Kumar Saurabh

Experience

• 

  GEQD (Central Forensics Lab) Hyderbad

  May 2009 - Jul 2009

  Summer Traniee

  Completed internship in GEQD, Hyderabad and worked on the technology EFS i.e Encrypted File System.I was given the task to decrypt the hard drives which has EFS. I developed the report on EFS structure and gave them suggestions of some tools by which they can open the hard drive's encrypted files.My suggestions were greatly acknowledged and appreciated.

• 

  SISA Information Security Pvt. Ltd.

  Jun 2010 - Dec 2011

  Associate Consultant

  -Technical Risk Assessment of Datacenter for leading telecommunication organization in Egypt with the help of ISMS and Octave methodology.-Information Systems Audit of an application, for one of the largest organization in the communications industry engaged in the manufacturing of mobile devices, according to RBI Guidelines.-Computer Forensics analysis for credit card frauds, of one of the largest retail organization in Middle East.-Web Application Penetration Tests to assess the security of an application and evaluate the strength of controls that are implemented to protect the application and organization from risks posed by application-based flaws.-External Network Vulnerability Assessments to identify and analyze the network security from an outsider perspective and protect the organization’s CIA of business, technical data and information.-Internal Network Vulnerability Assessments to enhance the Information Security culture of an organization through identifying, analyzing and reporting the gaps which may be used to threaten the CIA of information.-External and Internal Penetration Tests to evaluate the security of organization’s network, computer systems and applications through Ethical Hacking.-Management of entire PCI-ASV Scanning process and has been playing a pivotal role in defining reporting format and QA Review Manual for ASV reports, Vulnerabilities mitigation consulting and taking and qualifying annual ASV re-certification exam held by PCI-SSC test lab as per PCI-SSC requirements.-Security Product evaluation and configuration for enterprise environment e.g. DLP.-Conducted Training programs for new members. Show less

• 

  ControlCase

  Jan 2012 - Mar 2013

  Consultant

  -Performed Gap Assessments in the context of PCI-DSS for Leading banks in Vietnam.-Performed Application Penetration Testing for Banking and Credit Card Applications, Shopping Cart Applications, Payment Switch and Payment Gateway applications-Performed External Network Vulnerability Assessment and Penetration testing for leading Banks, Payment Gateways, Third Party Processors, IT Companies, Software Development firms, E-commerce organizations.-Performed Secure Configuration Review for various Operating Systems.-Performed Internal Vulnerability Assessments for industry leading Payment Gateways and Banks.-Performed Firewall Rule-set Reviews.-Performed Card Data Discovery with the help of ControlCase Proprietary CDD Tool. Show less

• 

  IBM India Private Limited

  Apr 2013 - Aug 2016

  -Worked on multiple implementation and sustainment projects related to “Data Security and Privacy” based on EU data protection law and IBM DS&P framework. This includes review of the privacy and security control established at third party and business associates to ensure the industry standard privacy practices have been adhered. -Developed policy, procedure and controls based on EU data protection Law, application DS&P laws and IBM data security and privacy framework. Analyzing existing policies against the control framework and identifying potential gaps-Identifying key business functions and processes that collect, store, process, use, and/or share Personally Identifiable Information and Performing business process privacy readiness assessment against the identified requirements-Performed web application vulnerability assessment and penetration testing of external facing and internal application based on OWASP top 10 and SANS web application security guidelines.-Performed source code review of stand-alone application and provide comprehensive reports that enumerates the vulnerabilities.-Involved with global team of PCI-DSS to build the QA process and to initiate the service in India. Also involved in PCI-DSS scope understanding and proposal creation for potential clients in PCI-DSS domain. -Involved in computer forensics analysis for security breach in one of the biggest Motor Cycle brand. Also involved in understanding the case and logically connected the events to identify the root cause. Performed forensic imaging of the hard disk, log review of network, OS, Application, AV, and other supportive devices. -Involved in preparing vulnerability assessment and penetration testing, code review, security audits estimation and proposal creation. Show less

  • Advisory Consultant

    Dec 2014 - Aug 2016

  • Senior Consultant, Security and Privacy

    Apr 2013 - Nov 2014
• 

  JPMorgan Chase & Co.

  Aug 2016 - Jun 2017

  Associate of Corporate Technology & Risk
• 

  Mashreq Bank

  Jun 2017 - Jun 2019

  Information Security Manager
• 

  Grab

  Jul 2019 - Nov 2021

  Senior Security Compliance Strategist
• 

  Mashreq Bank

  Nov 2021 - now

  AVP - Information Security Compliance