1. Pankaj Kumar
pankaj.soni2@live.in | +91 9958684517 | Greater Noida, UP, INDIA | linkedin.com/in/pankajsoni02
INFORMATION SECURITY MANAGER| INFORMATION SECURITY OFFICER| INFORMATION SECURITY CONSULTANT |IT SECURITY & GRC CONSULTANT
PROFESSIONAL SUMMARY
A 10-year experienced Information Security Professional blended with strong IT background. 3+ years of experience in
leading project delivery and team management. Helped many clients across industries and time zones to achieve their
Information Security goals by performing Third-Party Risk Management, Compliance Assessment, ISO 27001
implementation/ Mock audits, Technical Risk Assessment, Application Gap Assessment, etc.
CORE COMPETENCIES
InformationSecurity Management
ISMSDocumentManagement
Third Party/Vendor Risk Management
Compliance Assessment
Technical Risk Management
ISMSAudit(ISO 27001)
InformationSecurity Governance
GDPR, HIPPA, PCI, ITGC, FedRAMP etc.
Threat & Vulnerability Management
BusinessContinuity Planning(BCP)& Disaster
Recovery (DR)
Security Architecture
Application, Network, Cloud& EndpointSecurity
GRC tools e.g. RSA Archer, ProcessUnity, Atlas
SecurityScorecard, TaniumComply, Nessusetc.
MicrosoftOffice (i.e., Word, Excel and PowerPoint)
CustomerHandling
Team Leadership
Internal/ External StakeholderManagement
Self-motivatedperson
Experience in liaising with global clients/ teams
Initiativeand Decision-makingNature
PROFESSIONAL EXPERIENCE
Senior Specialist (GRC)
HCL Technologies Ltd., Noida, India August2019 - present
Responsibilities/ Accomplishments
Lead two GRC projects delivery simultaneously (i.e., Third-Party Risk Management and Compliance Assessment)
with a team size of 9 Analysts/ Specialists
Managed 4 direct reportees
Drove Issue Management process for the identified findings
Helped clients to achieve ISO 27001:2013 certification by guiding them in ISO 27001:2013 implementation and
performing mock audits
Ensured client delivery as per agreed contract deliverables and T&C which resulted to project renewal with
increased scope of work
Ensured respective KPI/PI score in green more than 90% times
Ensuredhigherclient satisfactionby conductinggovernancemeetingswithclientsto shareproject status/address
their queries/ requirements etc.
Ensured timely & accurate invoice generation to client by submitting billing data on time and resolving billing
dispute if occur any
Senior Consultant (Cyber Security)
Genpact Enterprise Risk Consulting, Gurugram, India January 2018 –July 2019
Responsibilities/ Accomplishments
Led Configuration Compliance project with a team size of 4 Analysts
Increased compliance efficiency by 50% acrossITassetsby developingconfigurationbaselinesand performingthe
compliance assessments
Provided Information & Cyber security consultation to many enterprise clients to achieve their Information
Security objectives
Helped one of the fortune 100 enterprise client to institutionalize the RSA Archer Issue management platform
across the organization
2. Pankaj Kumar Page 2 of 2
Performed routine Vendor Risk Assessments for more than 30 vendors per year
Performed ITGC audits
Performed asmany as 20 CyberSecurity Gap Assessmentof Application, Network, Cloudetc. andhelped client to
remediate the identified gaps
Senior Network Security Administrator (Information Security)
PeopleStrong HR Services Pvt. Ltd., Gurugram, India October2013 - December2017
Responsibilities/ Accomplishments
Accomplished zero Non-Compliant(NC)in3 consecutiveSSAE18 assessments(yearly)
Helped organizationto secure as many as 30+ new projects andkeep existing projects compliantby supporting
Vendor Due Diligence processese.g., Third-Party security assessment, Externalaudits & KPI/PI reporting
Led Security OperationsCenter (SOC) with a team size of 3 Analysts
ManagedInformationSecurity Governance programacrossorganizationconsideringISO 27001:2013 guideline
Established, implemented, andmaintainedIT BCP andachieved 95% - 99% uptimeacrossrespective service tiers
Publishedrespective reportsto the managementas per InformationSecurity Governance metrics
ManagedISMSdocumentationasanauthor, reviewer, andcustodianof the ISMSdocuments
RunSecurity awareness programand InformationSecurity Incidentmanagementprogramacrossthe
organization which led to reduction in InformationSecurity Incidentsby 70%
Reduced Risksby 70% by running an effective Risk Managementprocessbased on ISO27001:2013 requirements
Performed CyberSecurity Maturity Gap AnalysisconsideringNISTCyber Security Framework (CSF) and Prepared
a 5-Year implementationplanbased onidentified gapsand target maturity level
Reduced application vulnerabilities by 70% by driving Secure SDLC implementationas per OWASP guideline
Reduced Threatsby 90% by performing Vulnerability Assessmentof critical IT resources anddriving remediation
Generated secure productivity capabilitiesacross 1k endpointsby managing Anti-Malware software, DLP
solution, Endpointencryptionsolution, etc.
Implemented& Maintainedsecurity controlsonpublic & privatedatacenter consideringCSA guidelines
Achieved 99.80% network uptimeby managingNetwork Security and Network Data e.g., Firewall, IDS/IPS, WAF,
Router, Switches, LLB and WAP
Contributed to IT Security Budgeting, IT Security hardware/ software Procurement, and Vendor Management
Senior Client Support Engineer (Information Technology (IT))
Smart Integrated Systems, New Delhi, India February 2012 - September2013
Responsibilities/ Accomplishments
Led IT Helpdesk team of 5 IT engineers to manage three regional offices with around 250 endpoint users
Improved Network security by managing Firewalls i.e., Fortinet 110c, 60c, 50b, FortiAnalyzer and WatchGuard
Achieved Network uptime of 98% by managing the network devices e.g., Cisco routers, Cisco switches and WAP
Improved end user productivity by managing Windows servers e.g., AD, DNS, DHCP, File Server and Exchange
Reduced Threats by managing Anti-Virus solution i.e., Symantec Endpoint Protection
Managed Storage & Backup i.e. IBM tape library, Symantec BackupExec software, etc.
Managed User end applications e.g. MS Office, Tally ERP 9, HR Portal, Oracle D2K, ERP, E-TDS, etc.
EDUCATION
Master’s Degree - MBA – IT |LPU DE, Jalandhar, India 2013 - 2017
Bachelor's Degree - BA Program |SOL, University ofDelhi, New Delhi, India 2008 -2011
College Certificate - Higher Diploma in Systems andNetworking |NIITAcademy, NewDelhi, India 2008 - 2010
ADDITIONAL
Language Abilities: English(Fluent)| Hindi (Native)
Trainings& Certifications: ISO27001:2013Lead Auditor(Certified) | ITIL ® 2011 Foundation(Certified) | CISSP (Trained)