Experienced Information Security Manager with 17 years in cybersecurity, compliance (SOC 2, PCI DSS, HIPAA, ISO 27001, GDPR, CPRA, Data Privacy Framework), and risk management, specializing in strategic security planning and incident response to safeguard critical assets.
Certifications
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISACA Certified in Risk and Information Systems Control (CRISC)
ISACA Certified in the Governance of Enterprise IT (CGEIT)
ISACA Certified Data Privacy Solutions Engineer (CDPSE)
Certified Information Privacy Technologist (CIPT)
Privacy Engineering Certification
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
CompTIA Security+
CompTIA PenTest+
CompTIA Network Vulnerability Assessment Professional
AWS Certified Security - Specialty
AWS Certified Solutions Architect - Associate
Certified ATT&CK Cyber Threat Intelligence
Certified ATT&CK Security Operations Center Assessments
ISO 27001:2013 Lead Auditor - Information Security Management System
ISO 27001:2022 Lead Auditor - Information Security Management System
Orchestrated compliance management for standards including PCI DSS, SOC 2, ISO 27001, HIPAA, Data Privacy Framework, CPRA, and GDPR, enhancing organizational adherence to regulatory requirements and strengthening the compliance posture.
Led the development and enforcement of comprehensive security requirements and best practices across the organization, significantly improving security resilience and data protection through advanced encryption solutions.
Initiated a robust compliance testing program and developed strategic plans aimed at risk control, fostering a culture of continuous improvement, and aligning security initiatives with business objectives.
Harmonized Global Operations under PCI DSS, SOC 2, GDPR, ISO 27001, ISO 27017, ISO 27018, and ISO 9001, ensuring alignment with global security standards and successful certification achievements.
Crafted and implemented a security monitoring roadmap across On-Premise and Cloud Platforms, including AWS, enhancing organizational security posture and operational efficiency through best practices in cloud security.
Directed critical risk assessments and developed incident response protocols, significantly improving the organization's risk management framework and security culture.
Spearheaded the launch of comprehensive security and compliance initiatives, significantly bolstering the organization's security infrastructure through developing and enforcing tailored policies.
Authored and implemented critical Information Security & Technology Policy documentation and led PCI DSS compliance efforts, ensuring organizational adherence to best practices and regulatory standards.
Developed and executed a 24/7 security monitoring strategy for the e-commerce platform, managing SIEM systems and WAF to ensure high levels of data protection and rapid incident response
Led PCI DSS Security compliance, developing and enforcing a comprehensive security program that elevated the organizational security posture and enhanced data integrity, confidentiality, and availability.
Orchestrated a network and telecom infrastructure overhaul across eight locations and championed preemptive risk management initiatives, significantly improving operational efficiency and security readiness.
Developed and implemented an Internal Audit and Training Program, fostering a culture of security awareness and compliance while integrating advanced security technologies to optimize IT infrastructure.
Led comprehensive risk assessments and security event monitoring, significantly enhancing corporate compliance and system defenses.
Managed and optimized Windows and SQL Server environments across the USA and India, including successful SQL Server migration and database administration.
Directed application security measures, including penetration testing and strategic remediation, improving system security and ensuring HIPAA compliance.
Spearheaded the implementation of new technologies and cloud computing initiatives, driving advancements in data center operations and endpoint security management.