell_July_2016_CV
David Dewell_July_2016_CVDavid Dewell_July_2016_CV
David Dewell_July_2016_CVDavid Dewell
 
RosselleArnaiz-Cruz_Resume_Updated
RosselleArnaiz-Cruz_Resume_UpdatedRosselleArnaiz-Cruz_Resume_Updated
RosselleArnaiz-Cruz_Resume_UpdatedRosselle Arnaiz-Cruz
 
Read Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitte
Read Curriculum vitae of Shwetabh Kumar as Project Manager at DeloitteRead Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitte
Read Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitteshwetabhkumar
 
Ryan Phillip Chan Resume - 10212016
Ryan Phillip Chan Resume - 10212016Ryan Phillip Chan Resume - 10212016
Ryan Phillip Chan Resume - 10212016Phillip Ryan- Chan
 
Sachin 5 Yrs Telecom Ba Pmp Resume
Sachin 5 Yrs Telecom Ba Pmp ResumeSachin 5 Yrs Telecom Ba Pmp Resume
Sachin 5 Yrs Telecom Ba Pmp ResumeSachin P, PMP®
 
John c heidler_resume_20190724
John c heidler_resume_20190724John c heidler_resume_20190724
John c heidler_resume_20190724JohnHeidler
 
G Holmes CV - BA-STA
G Holmes CV - BA-STAG Holmes CV - BA-STA
G Holmes CV - BA-STAGraham Holmes
 
Ankita_Bhatnagar_ReleaseManager_05-07-2016
Ankita_Bhatnagar_ReleaseManager_05-07-2016Ankita_Bhatnagar_ReleaseManager_05-07-2016
Ankita_Bhatnagar_ReleaseManager_05-07-2016Ankita Bhatnagar
 

Similar to Vijay Amarnath - Updated (20)

Chapter 11
Chapter 11Chapter 11
Chapter 11
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
David Dewell_July_2016_CV
David Dewell_July_2016_CVDavid Dewell_July_2016_CV
David Dewell_July_2016_CV
 
RosselleArnaiz-Cruz_Resume_Updated
RosselleArnaiz-Cruz_Resume_UpdatedRosselleArnaiz-Cruz_Resume_Updated
RosselleArnaiz-Cruz_Resume_Updated
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
RadhaKrishna Votti_CV
RadhaKrishna Votti_CVRadhaKrishna Votti_CV
RadhaKrishna Votti_CV
 
Adi CV Tech Manager
Adi CV Tech ManagerAdi CV Tech Manager
Adi CV Tech Manager
 
Read Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitte
Read Curriculum vitae of Shwetabh Kumar as Project Manager at DeloitteRead Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitte
Read Curriculum vitae of Shwetabh Kumar as Project Manager at Deloitte
 
Profile
ProfileProfile
Profile
 
Ryan Phillip Chan Resume - 10212016
Ryan Phillip Chan Resume - 10212016Ryan Phillip Chan Resume - 10212016
Ryan Phillip Chan Resume - 10212016
 
Qutubuddin_Sheik_Resume
Qutubuddin_Sheik_ResumeQutubuddin_Sheik_Resume
Qutubuddin_Sheik_Resume
 
Profile_Kishore Sundar
Profile_Kishore SundarProfile_Kishore Sundar
Profile_Kishore Sundar
 
Sachin 5 Yrs Telecom Ba Pmp Resume
Sachin 5 Yrs Telecom Ba Pmp ResumeSachin 5 Yrs Telecom Ba Pmp Resume
Sachin 5 Yrs Telecom Ba Pmp Resume
 
Mayank-Tamrakar
Mayank-TamrakarMayank-Tamrakar
Mayank-Tamrakar
 
John c heidler_resume_20190724
John c heidler_resume_20190724John c heidler_resume_20190724
John c heidler_resume_20190724
 
Komal Vora
Komal VoraKomal Vora
Komal Vora
 
Waseem Arfi Personal Profile
Waseem Arfi Personal ProfileWaseem Arfi Personal Profile
Waseem Arfi Personal Profile
 
Abdulrasheed-UpdatedCV
Abdulrasheed-UpdatedCVAbdulrasheed-UpdatedCV
Abdulrasheed-UpdatedCV
 
G Holmes CV - BA-STA
G Holmes CV - BA-STAG Holmes CV - BA-STA
G Holmes CV - BA-STA
 
Ankita_Bhatnagar_ReleaseManager_05-07-2016
Ankita_Bhatnagar_ReleaseManager_05-07-2016Ankita_Bhatnagar_ReleaseManager_05-07-2016
Ankita_Bhatnagar_ReleaseManager_05-07-2016
 

Vijay Amarnath - Updated

  • 1. VIJAYAMARNATH E-MAIL: VIJAYAMARNATH@GMAIL.COM C: +919788219201 SUMMARY An IT RISK, ITGC, SOx, ISO27001, SOC1 & 2 and ACCESS MANAGEMENT SPECIALIST whose qualifications include a master’s degree in Computer Applications with ISO-27001 Lead Auditor certification & ISO 20000 Lead Implementation. Detailed knowledge of technologies and best practices in GRC space. 9+ years of IT experience which includes GRC (Governance Risk & Compliance), IT General Controls with extensive knowledge on ISO 27001 , SOx Regulatory ACT, IT Risk Management, Access Management, SOC1 & SOC2 Type I and Type II Audit, Change Management, L2 Support & Maintenance and S/W licensing. BUSINESS SKILLS  Project Lead with 9+ years of experience in managing projects on Internal Audit  Successfully led a team of 11 members in ITGC space  Excellent Project Planning skills and documentation (especially in PPT, excel and SOP preparation)  Experience with all stages of audits which includes identifying, planning, execution/ evaluation, reporting and testing in areas of Access Management  Sound knowledge in IT Risk Management  Thorough understanding of existing process and strong drive for strategy, innovation and in driving automation & simplification of process  IT General Control areas of Sarbanes-Oxley Act (SOx) 404 and vast experience in handling Level-2 IT support activities  Internal audit of ‘Access Management’ and ‘Change Management’ Projects  Certified ISO270001 LA, ISO 20000 LI , ITIL V3 foundation , GREEN BELT and LEAN SIX SIGMA KEY SKILLS IT Risk Management lifecycle, Access Management, ISO 27001, IT General Controls & Framework, Regulatory Compliance (SOx), SOC1 and SOC2, Change Management BCP & DR, PCI DSS, Six Sigma concepts and ITIL V3 Foundation KEY PROJECTS Future Group Pvt Ltd (AS a Lead Consultant)  Security Risk assessment and consulting for creation of IT policy for FG covering the below - Worked on for an executive Management report that includes clear recommendations on security policies along with Potential Risk against each recommends and - Mapping of recommended controls measures against ISO & PCI - Prepared a summary listing all the implications if recommended controls Third Party Assessment - Idea Cellular (As a Lead Consultant)  Design and Deployment of Supplier Security Compliance Framework  Vendor Categorization & Criticality  Development of Self-Assessment Questionnaire  Manage VRM using CoVi Compliance Tool ISMS Design and Implementation along with PCI DSS - Network 18 (As a Lead consultant)  End-to-end delivery of the project (Ensure the Org is implemented with ISO 27001 standards)  Organized and executedproject as per the project plan  Designed policies and procedure as per ISO 27001:2013 guidelines
  • 2. Page 2  Roll out of 3 InfoSec awareness training sessions across the Org  Effective stakeholder engagement & work closely with Operation Teams, Risk, Legal & Compliance, IT Technical Team to understand their current day process and lay out optimal ‘TO BE’ process.  Develop Unified Compliance Framework with Mapping ISO 27001 controls with PCI DSS requirements to ensure the organization is compliant with both  Provide technology roadmap for control automation Risk Management – GE Capital Treasury (As a Project Lead)  Work with the IT Leader to address, manage and facilitate the Risks identified during Risk Assessment  Upload the Risk itemsin the EOR tool (Enterprise & Operational Risk) and track these Itemsuntil closure  Conduct Bridge calls between Risk Owner, IT Owner and external/internal Auditor to address the risk status and plan the further steps  Suggest on the Mitigation measure and counter the risk with ideal controls  Follow up with the Risk owner until the Risk is either Transferred or addressed with appropriate measures Access & Change Management - GE Capital Treasury (As a Project Lead)  Interacting with respective Application Owner’s (AO) team to resolve compliance issues and provide recommendation, communication on status of action resolution and bringing to management issues that require attention tracking corrective actions and to comply with SOX requirements  Perform periodic accounts audits across SOx/Non-SOx applications, network domains, servers and databases  Perform periodic review of accounts for all Critical/Non-Critical assets.  Reviewing Segregation of Duties (SoD) matrix reports in Production & Non-Production environments like Development, QA and Test  Perform Change Management control testing for all the samples provided by Business Quarterly - System Access Reviews - GE Capital Treasury (As a Technical Lead)  Conduct audits on all in-scope (i.e., Sox / Trade and Banking / Mission Critical) applications comply with DS5 – Ensure System Security (according to COBIT Framework) review controls and its associated infrastructures to ensure that all users having appropriate level of access to the systems.  Handover the audit findings to the Asset Owner and follow up on the remediation action until closure  Work with the External Auditors and facilitate them on their finding  Preparation of SOW, SOP and other important project related documents like revamping and enhancement requirementsto the project  Accountable for identification of any IT Risks and treating it appropriately Software License Management – GE Capital  Perform Audits on all Business, Corporate and Vendor requests  Rollup or remove components / freeware
  • 3. Page 3  Collect entitlements. Compare installs to entitlements to reuse licenses from existing pool resulting in savings. Transfer entitlements under one user to other or one machine to other  Release software for terminated resource & resource who don’t require the software anymore  Assign licenses & Remediate defects L2 Support & Maintenance - ADVANCE COMMERCIAL BANKING SYSTEM – ACBS  Foremost job done in As400 area was to submit the EOD Batch process requested by Business users on demand.  Provisioning and de-provisioning user access per the pre-defined system  Assisting in DR report - Providing RPO and RTO information to Post-Mortem report  Submission of post-mortem report of ACBS application to the DR Team Leader  Capture RTO and RPO values in AS400 while mocking DR environment testing  Taking BRMSDAILY backup jobs KEY CURRICULUM PROJECT Project is about compressing two audio files, making into one and sending it to the receiver such that even when an intruder intrudes he could not find the hidden audio file. Applied the concepts of Cryptography EDUCATION PGDEIM (PG Diploma in Export and Import Management) BSc in Computer Science MCA (Masters in Computer Application) MCA (Masters in Computer Application) CERTIFICATIONS  ISO 27001:2005 Lead Auditor  ISO 20000 Lead Implementer  2 Green Belt  2 Lean Six Sigma Project  6 Kaizen Project  Certified in Computer Hardware and Network Administration  Completed ITILV3 Foundation  Pursuing CRISC EMPLOYMENT HISTORY Happiest Minds Technologies Associate Manager Jan 2016 – TILL DATE IGATE Global Solutions Project Lead Sep 2007 – Dec 2015 PASSPORT & VISA INFORMATION N5441307 H1 B VISA (Approved & Stamped) REFERENCES Available on request