Tarun Gupta

Experience

• 

  D M Systems Pvt Ltd

  Jul 2002 - Nov 2005

  Sr. Network Security Engineer

  Managed IT security equipment and technologies for top IT organisations in including IBM, Microsoft and CISCO.

• 

  Petro IT Limited

  Nov 2005 - Oct 2007

  Assistant Manager – IT & Security Management

  Managed IT security for oil and gas projects in Singapore, India and Indonesia.

• 

  RocSearch India Pvt. Ltd.

  Oct 2007 - Jun 2008

  Information Security Manager

  Managed IT security for UK's leading research firm, established ISMS and led ISO 27001 certification. Involved in numerous research projects for Norton, Microsoft and IBM.

• 

  Tulip Telecom Limited

  Jun 2008 - May 2009

  Head of IT Security

  Managed IT security for India’s largest MPLS provider with distributed network environment, supervising a team of seven.

• 

  Sistema Shyam Teleservices Limited - MTS India

  May 2009 - Sept 2011

  Head of Information Security

  Led the information security department of the largest telecommunication operator in Russia, Eastern Europe and Central Asia.Information Security Management & Risk (ISMS)- Responsible for all aspects of MTS Information Security in a distributed environment with 1,200+ servers and network elements in multiple data centers across India and Russia. - Reporting to CIO and CEO, managed 15 direct reports and oversaw 10 in IT security operations teams.- Established and maintained an information security framework (ISO 27001).- Managed systems security audits, incident response team and procedure documentation, risk analysis methodology, intrusion detection systems.- Drafted and led implementation of an information security policy framework. - Worked with Corporate Audit Group (CAG) in defining and managing the IT security audit roadmap.Project Management & Solution Delivery- Built and led the company’s first-ever information security steering committee. - Implemented ISMS projects, IT risk management framework and ISO 27001 certifications for corporate head office, delivery centre and data centres within 12 months. عرض أقل

• 

  Ericsson

  Oct 2011 - May 2013

  Senior Manager Information Security

  Managed a global security and risk team which delivered managed security and consulting services for clients including Telstra, Airtel (Indian telecom), Bharti (India’s largest telecom operator), Reliance and Du (UAE telecom).Information Security Management & Risk (ISMS)- Led security operations and risk team (18 staff across 6 locations) which supported managed services clients.- Assisted establishing ISMS within Ericsson based on ISO 27001. - Conducted internal ISMS audits, vulnerability assessments, process reviews. Participated in external audits for ISO 27001 and PCI-DSS.Project Management & Solution Delivery- Delivered information security activities and projects (ISMS and Business Continuity) for telco clients including Airtel (BCMS), Bharti (ISMS) and Vodafone (ISMS).- Led the global Ericsson team responsible for Telstra’s managed security operations. - Received recognition from Ericsson Senior Vice President for the planning, negotiation and execution of security deliverables within a $1 billion managed service contract between Ericsson and Reliance.Security Architecture & Controls- Established 4 level defence in-depth based architecture for Ericsson (70,000 network elements).- Achieved 70% reduction in frauds and external attacks on ICT systems at Ericsson- Recognition from Airtel in ensuring design of remote access and logging solution for 70,000 core telecom nodes.- Established system security controls for Ericsson, AT&T and Telstra telecom networks عرض أقل

• 

  IctQATAR

  May 2013 - Jan 2017

  Manager

  Security manager providing information security, risk management and audit services.

• 

  Ooredoo Group

  Jan 2016 - Jan 2017

  Senior Manager Business Continuity

  Establish the practice of BCRM (Business Continuity & Resilience Management) and to lead the design, execution and maintenance of the process (Contingency Planning) that identifies risks, threats and vulnerabilities that could impact Ooredoo’s continued operations, business revenues, to provide a framework for building Ooredoo’s resilience and the capability for its effective response to financial, legal, regulatory and technology concerns. Works with Board members, shareholders, regulators and plan owners to develop and implement plans to keep Ooredoo effectively functioning after disruptive events such as natural disasters, cyber-attacks and pandemic viruses. عرض أقل

• 

  IBM

  Jan 2017 - Jan 2018

  Sr. Managing Consultant

  Industrial cyber security subject matter expert providing industry expertise for the energy, environment and utilities industry. Responsible for developing specific industry sales play as well as opportunity tracking and pipeline development and response for IBM Security Services. Ensuring delivery of critical national infrastructure (CNI) security services to energy & utilities, oil & gas, water, transportation and critical industrial process control systems working directly with top clients in Asia Pacific. Services include CNI threat modeling, OT-IT-Physical convergence, maturity capability assessments, risk assessments, security architectures & blueprints, security operation center (SOC) design & implementation, adaptive incident response, and strategies and governance frameworks. عرض أقل

• 

  TÜV Rheinland

  Jan 2018 - Jun 2020

  Principal Consultant, Industrial and OT Cyber Security

  Accountable to build Industrial and OT Cyber Security practice, drive business growth with business development activities and initiatives and support pipeline generation, demonstrating strong understanding of the security frameworks and regulatory compliance controls and overseeing delivery for governance risk, compliance consulting and advisory services focusing on large scale security programs across oil and gas, maritime, transportation, manufacturing and building automation sectors.

• 

  G42

  Sept 2019 - now

  Vice President Enterprise Risk and Assurance

  Leading the Enterprise Risk and Assurance department for a prominent Cloud Service Provider in the Middle East Region.Collaborating closely with regulatory bodies to understand and navigate the evolving landscape of regulations related to cloud services.Managing strategic risks to ensure the company's long-term sustainability and growth in a dynamic and competitive market.Overseeing and implementing regulatory compliance measures to meet the requirements of sovereignty laws and data localization mandates.Spearheading initiatives to harness the power of Artificial Intelligence (AI) while adhering to ethical AI principles and industry best practices.Establishing robust security protocols and frameworks to safeguard customer data and protect against potential cyber threats and vulnerabilities.Ensuring customer privacy by enforcing strict data protection measures and adhering to relevant privacy regulations.Developing and executing comprehensive business continuity plans to mitigate potential disruptions and maintain service availability in adverse situations.Taking a proactive approach to obtain and maintain certifications relevant to the cloud industry, showcasing the company's commitment to excellence and compliance.Collaborating with cross-functional teams to foster a culture of assurance and risk-awareness throughout the organization.Providing leadership and guidance to the team to optimize their performance and enhance the overall effectiveness of the Enterprise Risk and Assurance function. عرض أقل