Akash Basu

Accomplished multiple onsite/offsite project management activities in the context of cyber security for clients in banking & insurance verticals and ensured effective leadership in individual and large-scale projects. Executed and lead VAPT of Web Application, Mobile Application, API, Thick- client, VPN, Wireless, other network devices, database & servers in compliance as per global standards and regulations. Performed Third party risk assessment and managed Infrastructure Security through the implementation of ISMS controls, TPRM, network penetration testing, configuration review of network devices, database & server compliance audit, and hardening. Conducted Research & Gap Analysis to identify, review and mitigate security risks and implement improvements/enhancements in secure SDLC, through the development of security standards, best practices, training and simulations.

Oversaw the establishment, implementation, and adherence to policies and standards that guide and support the terms of the information security strategy under CISO function. Managed entire Information security programs within organisation which includes but not limited to VAPT, GRC, SOC, DLP, ISMS, Red Team, IRDAI audit, WAF, Cloud Security & other Infosec activities and undertook procurement, evaluation & budgeting of Infosec tools. Well versed in performing vulnerability assessment and penetration testing, web, mobile, thick client application security testing, API security testing, Network VAPT, Configuration review of infrastructure devices, cloud review, TPRM, IS Risk, Firewall Rule review and architecture review. Promoted enterprise wide awareness campaign including establishment of crisis management plan. Driven various steering committee discussions to provide regular update on Information security programs and as per direct guidance from CISO and have expertise in Procurement, evaluation and budgeting for Infosec tools, assessment, activities and other services.

Established and maintained compliance with policies, standards and audit requirements as per various regulatory bodies RBI, IRDAI, SEBI, UIDAI, CCA guidelines and ISMS, BCMS, PCI & NIST Frameworks. Develop, implement & monitor a strategic, comprehensive enterprise information security risk management program to ensure that CIA is maintained as per global framework like ISO and NIST. Oversaw the enterprise's other information security programs consisting of architecture review, Vulnerability assessment & penetration testing, SOC operations, incident management, cyber security drills, simulations and brand monitoring & DLP management. Well versed in application security, threat modelling, API security, infrastructure vulnerability management, source code review and Hardening. Driven various steering committee discussions to provide regular update on Information security programs and as per direct guidance from CISO and have expertise in Procurement, evaluation and budgeting for Infosec tools, assessment, activities and other services. Regularly provided information security awareness trainings, table top exercises and structured walkthrough across the organisation including handled senior management to enhance Information security culture.