Subhajit Bhuiya

• Information Risk assessment and Risk treatment/mitigation • Designing information security policy, processes, procedure and guidelines • Information Security Audits (ISO/IEC 27001:2005) • Compliance reporting, audit issues follow up & closure • Business continuity management system implementation. • ISO 22301:2012 - BCMS Design & Implementation • Provide assistance to the audit manager and work effectively as a member of the audit team; • Conduct Information Security Assessments/ Reviews for multiple Financial services and information policies and standards & ISO 27001 standard requirements. • Perform information security Risk management and Risk assessment. • Provide security advisory to business stakeholders based on ISO 27000 information security standards and best practices. • Had worked in implementing Archer out-of-box solutions including Policy Management, Compliance Management, Enterprise Management, Business Continuity management, Vendor Management and Issue Management.

• Business Analysis – Subhajit has worked as Business Analyst on developing end to end revenue and cost management system to implement sales governance, resource management and cost management for the organization. He was responsible for gathering functional and technical requirements from the client and coordinating with developers and tester to develop and deploy the system according to client’s requirements. • ITIL Service Delivery and implementation – subhajit has had the privilege to work with top banking and financial services firms from Middle East, Asia and Africa regions to effectively implement ITIL practices such as Change Management, Incident Management and Problem Management within the organization and participated in audit activities for mentioned ITIL processes. He has had an experience of working on HP Service management tool to successfully implement ITSM processes. • Information Security Management System /ISO 27001 - Subhajit has been involved in the reviewing ISO 27001 Standard requirements and NIA compliance for UAE Client. He also participated in a large end-to-end project to review the IT Strategy and Architecture implementation for the client. As part of these projects he assisted in all the phases including those to develop the architecture layers for business services, data, applications and technology infrastructure

• GRC solutions development and implementation • Advisory on the InfoSec solutions for SOC (Security Operations Centre) • Design, implementation and management of various Information Security Standards for the client- ISO 27001:2013, PCI-DSS • Risk Management for clients using frameworks designed as per ISO 31000:2009, ISO 27005:2011, etc. • Enabling the clients with security awareness programs - Formulation and Delivery • Conducting Internal Audits against ISO 27001:2013, ISO 22301:2012 and ISO 20000:2011 for various clients • Implemented ITSM processes compliant with ISO 20000-1:2011 Standard at which enabled the Organization to successfully acquire ISO 20000-1:2011 Standard Certification. • Co-managed the project to implement Information Security Management Systems (ISMS), based on ISO 27001 Standard, which earned ISO 27001:2013 Standard Certifications for the organization. • IT Team augmentation with training on industry best practices based on ITIL framework. • Provision of consultancy services on IT Service Management & Information Security and Enterprise Governance of IT (process assessment & improvement) using COBIT 5.0 for several other organizations.

• Design and Implement ISO 27001:2013 standard and framework in organizations across domains like banking, manufacturing, mining etc. within Europe region • Manage the Business Continuity activities and Disaster Recovery activities for organizations in Banking and telecommunication sectors including Application Criticality Assessments • Coordinate and facilitate various business continuity activities such as rehearsals, Revert Back rehearsals and also coordinate the Disaster Recovery tests to ensure compliance with regulatory requirements in various domains and geographies • Develop and standardize policies, procedures and guidelines pertaining to Information Security, Data Management, BCP/DRP, PCI-DSS etc. • Develop, streamline and define the Information Security Management Systems, KPI’s, KRI’s, Security Dashboard. • Perform third party BCMS, ISMS audits and manage ISMS surveillance audits across organizations in various domains • Design & implementation of PCI – DSS requirements in conjunction with ISMS • Program manage the implementation of large-scale organization wide strategic initiatives and programs in close co-ordination with various business units within the organization • He has carried out multiple IT Audits in Europe covering Policies and Procedures (adequacy, assignment of Roles and Responsibilities), IT Service Level Management, IT Risk Management and IT Operations Review. He has also carried out an audit of the control design existing in the current IT environment, review of previous audit issues and documented risks. He also interviewed stakeholders to understand the operational effectiveness of the controls in place. • He has an overall experience in auditing BCM Governance framework including policies, procedures and processes; roles and responsibilities of business continuity and Crisis Management team. He has also assisted clients in identifying and defining critical business processes as part of Business Impact Analysis (BIA) / Business Continuity Plan (BCP and evaluating if the IT Disaster Recovery Plan (IT DRP) is developed and implemented in alignment with BCP. • He has performed Gap Assessment for existing IT environment against industry standards and best practices as per requirements of the clients. He has also developed the applicable frameworks as per industry standards and best practices in domains such as information security, ISO 27001, CoBiT, NIA 2.0, NIST etc.

• Design and Implement ISO 27001:2013 standard and framework in organizations across domains like banking, manufacturing, mining etc. within India and Middle East • Manage the Business Continuity activities and Disaster Recovery activities for organizations in Banking and telecommunication sectors including Application Criticality Assessments • Coordinate and facilitate various business continuity activities such as rehearsals, Revert Back rehearsals and also coordinate the Disaster Recovery tests to ensure compliance with regulatory requirements in various domains and geographies • Develop and standardize policies, procedures and guidelines pertaining to Information Security, Data Management, BCP/DRP, PCI-DSS etc. • Develop, streamline and define the Information Security Management Systems, KPI’s, KRI’s, Security Dashboard etc. • Perform third party BCMS, ISMS audits and manage ISMS surveillance audits across organizations in various domains • Design & implementation of PCI – DSS requirements in conjunction with ISMS • He has performed Gap Assessment for existing IT environment against industry standards and best practices as per requirements of the clients. He has also developed the applicable frameworks as per industry standards and best practices in domains such as information security, ISO 27001, CoBiT, NIA 2.0, NIST etc.