I currently hold the post of “Assistant Vice President – Enterprise Security and Risk Management” at Aricent and head the responsibility for Global Information Security. I hold professional certifications such as Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). I have extensive experience in ISO27001 Audits and Certifications, Infrastructure Security, SAP Compliance, Business Continuity, Disaster Recovery, Security Policies and Procedures, Risk Management, Security Governance and Compliance. I have successfully institutionalized and implemented security procedures for Infrastructure Security and Application Compliance across the organization.
My passion for challenges led me to the Information Security profession that is very essential for protecting organization’s intellectual property and enhancing its reputation through mitigation of risk. I have handled leadership roles in various domains in IT which helps him in taking a holistic view of security. I strongly advocate putting in place an Information Security Strategy for the organization. The strategy should be aligned to Business objectives and should align with the organization from the boardroom to end users, and information security controls should be practical and provide real, measurable risk reduction.
CISO’s should be aware of the current threat landscape and focus on maximizing the effectiveness of IT security strategy. Almost all organizations deal with consumer or employee information; they should be compliant to data protection acts and take measures to mitigate the risk of loss of the sensitive information in their possession. Personal information needs to be handled securely as mandated to by various regulations to avoid legal ramifications, public backlash and business problems. Data security controls should be enforced for protection of data residing in databases, applications, systems across both production and non-production environments.
Security outsourcing is an important part of an organization’s security strategy. Managed security services (MSS) offer advantages in reducing security vulnerabilities, predicting attacks, suggesting remediation, responding to incidents and analyzing forensics to reduce the possibility of future events. For the success of the outsourcing strategy it’s important for organizations to carefully define the scope of the engagement and the expected deliverables. All these should be minutely captured in the agreement signed with the partner. An effective tracking mechanism should be put in place to monitor that the partnership is delivering the expected results.
With the ever expanding threat landscape, the vendors need to be on top of the requirements for information protection, risk assessment and mitigation, incident management (prevention, detection and response), consistent with industry best practices. They should be well versed with the latest developments in security threats and emerging technologies so as to provide a detailed roadmap for effective implementation of the security strategy.