| Contact Information | |
| Name: | Salil Sudharman |
| Email: | salils (at) hotmail (dot) com [email concealed] |
| Location: | Mumbai, Maharashtra, India |
| Resume | |
| Position/Title: | CISO |
| Resume: |
Personal Details: Address: C4\203, Saket Complex, Thane (West), India 400 601. Email: salils (at) hotmail (dot) com [email concealed] DOB: 15th November 1968 Objective: Implement and manage Information Security Compliance for an Organization where Data Protection and Compliance to Information Security Standards is a business enabler function. Relevant Key Skills: A total of 15 years experience, including 12 years in system security and Information Security, covering the areas, ISMS Management, Security Operations Center Management and Computer and Network Security Implementation and Consulting. Sound Networking Knowledge, NT, Linux\Unix, Routers, Switches, Defense in depth - Layered Security - Firewalls, Intrusion Detection, OS Hardening, Malicious Code Security, Risk Assessment, Security Policies and Procedures, IT controls implementation, Project Management, Security Training, Development and Management of Security Team. Ensure high availability of critical business systems by building in redundancy and implementing strong processes like Change Management, vulnerability & patch management etc. Security Standards: BS 7799 / ISO 27001, GLBA, HIPAA, PCI DSS, DPA, SOX. Employment Details: January 2005 to Present: Organization: Adventity BPO Pvt. Ltd. Designation: Senior Manager - Information Security Adventity is a leading provider of Knowledge Process Outsourcing Services to the Financial Services Industry. The client list includes the top global investment banks, hedge funds, asset managers and private equity funds. Primary Responsibility: ISMS Manager for the company (Chief Information Security Officer), responsible for the ongoing Management of the ISMS and ensure compliance to the ISO 27001 standard. Manage Information Risk and Compliance to Contractual and Regulatory requirements. Coordinate with the different business heads for process specific requirements for information Security and compliance. Conduct quarterly Management ISMS review meetings, define goals and action items and review the same with the ISO team and provide updates to the Management. Develop and Manage the Information Security team comprising Security Analysts and Senior Analysts responsible for security monitoring on a 24x7 basis across the different locations. Implement and Manage various IS and IT systems and processes related to Information Security, provide high service uptimes for business critical services like email, internet links, perimeter security systems, client dedicated links and remote access systems. Manage Incident detection, response and escalation processes. Manage the Change Manage Process; Chair the weekly CM meetings and review of all critical changes. BCM Manager responsible for maintaining and updating the Business Continuity and Disaster Recovery Plan in coordination with the BCP Core Group. Plan and track the implementation of various IT, HR and Facilities related redundancy and recovery systems and procedures. Periodically conduct BCP and DR testing for IT systems and Business Processes. Conduct periodic Risk Assessments for the Physical and IT Assets in line with the ISO 27001 standard. Primary respondent for Client Compliance, Audits, Information Security requirements and RFPs. Highlights and Achievements: BS 7799 Certification was achieved within 5 months of joining the company in May 2005. Migration to the ISO 27001 Standard was successfully completed in January 2007. March 2003 to January 2005: Organization: Ocwen Financial Solutions Pvt. Ltd. Designation: Manager - Information Security Ocwen Financial Solutions Pvt. Ltd. is a wholly owned subsidiary of Ocwen Financial Corporation, a financial services company headquartered in West Palm Beach, Florida. The Information Security process had a direct reporting into the Head of Risk Management at Ocwen Federal Bank. Primary Responsibility: Managing the Security Operations Center (SOC), recruiting and training the team for the Security Operations Center. Defining standard procedures and practices including escalation procedures, monitoring guidelines and imparting the required training to the team to ensure balanced monitoring capability on a 24x7 basis. Conducting Periodic Risk Assessment, evaluation and enhancement of existing controls for IT risk. Supervise the quarterly network vulnerability audits, review and follow up for any exceptions detected. Managing the security systems, enhancement of security systems and processes to maintain a high level of security across the Enterprise. Business Continuity Plan Administrator for the Risk Management Department. Plan, review and implement the controls for BCP and solutions for high availability and redundancy for critical IS / IT systems like the mail gateway, perimeter security devices and security monitoring systems. Highlights and Achievements: Visited Ocwen`s facilities at Orlando and WPB to study the existing security systems and controls, involved in planning and implementation of Netforensics and Vigilent Pentasafe Security Systems. Supervised the creation of the Executive Dashboard for Security to provide the top management with a overview of Enterprise wide Information Security. Successfully completed the Sarbanes Oxley Audit cycles and the OTS audit for GLBA compliance in May - June 2004. October 2000 to March 2003: Organization: TATA Internet Services Pvt. Ltd. Designation: Executive - Networks Primary Responsibility: Designing, Implementing and Managing Enterprise wide security; providing Security solutions to corporate customers Defined the Site Security Policy, designed and implemented a layered security architecture for the TATA Internet POP and IDC across 5 major cities. Security Training for security monitoring and response to various attacks, implemented procedures for Change Manage, Password Policy Enforcement. Security Management Vulnerability Management, Security Audit, Incident and Complaint handling. Deployed tools like Sniffer, Cybercop scanner, NFR NIDS, Nessus scanner, Nmap with custom scripts, Log Analyzer, Dsniff TCP Kill, etc. Designing of Managed Security Services to be offered to IDC customers in the areas of Vulnerability Assessment, Secure Network Design, Perimeter Security, Intrusion Detection, Host Security, Virus and Content Security. Highlights and Achievements: Suntone Certification for IDC: Successfully completed the Suntone audit process, meeting all the requirements for network security as per the Suntone specifications. The TATA Internet IDC subsequently received the Suntone Certification in April 2002. Tata Internet Supernova Award: Received the Tata Internet Supernova award for exceptional performance in contributing towards a highly secure network under conditions of severe time and resource constraints October 1997 – September 2000: Organization: I.T. Secure Software Pvt. Ltd. Designation: Technical Consultant • Planning and Deploying Firewall and VPN Solutions, Gauntlet Active Firewall and PGP VPN, NAI PKI Server, Checkpoint Firewall-1 and OPSEC solutions. • Network vulnerability auditing for large Networks using NAI Cybercop scanner. • Malicious code security projects for large corporate networks involving deployment of anti-viral software at various levels of the network, desktops, servers and gateways, using Dr. Solomon, Mcafee and Symantec Products. • Internet Content Management Solutions for Email and Web using products from various vendors like Mimesweeper, Elron and Symantec. Highlights and Achievements: NAI NAPS Training Singapore: Selected to attend the NAI training on Network Security held in Singapore in March 1999 due to proficiency and ability to handle Network Security products and solutions. June 1996 - September 1997: Organization: Fifth Generation Software Ltd. Designation: Technical Support Engineer • Handling Product support for various products of FGSL like the Anti-Virus Toolkit, Multilingual software etc. Solely responsible for technical support operations including handling product problems, corporate demos and presentations and planning and implementation for corporate customers. Mar 1993 - Apr 1996: Organization: Oil Field Instrumentation Designation: Logging Engineer • Installation and Maintenance of Computerized Logging units on Oil rigs both onshore and offshore at various locations in India. • Trouble shooting on Dos and Windows systems, maintaining the hardware system and software • Online monitoring and recording of data for analysis, reporting on the Oil and Gas occurrences Preparing the well log and final well report, • Communication of logging data and reports to the Data centers in India and abroad through Inmarsat lines Education: Post-Graduation: Master of Science, Majoring in Geology from Mumbai University in Year 1992 Graduation: Bachelor of Science, Majoring in Geology from Mumbai University in Year 1990 Professional certifications:  MBCI – Member of Business Continuity Institute  Certified LA – BS 7799  CISSP – Certified Information Systems Security Professional (ISC)2  MCP – Microsoft Certified Professional Professional courses:  Diploma in “Communication and Networking Technology” from Aptech Hardcore  Certificate course in “Networking & Administration - Windows NT 4.0” from CMS Institute  Certificate course in “Intranet Technology” from CMS Institute  Certificate course in “Networking with Unix & Linux” from CMS Institute  Network Associates training on Network Security and Management - Singapore March ‘99 References: Will be provided on request. |
