Shibu G S

Conducting ISMS gap analysis and ISMS internal audits; and part of ISO 27001:2005 implementation  Design and implementation of key information management frame work and processes  Support for external audits for ISO 27001:2005 certification and to ensure the continuity of the certificate to the organization  Plan and conduct Physical and logical security audit on scoped environment  Provide status of reporting activities against the program plan, schedule to IS Manager  Design and execute information security awareness training and educational activities  Plan and conduct change management audit on scoped projects and publish the report to IS Manager  Assisted indentifying network and systems infrastructure requirements and implementation of technology solutions based on standard requirement  Conducts activities relating to business continuity management and IT disaster recovery in conjunction with relevant functions  Plan and run risk-based programs and projects including development of processes, procedures, automation and standards across the organization

Prepare audit plan and conduct periodic ISMS audit for organization and report to management, followup for action item to closure.  Lead the external certifications audits such as ISO27001,PCIDSS and SSAE16/ISAE3402 to ensure the continuity of the certificate to the organization  Provide response to customer RFP with respect to compliance requirements.  Assess and oversee all technology-related security and compliance issues across the organization including information security, disaster recovery, user access and data integrity  Conduct mock client audits and ensure client controls are implemented and adhered to the requirements and provide evidences on need basis to client  Conduct periodic audit on access control (physical & logical)with the organization responsibility matrix to ensure compliance.  End to end co-ordination with vendor for compliance tool implementation in organization and SPOC for maintenance  Design and execute information security awareness training through intranet and internet and client specific training for identified resources across organization.  Prepare DR Test plan, participate and perform audit in DR testing and Conduct post test review meetings to discuss the observation. Preparing and publishing the DR test report to management and client on need basis.  Co-ordinate for in Vulnerability assessment and Penetration Testing and verify compliance and remediation support on security vulnerabilities  Responsible for end to end process gap analysis and risk assessment as part of ERP implementation

Perform pre-contract Due Diligence assessment for Third party vendors  Interact with Business and Sourcing and understand the requirement and provide security control for the Third Party Vendors  Provide support to Citi businesses for the execution of third party risk management activities  Assess Vendors based on Citi vendor standards and provide Risk Rating and applicable controls for Vendors  Perform TPISA (Third-party Information Security Assessment) based on requirements and publish the assessment results to Business Activity Owner  Review documentation related to a third party’s internal controls (internal/external audit reports, third party CoB testing results, fourth party/subcontractor management )based on Risk Tiring report  Physical, Logical and HR compliance assessment for Third Party Vendors and publish the gap to Vendor and get the CAP and redo the assessment for Closure of gaps  Monitoring third party’s performance to SLAs and publish Dashboard to Citi Business Owners  Maintain relevant databases and provide data input to support reporting and metrics  Core team and active member in Risk and control with respect to Citi information security at site and region level  Provide guidance to team members on Vendor Risk assessments