Khaja Nizamuddin

• Performing Vulnerability Assessment [VA], Patch Testing activities in order to safeguard company’s information assets. • Performing VA for Cognizant Infra Servers, Critical devices and desktops on demand to identify the vulnerabilities and co-ordinate with NSS for remediating the servers and desktops by providing technical assistance there by making network protected. • Based on the requirement we prepare the customized technical report with identified vulnerabilities based on rankings and report to stake holders for the remediation. • Work with Project Teams and perform vulnerability assessment to preserve compliance level laid by the company • Provide information, solutions for preventing and responding to threats and vulnerabilities • On release of the patches by vendors, perform patch testing in Lab environment to ensure patches are free from errors and advice is given to NSS Team to roll-out the Patches for Cognizant desktops/servers. • Responsible for configuring security tools on all Endpoints to check for Compliance & fine tuning the Policy as per the Organizational Requirement. • Prepare the compliance report based on the client requirement and share it on time • Involving in analyzing the Vulnerability trends notified in each endpoint / applications used in Endpoint • Work with concerned Location NSS team to ensure remediation of the known vulnerabilities • Work with compliance team to ensure Compliance is adhered to and reports are shared with Management. • Perform Audits to check for compliance levels and share the report with Stack holders

• Implementation and monitoring of over 160 controls as per customer guide lines • Conducted periodic internal audits to ensure that compliance procedures are followed. • Document the results of internal and the close the NCs by co-coordinating and collaborating with concern teams • Assisted in External audits and closed the NCs in the Audit finding in the stipulated time frame • Periodic gap analysis based on Self Assessments of Controls • Conducted employee training on compliance related topics, policies, and procedures • Created Security Management Plan to meet the controls objectives • Created document on Information classification and Data Protection to ensure the proper management of Data flow • Maintaining documentation of compliance activities • Review or modify policies or operating guidelines to comply with changes • Review of Patch, DAT, and Vulnerability reports and ensure the PC security and compliance • Coordination with NSS and Patch and DAT teams to ensure all the non compliance are addressed post review of documents • Monitor, review and analyze event logs and security logs • Log management and review through SIEM tool Alien Vault and Ossec agent to analyze the hits from traffic entering into the network and there by blocking the unnecessary traffic • Perform VA and configurations review of CIR like Firewall, Switches and all PCs to secure them form threats and from weak configurations • Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. • Reporting DLP incidents to the management and taking appropriate actions • Firewall Configuration review for Non-Compliance and working with Network team to remediate the findings • Created Incident management procedure document • Implemented and monitored the effectiveness of the control Incident management • Assisting with testing of BCPs and tracking actions • Ensuring Access logical or Physical is restricted to authorized personnel only through a documented procedure • Created BCP document based on the requirements from client and ensured adherence to the timelines.

• Responsible for scheduling information Security Audit in Various Accounts • Conducted Information Security awareness training Sessions • Developed control check lists according to the Infosec Standards • Conducted over 15 Information Security Audits for various clients • Verification of the effectiveness of their organization's security controls by Auditing Controls laid by the client • Preparing clear and well-organized audit documentation that captures the work performed and formulates the appropriate conclusions regarding the adequacy of internal controls • Communicating findings and progress to management in a timely manner • Re-Auditing to check for the closure of the findings of Audit • Performed Risk assessments and conducted ITGC audits on demand

• Lead the organization in audits of ISO 27001:2013, SOC1,SOC 2 and HIPAA and drove it to successful completion • Reviewed the Statement of Applicability for implementation of the ISMS controls at the organizational level • Ensuring the Compliance of ISO 27001,SOC1,SOC2,HIPAA standards and regular gap analysis • Created various policies ,procedures, baselines and standards for the Security Operations • Responsible for scheduling information Security Audit in various Accounts • Performed Bi-Annual Risk assessment at the organizational level • Assisted CISO in responding to customer questionnaire and RFP’s which helped organization to get new clients. • Maintaining ISMS documentation on intranet and publishing new versions in case of changes. • Actively participated in the setup of Security Operations Center • Regular monitoring of Firewall Forti Gate logs, McAfee Web gateway, Sophos AV non-compliance • Approval of URL post analysis to keep the network safe • Performing VA for Infra Servers, Critical devices and desktops on demand to identify the vulnerabilities and co-ordinate with IT Help desk for remediating the servers and desktops by providing technical assistance there by making network protected • BCP SPOC for the co-ordination of the Bi-annual tests • Conducted information security awareness sessions for all the associates of the organization

• Assisted the organization in audit of ISO 27001:2013 and assisted the client in PCI DSS, ITGC and Second Party Audits. • Helped Client security team created policies, procedures, baselines and standards. • Perform regular network and application scans and report the vulnerabilities in the network and co-ordinated with stake holders to get the issues remediated. • Software risks analysis and reported the issues to the stake holders for remediation. • Review of various compliance metrics and reporting the Gaps in compliance. • Performed Phishing Campaign organization wide and reported the metrics and provided induction to the phished employees. • Conducted organization Wide Information Security awareness program. • Provide inputs on the security targets to be achieved and helped the Management to form the Security Calendar.