Subrata Das
Cybersecurity GRC Lead
Bengaluru, Karnataka, India
12+ Years Exp
Summary
Technical Skills
Detailed View
Work Experience
Cyber Security Guidance and Assurance Specialist
Signify Innovation Labs
Full Time | 20/07/2021 - Present
India
- Performing Third Party Risk assessment and Vendor Risk assessment.
- Drafting comprehensive Vendor risk assessment report with complete gaps and identifying potential risks.
- Experience using tools like Archer and Service Now.
- Engaged in conducting Risk and Controls Assessments following the guidelines and framework outlined by NIST standards and the NIST framework.
- Performing Business Impact Assessment and assessment of Control.
- Working on Control selections and control designing to mitigate the identified risk.
- Providing recommendations and Performing Risk Assessment on cloud and on Prem.
- Working on each controls and evidence gathering and planning and execution of the internal Audit.
- Cloud Security Risk assessment Audit and Cloud Security Service assessment and posture management (like AWS).
Associate Manager
T-Systems India Private Limited
Full Time | 19/11/2019 - 08/07/2021
Bengaluru, Karnataka, India
- Performed Security Assessment in terms of Risk and BIA.
- Performed Information Risk Management.
- Managing risk and ensuring compliance with the GDPR regulations.
- Closely worked with Architect team stakeholders and Project Management team.
- Identified the risk, treated the risk and worked on control onboarding.
- Tracked the Risks in IGRCS and Jira, checked the Design of the control and effectiveness of the control.
Technical lead and Cyber Defense Consultant
Wipro Technologies Limited
Full Time | 21/01/2019 - 06/11/2019
Bengaluru, Karnataka, India
- Cyber Defense Consultant and Risk Management.
- Performed Internal audits as per ISO 27001.
- Created a security awareness training and program.
- Successfully managed PCI DSS requirements for a banking client by conducting internal audits in alignment with the PCI standards.
- Presented IOC and Threat Indicators and Offenses triggered in Weekly status report to the customer.
- Provided breach analysis for any security Incidents or offences in the Weekly & Monthly Deck.
- Provided breach analysis for any security Incidents or offences in the Weekly Deck.
- Assisted with internal controls walkthroughs and obtaining evidence requested from audit teams.
- Aided in designing new processes or controls to enhance risk management programs.
- Aided the remediation effort for control failures and process improvements.
- Aided in reviewing internal controls and security of systems under development as well as major IT projects and initiatives.
Technical Specialist
IBM India Pvt Limited
Full Time | 23/01/2017 - 05/12/2018
Bengaluru, Karnataka, India
- Information Technology audit and risk management.
- Experience in evaluating the adequacy and effectiveness of policies, procedures and processes.
- Performed Gap analysis, identified the risk, and set up appropriate risk mitigation plan.
- Experience in review and development of risk ratings.
- Identified and evaluated Technology risks and controls, including supporting technology processes.
- Experience with control evaluation and testing that included documentation of testing and reporting.
- Continuously engaged with senior and line management to ensure timely closure of IT audit recommendations.
- Reviewed processes and policies, shared best practices for improvement, and assisted investigations.
Security Operation Lead
Attra Infotech Pvt Limited Company
Full Time | 20/10/2015 - 11/01/2017
Bengaluru, Karnataka, India
- Security Operations Lead Managing L1 and L2 Security engineers.
- CSIRT mail box is monitored for any suspicious mails.
- Investigated on Phishing e-mails and failures on multiple login attempts, Firewall, Blue Coat proxy deny issues.
- Ensured active DDOs monitoring is performed, proper owner is assigned.
- Prepared and reviewed Weekly and Monthly status reports and performed SLA breach analysis.
- Led and managed team of Security operations team.
- Ensured Security monitoring team acknowledges all the events related to suspicious and malicious activity.
- Ensured incidents were investigated before confirming as false positives.
Incident & ITSM Manager
HCL Technologies Limited
Full Time | 20/08/2013 - 08/10/2015
Noida, Uttar Pradesh, India
- Worked with GRC Manager for any security breach incidents.
- Assisted in drawing up risk-based Annual IT audit plan based on HCL's IA methodology and submitted for IT Audit Lead's inputs.
- Ensured use of IT Audit tools where applicable and Ensured documentation quality and compliance to the HCLs Inter Audit methodology.
- Regular tracking to ensure timely completion of IT Audit engagements.
- Ensured regular coordination between IT consultant and HCL stakeholders to ensure uninterrupted and regular flow of information, observations, mitigation plan and other relevant information.
NOC Analyst and Incident Analyst
Aon Hewitt Associates (Consulting and Technology)
Full Time | 21/08/2012 - 10/07/2013
India
Responsibilities as NOC Analyst and Incident Analyst:
- Responsible for working in a 24x7 NOC Operation Center.
- Followed detailed operational processes and procedures to appropriately analyze, escalate and assist in remediation of critical information security incidents.
- Monitored, Analyzed and notified the alerts to respective stakeholders and took action as applicable.
- Followed Incident management procedure.
- Followed up on Reported Security incidents.
- Maintained device health and security update status.
- Updated Knowledge base.
- Coordinated and followed up with other support groups for remediating security incidents within SLA.
Command Center & IT Analyst
Tata Consultancy and Services Limited
Full Time | 24/05/2011 - 09/08/2012
Gurugram, Haryana, India
- Datacenter operations: Worked as monitoring operations analyst for all servers and network devices in Solarwinds tool.
- Acknowledged all critical alerts, raised incidents accordingly, and assigned to appropriate distributed offshore or onshore teams.
- Responsible for following ITIL processes like Incident Management, Change Management, and Problem Management.
Incident Analyst
HCL Technologies Limited
Full Time | 19/02/2008 - 11/05/2011
Noida, Uttar Pradesh, India
- Worked as Incident Analyst and handled users’ desktop Issues, Outlook Issues, SAP password VPN Issues.
- Worked in Global Access management team and handled Service Request to grant access and permissions to user’s shared documents, shared files and folders in Windows Active directory.
Education
Bachelor of Technology
DR.M.G.R Educational and Research Institute(Deemed University)
11/06/2003 - 06/06/2007
Major in Computer Science
Cyber Security 1 Year Program
NIT Rourkela (Edureka)
Certifications

GDPR Certified from TUV NORD , PCI DSS and HIPPA Compliance

ISO 31000 TUV NORD, CEH Version 11 and Certified Threat Intelligence

ISO27001:2013 TUV

Certified Network Defender
EC Council

AWS Cloud Solution Architect trained (Associate Level )
Amazon Web Services

Windows Active Directory Certified

Server Administration on 2008 server

2012 CCNA Internal Certified

AWS Cloud Security trained, Fundamentals on Cloud Security

ITIL V3 Foundation Certified

CompTIA Security +

CEH trained
EC Council

Certified in Exin Cloud Computing

Trained on Splunk
Edureka