Subrata Das

Cybersecurity GRC Lead

Bengaluru, Karnataka, India

12+ Years Exp

Summary

Subrata Das, an accomplished cybersecurity professional, brings over 12 years of expertise in various areas including GRC, AWS Cloud Security, and Security Operations. With a focus on risk management, audit compliance, and findings management, Subrata leverages tools like Archer, IGRCS, and Jira to deliver exceptional results. His extensive experience encompasses working on multiple compliance programs such as HIPAA, GDPR, SOC1, SOC2, and NIST-CSF. Notably, Subrata holds certifications in ISO 27001 and 31000 Risk Management, demonstrating his commitment to industry best practices. He excels in stakeholder management and has a proven ability to build strong relationships. Currently serving as a Cybersecurity GRC Lead, Subrata plays a vital role in conducting application risk assessments, security posture assessments, and vendor risk assessments. His skillset includes conducting business impact assessments, designing effective controls, and performing internal audits. Furthermore, Subrata possesses valuable knowledge of security architecture, having closely collaborated with architect teams in his previous positions.

Technical Skills

Detailed View

Cybersecurity GRC

ISO 27001 Standard

Agile

Archer GRC

IGRCS

PCI DSS and HIPPA Compliance

NIST-CSF

GDPR

PCI DSS V3.2

ServiceNow

IT Act 2000

Amazon Web Services

JIRA

Computer Audit

Information Security Audit

Work Experience

Cyber Security Guidance and Assurance Specialist

Signify Innovation Labs

Full Time | 20/07/2021 - Present

India

Formerly Philips Lightning

Performing Third Party Risk assessment and Vendor Risk assessment.
Drafting comprehensive Vendor risk assessment report with complete gaps and identifying potential risks.
Experience using tools like Archer and Service Now.
Engaged in conducting Risk and Controls Assessments following the guidelines and framework outlined by NIST standards and the NIST framework.
Performing Business Impact Assessment and assessment of Control.
Working on Control selections and control designing to mitigate the identified risk.
Providing recommendations and Performing Risk Assessment on cloud and on Prem.
Working on each controls and evidence gathering and planning and execution of the internal Audit.
Cloud Security Risk assessment Audit and Cloud Security Service assessment and posture management (like AWS).

Associate Manager

T-Systems India Private Limited

Full Time | 19/11/2019 - 08/07/2021

Bengaluru, Karnataka, India

Performed Security Assessment in terms of Risk and BIA.
Performed Information Risk Management.
Managing risk and ensuring compliance with the GDPR regulations.
Closely worked with Architect team stakeholders and Project Management team.
Identified the risk, treated the risk and worked on control onboarding.
Tracked the Risks in IGRCS and Jira, checked the Design of the control and effectiveness of the control.

Technical lead and Cyber Defense Consultant

Wipro Technologies Limited

Full Time | 21/01/2019 - 06/11/2019

Bengaluru, Karnataka, India

Cyber Defense Consultant and Risk Management.
Performed Internal audits as per ISO 27001.
Created a security awareness training and program.
Successfully managed PCI DSS requirements for a banking client by conducting internal audits in alignment with the PCI standards.
Presented IOC and Threat Indicators and Offenses triggered in Weekly status report to the customer.
Provided breach analysis for any security Incidents or offences in the Weekly & Monthly Deck.
Provided breach analysis for any security Incidents or offences in the Weekly Deck.
Assisted with internal controls walkthroughs and obtaining evidence requested from audit teams.
Aided in designing new processes or controls to enhance risk management programs.
Aided the remediation effort for control failures and process improvements.
Aided in reviewing internal controls and security of systems under development as well as major IT projects and initiatives.

Technical Specialist

IBM India Pvt Limited

Full Time | 23/01/2017 - 05/12/2018

Bengaluru, Karnataka, India

Information Technology audit and risk management.
Experience in evaluating the adequacy and effectiveness of policies, procedures and processes.
Performed Gap analysis, identified the risk, and set up appropriate risk mitigation plan.
Experience in review and development of risk ratings.
Identified and evaluated Technology risks and controls, including supporting technology processes.
Experience with control evaluation and testing that included documentation of testing and reporting.
Continuously engaged with senior and line management to ensure timely closure of IT audit recommendations.
Reviewed processes and policies, shared best practices for improvement, and assisted investigations.

Security Operation Lead

Attra Infotech Pvt Limited Company

Full Time | 20/10/2015 - 11/01/2017

Bengaluru, Karnataka, India

Security Operations Lead Managing L1 and L2 Security engineers.
CSIRT mail box is monitored for any suspicious mails.
Investigated on Phishing e-mails and failures on multiple login attempts, Firewall, Blue Coat proxy deny issues.
Ensured active DDOs monitoring is performed, proper owner is assigned.
Prepared and reviewed Weekly and Monthly status reports and performed SLA breach analysis.
Led and managed team of Security operations team.
Ensured Security monitoring team acknowledges all the events related to suspicious and malicious activity.
Ensured incidents were investigated before confirming as false positives.

Incident & ITSM Manager

HCL Technologies Limited

Full Time | 20/08/2013 - 08/10/2015

Noida, Uttar Pradesh, India

Project: Anglo American (Mining Project)

Worked with GRC Manager for any security breach incidents.
Assisted in drawing up risk-based Annual IT audit plan based on HCL's IA methodology and submitted for IT Audit Lead's inputs.
Ensured use of IT Audit tools where applicable and Ensured documentation quality and compliance to the HCLs Inter Audit methodology.
Regular tracking to ensure timely completion of IT Audit engagements.
Ensured regular coordination between IT consultant and HCL stakeholders to ensure uninterrupted and regular flow of information, observations, mitigation plan and other relevant information.

NOC Analyst and Incident Analyst

Aon Hewitt Associates (Consulting and Technology)

Full Time | 21/08/2012 - 10/07/2013

India

Project: In-House Support

Tools used: Network Operation Center.
Responsibilities as NOC Analyst and Incident Analyst:

Responsible for working in a 24x7 NOC Operation Center.
Followed detailed operational processes and procedures to appropriately analyze, escalate and assist in remediation of critical information security incidents.
Monitored, Analyzed and notified the alerts to respective stakeholders and took action as applicable.
Followed Incident management procedure.
Followed up on Reported Security incidents.
Maintained device health and security update status.
Updated Knowledge base.
Coordinated and followed up with other support groups for remediating security incidents within SLA.

Command Center & IT Analyst

Tata Consultancy and Services Limited

Full Time | 24/05/2011 - 09/08/2012

Gurugram, Haryana, India

Project: Boston Scientific (US Healthcare)

Datacenter operations: Worked as monitoring operations analyst for all servers and network devices in Solarwinds tool.
Acknowledged all critical alerts, raised incidents accordingly, and assigned to appropriate distributed offshore or onshore teams.
Responsible for following ITIL processes like Incident Management, Change Management, and Problem Management.

Incident Analyst

HCL Technologies Limited

Full Time | 19/02/2008 - 11/05/2011

Noida, Uttar Pradesh, India

Worked as Incident Analyst and handled users’ desktop Issues, Outlook Issues, SAP password VPN Issues.
Worked in Global Access management team and handled Service Request to grant access and permissions to user’s shared documents, shared files and folders in Windows Active directory.