PRAVEEN MEDPALLIWAR

Responsible for Infrastructure Services and Security. Directing projects including scope planning and definition, project planning, project execution, integrated change control Process, project tracking for cost and schedule and ensure seamless project closure. Role of Information Security Officer to maintain IT Security (ISMS). Implemented ISO 27001:2005 by following ISO27002 guidelines. Coordination with other functions handling information assets to evaluate and work on risk management, audits & mitigation plans of the infrastructure. Certified internal auditor, conducting regular security audits and resolving them to meet compliance. Conducting awareness trainings for security policies, procedures and controls. Meeting SLAs for Security incidents, Maintaining Quality records. Reporting performance to CISO. Recommend actions against security gap analysis to projects for secure delivery with the help of required tools and technologies in SDLC. Designing the security policies and providing inputs as security architect in designing the solution in collaboration with Application and infrastructure solution architect for smooth implementation and operations.

Leading and managing IT infrastructure for Information Security and Services. Process owner for all ongoing activities that serve to provide appropriate access and protect the confidentiality and integrity of customer, employee and business information in compliance with organization policies and standards. Design, Implement and Documentation of Information Security policies and procedures for the organization. Serve as an internal information security consultant to the organization to support customers from Banking and Finance Domain to implement Information Security. Ensure compliance of internal controls for clients. Participate in designing the secured infrastructure architecture with the Application and technical team. Perform risk assessments and gap analysis and serves as an internal auditor for security issues. Manage Internal and External audit engagement, facilitate remediation based on agreed recommendation. Publish audit performance metrics and status dashboards to management.

Member of Technology Governance Risk and Compliance team for Business Resiliency for a US based client. Performing GRC using RSA Archer tool. Perform Risk assessment, Gap analysis and Compliance Audits of IT Systems, Network and applications. Designing and documenting IT Policies and Procedures for Business Units. Conducting periodic audits, reporting and follow ups to ensure compliance for policies and procedures. Facilitating and reviewing BIA, BCP, DRP, Policies and Procedures for Applications and Infrastructure for Business units. Reviewing and validating the technical solution designs to meet the security aspects of the business. Conducting and coordinating Global Business Continuity aligned with ISO 22301 and DR drill exercise. Ensure ISO 27001 compliance. Test and ensure compliance for defined GCC (General Computing Controls). Providing user awareness trainings on Crisis management. Performing Risk Assessments for IT projects. Reporting and presenting the issues to the leadership team. Managing and Administrating Emergency Notification system for crisis management using Everbridge

Ensure the compliance of ISO 27001:2013 for India & US office. Heading the Technology function with a team of resources from Technology, Application and Information Security. Communicate response on RFI, RFP and questionnaire from US & UK Clients for Information Security. Ensure monitoring, testing and compliance for internal controls. Ensure and test Business Continuity requirement for compliance. Perform VAPT. Perform third-party risk assessment and audits. Perform Network & Systems audits and ensure closure of findings in the Internal and External audits. Ensure awareness of Information & Cyber Security across the locations for the organization. Lead the internal audit and facilitate external and client audits. Conduct regular meeting with security committee to present the compliance status. Perform periodic Risk assessment. Ensure that the Operational Risk metrics, assessments and reporting are in line with the expectations.