SlideShare a Scribd company logo

Information Security Audit Consultant

Download as DOC, PDF
D
dcs HH

The document provides information on an Information Security Audit Consultant with over 8 years of experience in information security audits, risk assessments, network security, and compliance audits. The consultant has technical skills in networking, security administration, and project management and security certifications including CISSP, CISA, and CEH. Previous work experience includes security roles in telecom, finance, and other industries.

1 of 5
Hariharan B.E M.S Information Security Audit Consultant Work Desired: Permanent Citizenship: Indian Citizen Resident Of: Country: Bahrain - Area Code:119 Willing To Relocate: Yes Experience: 8 years of work-experience Technical Skills: , LAN/Networking, System Security Administration, Project Management, IS Audit Work Experience: Total IT Experience – 96 Months SUMMARY ♣ 8 years of experience in Information Security and Is Audits. ♣ Knowledge and experience in Information Systems Security Auditing, BS7799 Implementation as well as auditing, Risk Assessment (ISO-13335 GMITS and NIST 800-30), Computer security incident response (CERT, SANS, NIST), information security standards and industry best practices. ♣ Has IS audit experience as Internal Auditor for testing Internal IT and Financial internal controls for ERP systems such as SAP, Oracle and CRM. ♣ Has extensive audit experience in industry verticals such as Telecom, Data Centers, Airlines, financial institutions and Automotive Industry. Has worked on few SOX 404 assignments in the Wipro (E&Y and KMPG) ♣ Exposure to regulatory compliance issues like Identity management, HIPAA, GLBA and Sarbanes Oxley ♣ He has a keen ability to understand and resolve issues, commitment to client satisfaction and excellent communication and presentation skills. SKILLSETS Process • IS Audit Planning, Execution, Audit Documentation and Reporting • Review Internal Controls • IT Risk Assessment and Management • Interview, evidence gathering and analysis • Business Continuity Plan Assessment • Information technology & Information security management system (ISMS) Auditing • Incident Response Policies and Process • Exposure to Best Practices such as CoBIT and COSO framework • Compliance Audits ♣ BS 7799 Technology • Network and OS Level Auditing Skills ♣ Vulnerability Assessment ♣ Penetration Testing ♣ Network Log Analysis • Application level Auditing ♣ Automated scans ♣ Manual Auditing (Process Mapping) ♣ Application walkthroughs ACCREDITATIONS & EDUCATION
Accreditations ♣ CISSP & CISA ♣ BS 7799 Lead Auditor ♣ BS7799 Lead Implementer ♣ Certified Ethical Hacker -CEH ♣ Certified System engineer -MCSE ♣ CISCO Certified Network Associate - CCNA ♣ Certified Hacking Forensic Investigator -CHFI ♣ Microsoft Certified Systems Professional – MCP Academics ♣ Bachelor of Computer Science Engineering, India (Tamil Nadu) ♣ M .S By Research Information Technology (Thesis work), India(Anna University) Workshops / Trainings attended • IT Audit Best Practices by BSI, India • Application controls Review/Audit by ISACA, Chennai, India • COBIT workshops –Bahrain(ISACA) EMPLOYMENT RECORD •Sr. Information Security Consultant (Audit) EKKANOO B.S.C-Bahrain (Jan 2008 – till date) •Sr. Information Security Consultant Paramount Saudi Arabia-Riyadh (Jan 2007 – Dec 2007) Clients: A. AXA Insurance B. Ministry Of Saudi Arabia-IC C. Riyad Bank D. Saudi Telecom –STC F. Saudi Airways •Information Security Consultant(Band-B2) Wipro Technology (Nov 2005-Dec 2006) Clients: A. AT&T(Lucent Technologies) •Senior Systems Engineer(Trainer) – IT Projects Adept Technologies (April 2002-Oct 2005) Clients: A. Chennai Cyber Crime B. TCS C. Wipro D. Infosys KEY PROJECTS PROJECT - 1 INFORMATION SECURITY RISK ASSESSMENT EKKANOO B.S.C -Bahrain Role IT Security Engineer SUMMARY The engagement includes independent security risk assessment of IT services and critical systems including Billing and systems. The assessment was done using industry best practices and included the following activities. • Risk assessment using BS 7799 standard / GMITS guidelines
• BS 7799 GAP analysis • Threat analysis • Impact analysis • Vulnerability Assessment • Penetration testing • High Level Risk Assessment for ERP Application systems PROJECT - 2 IS AUDIT CLIENT AXA Insurance , Riyadh Role IS AUDIT CONSULTANT SUMMARY: This engagement included IT internal audit specialist to assist wide risk assessment framework IRM for AXA Insurance . My responsibilities are : •Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. Develop Risk and control library for information security discipline •Design Baseline Controls and Controls Assessment after Corporate Risk assessment •Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting •Development of risk control framework and enterprise risk assessment methodology •Compliance assessment on content of Risk Control library for corporate. •GAP analysis of corporate standards with Industry standard regulations such as COBIT, Sarbanes Oxley, ISO 17799, FDIC and GLBA. PROJECT - 3 IS AUDIT SOX COMPLIANCE CLIENT Riyadh BANK, Role IS AUDIT CONSULTANT SUMMARY This engagement included IT internal audit for Sarbanes Oxley/FDICIA regulation. My responsibilities are : •Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. •Test the operating effectiveness of general controls like Access control, Change control, Backup, VM, MBS and application controls in Horizon, Advent and other application environments. •Develop narratives for network domain for security controls mapping for general controls. PROJECT - 4 IS AUDIT ( SOX COMPLIANCE) CLIENT STC-RIYADH Role IS AUDIT CONSULTANT SUMMARY This engagement included IT internal audit for Sarbanes Oxley readiness. My responsibilities are : •Develop test plans for IS network area and application areas. •Build detailed audit programs for assisting internal audit teams for management in ERP application security , AS 400, Oracle applications. •Test the operating effectiveness of general controls like Access control, Change control, Backup, and ITGC in Oracle environment. PROJECT - 5 IS AUDIT Testing ( 1X EVDO )
CLIENT AT & T USA,INDIA Role IT Security Consultant SUMMARY This engagement included IT internal Testing for 1X EVDO Environment regulation. My responsibilities are : •Testing & Documenting the Risk and Gaps within the Application /Application interfaces. •Test the operating effectiveness of general controls like Access control, Change control, Backup, VM, MBS and application controls in 1 x EVDO and other application environments. •Analysis of Infrastructure vulnerabilities with knowledge gained from currently published attack methodologies and exploits •Performance of onsite and remote Penetration tests and vulnerability analysis, •Scanning and using necessary exploit code for testing •Develop narratives for network domain for controls mapping for general controls and network security controls PROJECT – 6 NETWORK INFRASTRUCTURE VULNERABILITY AUDIT CLIENT Ministry of IC -Riyadh Role TEAM LEAD SUMMARY The requirement of the client as to identify their network infrastructure vulnerabilities through onsite and offsite vulnerability testing and penetration testing exercise. As project lead was responsible for •Analysis of Infrastructure vulnerabilities with knowledge gained from currently published attack methodologies and exploits •Performance of onsite and remote Penetration tests and vulnerability analysis, •Scanning and using necessary exploit code for testing •Reporting on vulnerability to various remote and head office sites. •Internal Pen test •Application Audit in Switch Application •Designing IT Security Policies and procedures(Cramm) •Implementation Road Map for Compliance PROJECT – 7 BS 7799:2002 BASED ISMS BUILD CLIENT STC, Riyadh Role TEAM LEAD SUMMARY This engagement involved building an Information Security Management System in accordance with the BS 7799:2002 – Part 2 Specifications for the client. The engagement activity included; •Build ISMS Scope •Risk Assessment Conducted •Review of Internal Controls •Develop Risk Treatment Plan •Statement of Applicability •Internal Control selection •Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review. •Regular interaction with client enabling the refinement of policies / procedures over a period of time
PROJECT – 8 SECURITY POLICY AND PROCEDURE DESIGN CLIENT Saudi Airways-Riyadh Role PROJECT MANAGER SUMMARY Design an enterprise wide information security policies and procedures in accordance with ISO 17799 specifications and implement the security technical controls from Secure Architecture Design. As the project lead, was instrumental in the following activities. •Stakeholder information capture and documents review •Assessment of efficacy of existing controls •Design Secure Architecture •Policy Discussion with business managers •Design of Policy and Procedures •Policy Discussion facilitation •Deployed Implement Defense-in-depth firewall •Deployed Implement enterprise RSA Secur ID Authentication •Deployed Host IDS and Network IDS in critical networks and hosts PROJECT 9 NETWORK SECURITY CLIENT Maruthi Broad Band Pvt Ltd ,India Role PROJECT MANAGER SUMMARY •Design, deploy trader secure information architecture and secure LAN/WAN architecture for customer’s MBB environment and commission treasury networking projects for MBB customers. Network involves VSAT data feeds to backend Sun Solaris application servers with TCP-IP backbone to windows 2000 workstations. •Installation of session firewall server to secure data feeds between MBB and customer private networks. Real-time information systems and dealing 2002 system project management for products and services owned by MBB Group , Chennai. •Securing Sun Solaris and Hardening Windows 2000 servers, Installing, configuring and troubleshooting Firewall based Session services in Linux box were the key responsibilities Contact Information : Mobile: +00973 36438081 / 39366487 Reference : Available on Request

Recommended

Resume
ResumeResume
Resumemanean.kvs manean.kvs
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh HIRENALLUR
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 

Recommended

Resume
ResumeResume
Resumemanean.kvs manean.kvs
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh HIRENALLUR
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ GuideSmithjulia33
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
johndemunnik_MAY2016
johndemunnik_MAY2016johndemunnik_MAY2016
johndemunnik_MAY2016John DeMunnik, CISSP Associate
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
kapil mehandiratta_CV
kapil mehandiratta_CVkapil mehandiratta_CV
kapil mehandiratta_CVKapil Mehandiratta
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401pgupta101
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systemsBen Rothke
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixTheAnfieldGroup
 
Kaustubh updated resume 2020-june
Kaustubh updated resume 2020-juneKaustubh updated resume 2020-june
Kaustubh updated resume 2020-juneKAUSTUBH KOTHIWAN PMP®️,ITILV3
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Unanet
 
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]n|u - The Open Security Community
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)Oraib Systems
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...Keith Harris
 
8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn Final8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn FinalEngauge
 
ACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARYACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARYkyphong
 

More Related Content

What's hot

CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ GuideSmithjulia33
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401pgupta101
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systemsBen Rothke
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixTheAnfieldGroup
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Unanet
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)Oraib Systems
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...Keith Harris
 

What's hot (20)

CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
johndemunnik_MAY2016
johndemunnik_MAY2016johndemunnik_MAY2016
johndemunnik_MAY2016
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
kapil mehandiratta_CV
kapil mehandiratta_CVkapil mehandiratta_CV
kapil mehandiratta_CV
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
 
Kaustubh updated resume 2020-june
Kaustubh updated resume 2020-juneKaustubh updated resume 2020-june
Kaustubh updated resume 2020-june
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
 
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)ORAIB CV (7-May-2016)
ORAIB CV (7-May-2016)
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
 
Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...Step Into Security Webinar - Physical Security Integration & Access Control -...
Step Into Security Webinar - Physical Security Integration & Access Control -...
 

Viewers also liked

8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn Final8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn FinalEngauge
 
ACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARYACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARYkyphong
 
New technologies-in-education-14826
New technologies-in-education-14826New technologies-in-education-14826
New technologies-in-education-14826kakkankit
 
You're Where & Wh
You're Where & WhYou're Where & Wh
You're Where & WhEngauge
 
Dedicatoria marc garcia
Dedicatoria marc garciaDedicatoria marc garcia
Dedicatoria marc garciaAgnès Oliver
 
Portfolio ver 5.0
Portfolio ver 5.0Portfolio ver 5.0
Portfolio ver 5.0ashishtagra
 
Essentials of machine learning algorithms
Essentials of machine learning algorithmsEssentials of machine learning algorithms
Essentials of machine learning algorithmsArunangsu Sahu
 
iStrategy - 25 Big Ideas for Connecting Digital & Physical
iStrategy - 25 Big Ideas for Connecting Digital & PhysicaliStrategy - 25 Big Ideas for Connecting Digital & Physical
iStrategy - 25 Big Ideas for Connecting Digital & PhysicalEngauge
 

Viewers also liked (9)

8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn Final8 Digital Trends Lunch Learn Final
8 Digital Trends Lunch Learn Final
 
ACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARYACTIVE DIRECTORY SUMMARY
ACTIVE DIRECTORY SUMMARY
 
New technologies-in-education-14826
New technologies-in-education-14826New technologies-in-education-14826
New technologies-in-education-14826
 
You're Where & Wh
You're Where & WhYou're Where & Wh
You're Where & Wh
 
El meu país
El meu paísEl meu país
El meu país
 
Dedicatoria marc garcia
Dedicatoria marc garciaDedicatoria marc garcia
Dedicatoria marc garcia
 
Portfolio ver 5.0
Portfolio ver 5.0Portfolio ver 5.0
Portfolio ver 5.0
 
Essentials of machine learning algorithms
Essentials of machine learning algorithmsEssentials of machine learning algorithms
Essentials of machine learning algorithms
 
iStrategy - 25 Big Ideas for Connecting Digital & Physical
iStrategy - 25 Big Ideas for Connecting Digital & PhysicaliStrategy - 25 Big Ideas for Connecting Digital & Physical
iStrategy - 25 Big Ideas for Connecting Digital & Physical
 

Similar to Information Security Audit Consultant

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessInfopulse
 
Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Thomas Peters
 
Eric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingEric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingPositive Hack Days
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S
 
J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016John LaCagnina
 
Certified Information Systems Security Professional
Certified Information Systems Security ProfessionalCertified Information Systems Security Professional
Certified Information Systems Security ProfessionalHelen Njuguna
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleRishi Kant
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshareAmir Einav
 

Similar to Information Security Audit Consultant (20)

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
 
Girish Dambal Ver 1.1
Girish Dambal Ver 1.1Girish Dambal Ver 1.1
Girish Dambal Ver 1.1
 
_Ahmed_Ibrahim_CV
_Ahmed_Ibrahim_CV_Ahmed_Ibrahim_CV
_Ahmed_Ibrahim_CV
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?
 
Eric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingEric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core Banking
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
 
Portcullis Us Public 2012 V 1
Portcullis Us Public 2012 V 1Portcullis Us Public 2012 V 1
Portcullis Us Public 2012 V 1
 
J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016
 
Certified Information Systems Security Professional
Certified Information Systems Security ProfessionalCertified Information Systems Security Professional
Certified Information Systems Security Professional
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
 
Vinoth babu b new
Vinoth babu b newVinoth babu b new
Vinoth babu b new
 

Information Security Audit Consultant

  • 1. Hariharan B.E M.S Information Security Audit Consultant Work Desired: Permanent Citizenship: Indian Citizen Resident Of: Country: Bahrain - Area Code:119 Willing To Relocate: Yes Experience: 8 years of work-experience Technical Skills: , LAN/Networking, System Security Administration, Project Management, IS Audit Work Experience: Total IT Experience – 96 Months SUMMARY ♣ 8 years of experience in Information Security and Is Audits. ♣ Knowledge and experience in Information Systems Security Auditing, BS7799 Implementation as well as auditing, Risk Assessment (ISO-13335 GMITS and NIST 800-30), Computer security incident response (CERT, SANS, NIST), information security standards and industry best practices. ♣ Has IS audit experience as Internal Auditor for testing Internal IT and Financial internal controls for ERP systems such as SAP, Oracle and CRM. ♣ Has extensive audit experience in industry verticals such as Telecom, Data Centers, Airlines, financial institutions and Automotive Industry. Has worked on few SOX 404 assignments in the Wipro (E&Y and KMPG) ♣ Exposure to regulatory compliance issues like Identity management, HIPAA, GLBA and Sarbanes Oxley ♣ He has a keen ability to understand and resolve issues, commitment to client satisfaction and excellent communication and presentation skills. SKILLSETS Process • IS Audit Planning, Execution, Audit Documentation and Reporting • Review Internal Controls • IT Risk Assessment and Management • Interview, evidence gathering and analysis • Business Continuity Plan Assessment • Information technology & Information security management system (ISMS) Auditing • Incident Response Policies and Process • Exposure to Best Practices such as CoBIT and COSO framework • Compliance Audits ♣ BS 7799 Technology • Network and OS Level Auditing Skills ♣ Vulnerability Assessment ♣ Penetration Testing ♣ Network Log Analysis • Application level Auditing ♣ Automated scans ♣ Manual Auditing (Process Mapping) ♣ Application walkthroughs ACCREDITATIONS & EDUCATION
  • 2. Accreditations ♣ CISSP & CISA ♣ BS 7799 Lead Auditor ♣ BS7799 Lead Implementer ♣ Certified Ethical Hacker -CEH ♣ Certified System engineer -MCSE ♣ CISCO Certified Network Associate - CCNA ♣ Certified Hacking Forensic Investigator -CHFI ♣ Microsoft Certified Systems Professional – MCP Academics ♣ Bachelor of Computer Science Engineering, India (Tamil Nadu) ♣ M .S By Research Information Technology (Thesis work), India(Anna University) Workshops / Trainings attended • IT Audit Best Practices by BSI, India • Application controls Review/Audit by ISACA, Chennai, India • COBIT workshops –Bahrain(ISACA) EMPLOYMENT RECORD •Sr. Information Security Consultant (Audit) EKKANOO B.S.C-Bahrain (Jan 2008 – till date) •Sr. Information Security Consultant Paramount Saudi Arabia-Riyadh (Jan 2007 – Dec 2007) Clients: A. AXA Insurance B. Ministry Of Saudi Arabia-IC C. Riyad Bank D. Saudi Telecom –STC F. Saudi Airways •Information Security Consultant(Band-B2) Wipro Technology (Nov 2005-Dec 2006) Clients: A. AT&T(Lucent Technologies) •Senior Systems Engineer(Trainer) – IT Projects Adept Technologies (April 2002-Oct 2005) Clients: A. Chennai Cyber Crime B. TCS C. Wipro D. Infosys KEY PROJECTS PROJECT - 1 INFORMATION SECURITY RISK ASSESSMENT EKKANOO B.S.C -Bahrain Role IT Security Engineer SUMMARY The engagement includes independent security risk assessment of IT services and critical systems including Billing and systems. The assessment was done using industry best practices and included the following activities. • Risk assessment using BS 7799 standard / GMITS guidelines
  • 3. BS 7799 GAP analysis • Threat analysis • Impact analysis • Vulnerability Assessment • Penetration testing • High Level Risk Assessment for ERP Application systems PROJECT - 2 IS AUDIT CLIENT AXA Insurance , Riyadh Role IS AUDIT CONSULTANT SUMMARY: This engagement included IT internal audit specialist to assist wide risk assessment framework IRM for AXA Insurance . My responsibilities are : •Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. Develop Risk and control library for information security discipline •Design Baseline Controls and Controls Assessment after Corporate Risk assessment •Provide Risk and controls matrix for enterprise automated risk assessment and risk reporting •Development of risk control framework and enterprise risk assessment methodology •Compliance assessment on content of Risk Control library for corporate. •GAP analysis of corporate standards with Industry standard regulations such as COBIT, Sarbanes Oxley, ISO 17799, FDIC and GLBA. PROJECT - 3 IS AUDIT SOX COMPLIANCE CLIENT Riyadh BANK, Role IS AUDIT CONSULTANT SUMMARY This engagement included IT internal audit for Sarbanes Oxley/FDICIA regulation. My responsibilities are : •Testing & Documenting the Risk, Expected Control, Actual Controls and Gaps within the IT Process/Application /Application interfaces. •Test the operating effectiveness of general controls like Access control, Change control, Backup, VM, MBS and application controls in Horizon, Advent and other application environments. •Develop narratives for network domain for security controls mapping for general controls. PROJECT - 4 IS AUDIT ( SOX COMPLIANCE) CLIENT STC-RIYADH Role IS AUDIT CONSULTANT SUMMARY This engagement included IT internal audit for Sarbanes Oxley readiness. My responsibilities are : •Develop test plans for IS network area and application areas. •Build detailed audit programs for assisting internal audit teams for management in ERP application security , AS 400, Oracle applications. •Test the operating effectiveness of general controls like Access control, Change control, Backup, and ITGC in Oracle environment. PROJECT - 5 IS AUDIT Testing ( 1X EVDO )
  • 4. CLIENT AT & T USA,INDIA Role IT Security Consultant SUMMARY This engagement included IT internal Testing for 1X EVDO Environment regulation. My responsibilities are : •Testing & Documenting the Risk and Gaps within the Application /Application interfaces. •Test the operating effectiveness of general controls like Access control, Change control, Backup, VM, MBS and application controls in 1 x EVDO and other application environments. •Analysis of Infrastructure vulnerabilities with knowledge gained from currently published attack methodologies and exploits •Performance of onsite and remote Penetration tests and vulnerability analysis, •Scanning and using necessary exploit code for testing •Develop narratives for network domain for controls mapping for general controls and network security controls PROJECT – 6 NETWORK INFRASTRUCTURE VULNERABILITY AUDIT CLIENT Ministry of IC -Riyadh Role TEAM LEAD SUMMARY The requirement of the client as to identify their network infrastructure vulnerabilities through onsite and offsite vulnerability testing and penetration testing exercise. As project lead was responsible for •Analysis of Infrastructure vulnerabilities with knowledge gained from currently published attack methodologies and exploits •Performance of onsite and remote Penetration tests and vulnerability analysis, •Scanning and using necessary exploit code for testing •Reporting on vulnerability to various remote and head office sites. •Internal Pen test •Application Audit in Switch Application •Designing IT Security Policies and procedures(Cramm) •Implementation Road Map for Compliance PROJECT – 7 BS 7799:2002 BASED ISMS BUILD CLIENT STC, Riyadh Role TEAM LEAD SUMMARY This engagement involved building an Information Security Management System in accordance with the BS 7799:2002 – Part 2 Specifications for the client. The engagement activity included; •Build ISMS Scope •Risk Assessment Conducted •Review of Internal Controls •Develop Risk Treatment Plan •Statement of Applicability •Internal Control selection •Reviewing and developing Information Security Policies / procedures for the organization as part of an ongoing policy and procedure review. •Regular interaction with client enabling the refinement of policies / procedures over a period of time
  • 5. PROJECT – 8 SECURITY POLICY AND PROCEDURE DESIGN CLIENT Saudi Airways-Riyadh Role PROJECT MANAGER SUMMARY Design an enterprise wide information security policies and procedures in accordance with ISO 17799 specifications and implement the security technical controls from Secure Architecture Design. As the project lead, was instrumental in the following activities. •Stakeholder information capture and documents review •Assessment of efficacy of existing controls •Design Secure Architecture •Policy Discussion with business managers •Design of Policy and Procedures •Policy Discussion facilitation •Deployed Implement Defense-in-depth firewall •Deployed Implement enterprise RSA Secur ID Authentication •Deployed Host IDS and Network IDS in critical networks and hosts PROJECT 9 NETWORK SECURITY CLIENT Maruthi Broad Band Pvt Ltd ,India Role PROJECT MANAGER SUMMARY •Design, deploy trader secure information architecture and secure LAN/WAN architecture for customer’s MBB environment and commission treasury networking projects for MBB customers. Network involves VSAT data feeds to backend Sun Solaris application servers with TCP-IP backbone to windows 2000 workstations. •Installation of session firewall server to secure data feeds between MBB and customer private networks. Real-time information systems and dealing 2002 system project management for products and services owned by MBB Group , Chennai. •Securing Sun Solaris and Hardening Windows 2000 servers, Installing, configuring and troubleshooting Firewall based Session services in Linux box were the key responsibilities Contact Information : Mobile: +00973 36438081 / 39366487 Reference : Available on Request