Sanjay Saha, CISA

Experience

• 

  Standard Chartered

  Apr 2006 - Feb 2010

  System Controller, Data Centre (IT Dept.)

  • To run the EOD (End-of-Day) procedures of SCB core banking software eBBS and other surrounding systems like eMortgage, eCAPS, eGLEX, OPICS etc. • Coordinate with the Hong Kong Data-Center & the Support Team of India for any abnormalities in EOD. • To take backup of Data and Applications of windows server using Brightstor ARCserve, Database server (DB2) using TSM server, ATM system, AS/400 system etc, in DLT/ LTO tapes.• To restore backups in DR (Disaster Recovery) sites as per schedule and requirement.• To monitor Computer Network for LAN and WAN environment such as ATMs, POS, Servers, and Communication equipments (VSAT, Radio Link, Fiber Link) using various monitoring tools.• Update regularly Data Centre Inventory such as Computers, Servers, and Tapes etc both in production and DR sites and prepare various types of MIS reports.• Operational improvement & process amplification. Show less

• 

  BASIC Bank Ltd

  Feb 2010 - Jan 2023

  • Conduct IT audit by Identifying, assessing, evaluating and monitoring internal and external information security risks and security issues of information assets.• Assess implemented appropriate administrative, physical and technical controls to ensure availability, integrity and confidentiality of information assets.• Assess and audit ICT Security and Risk related policy and frameworks like ICT Security policy, ICT Risk Management Framework, Incident Management, Password policy, Backup & Restore policy, VAPT policy, BCP & DRP, Change Management, Patch management, Configuration management etc., as per regulatory guidelines and international standards.• Conduct VAPT to detect different system flaws using standard tools like Nmap, OpenVAS, nessus, Metasploit etc. using Kali Linux and windows platform.• Assess vulnerability management, penetration testing, incidents, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.• Develop IS Audit Framework for audit reporting and monitoring.• Prepare IS Audit plan and develop tools & materials for IS audit.• Prepare audit report for submission to the management.• Information Systems Audit specially on Windows, Linux and Unix and other different distributions.• Auditing in Data Center and Disaster Recovery site.• Conduct follow up audit to assess how well responsible managers/functions had implemented the recommendations made in the previous conducted comprehensive audit.• Define ICT security requirements and measure compliance, based on Bank's policies/procedures, applicable laws, regulations and best practices.• Assess end point security antivirus management and operation. Show less • Administration and Maintain AIX, Linux and windows system.• Administration and Maintain IBM V7K and DS4700 Storage. • Maintain of LPAR & VIOS and Virtualization by VMWare and Hyper-V.• Apply OS patches and upgrades administrative tools.• Maintain access control as per rules and necessity of AIX, Linux and windows system and monitor system audit regularly.• Take Data and Applications backups and restore backups in DR sites.• Perform export, import, analyze, RMAN backup etc. in Oracle database.• Monitoring of Data Center environment, Temperature, Humidity, water leakage, light, fire suppression system, UPS, Dehumidifiers etc and taking necessary steps if needed.• Communicate and work with vendors for different servers of datacenter. Show less

  • Assistant Manager, ICT Division

    Dec 2015 - Jan 2023

  • Officer, ICT

    Feb 2010 - Dec 2015
• 

  SBAC Bank PLC.

  Dec 2022 - now

  Executive Officer

  •Development and update ICT Security and Risk related policy and frameworks like ICT Security policy, ICT Risk Management Framework, Incident Management, Password policy, Backup & Restore policy, VAPT policy, BCP & DRP, Change Management, Patch management, Configuration management etc., as per regulatory guidelines and international standards.•Identify, assess, evaluate, treatment and communicate internal and external information security risks and security issues of information assets as per ICT risk management framework.•Design and implement appropriate administrative, physical and technical controls in consultation with process owners to ensure availability, integrity and confidentiality of information assets.•Work with internal/external auditors and outside consultants as appropriate on required security assessments and audits.•Prepare compliance report for different regulatory and others like Bangladesh Bank, ICT Ministry, BGD e-GOV CIRT , BIBM etc.•Train, guide and act as an internal resource on Information Security functions to other departments. Manage the security awareness training programs and strategies to address awareness and training for all stakeholders.•Define ICT security requirements and measure compliance, based on Bank’s policies/procedures, applicable laws, regulations and best practices.•Network Security monitoring via different monitoring tools such as SIEM, IPS, IDS.•Conduct VAPT to detect different system flaws using standard tools.•Prepare action plans for Network Security related emergencies and alarms.•To implement IS security related standards like ISO 27001/2, PCI-DSS etc. Show less