Dipnarayan Goswami

Experience

• 

  Gujarat Borosil Limited

  Jan 1992 - Jan 1997

  EDP Manager
• 

  HCLTech

  Jun 1998 - May 2000

  Project Leader

  Expertise in Service Delivery, Information Security, Risk Assessment, Security Assessment, Identify Security Controls, Compliance & Governance, Security & Compliance Audit, Information Security training, Information Security SME.

• 

  JBAS Systems Inc

  Jun 2000 - May 2003

  Programmer Analyst

  Successfully lead a team of Oracle Apps DBA and Apps Developers

• 

  Birlasoft

  May 2003 - Jun 2017

  Program Manager - Service Delivery and Information Security

  Service Delivery Management & Operations: Providing end-to-end project management and Governance to projects from Solution, Estimation and Transition to technology mapping, project planning, resource identification and final execution of projects Manages day-to-day operational delivery aspects of a business process. This can be related to Product Integrations, Operations & Project delivery, P&L management, resource management Highly proficient in Incident Management, Service Request & Change Management activities Conducting high profile Major Incident reviews , identification of root cause, interacting with stake holders and understand the issues that need remediation Takes full responsibility for managing projects and deliverables within agreed cost and timescale by meeting the necessary quality standards and to customer satisfaction Actively manages the client relationship including the commercials, risks and opportunities of the development, and acts as the point of escalation for the client Responsible for managing and penetrating existing client account and ensure continuous client satisfaction Responsible for maintaining P&L for respective account/project and follows up with internal sales on various aspects of project pipeline and plan for the delivery accordingly Weekly and Monthly Project review with various stake holders including clients and Senior Management Creating a working environment that is conducive to individual growth & motivates high performance Work as SME for new opportunities (RFP) and provide solution related to Execution Methodology, Governance, Estimation, Resourcing and cost benefits to the customer Involve into Pre-sales activities and driving towards completion of proposal as per the timeline with expected CTQ Show less

• 

  Genpact

  Jul 2017 - Jul 2018

  Sr. Information Security Professional

  Information Security: Develop next generation information security program and framework, including information security strategy, policies and exception management, control remediation, risk assessments, and risk appetite metrics.  Developed architecture solutions to meet the strategic goals of organizations businesses while protecting its assets. Risk and Compliance Architecture focuses on developing Operational Risk Management strategies, mitigation, control testing, Oversight & Compliance, Monitoring and Reporting. Successfully Implemented ISO 27001:2013 controls across the organization Periodic evaluation of InfoSec policies and procedures and made required changes Having good understanding on Cyber security framework like NIST Experienced in managing SIEM, DLP, Network security, End-point security, Email Security projects under security operation centre (SOC) Having good proficiency with Splunk Administration in both Windows Linux platform Expertise in integration of various security tools with Splunk and monitor the events log Execute 24x7 End-point security project (McAfee ePO, HIPS, AV and EPC) to support 300,000+ end-pointsApplication Security, Vulnerability Assessment & Penetration Testing (VAPT): Well conversant with Secure application Design and Development principle Conduct application risk rating and define criticality of application Develop and implement Application Security threat model (OWASP) Well conversant with SAST tools like Checkmarx, AppScan, Coverity, Varacode etc Conduct ad-hoc penetration testing for network and web applications Having good proficiency in Penetration testing tools like Nmap, Netcat, Nessus, Brup Suite, Wireshark, Metasploit, Uniscan, Sqlmap etc Conduct Application security architecture and design review Conduct Application risk review and remediation and publish dashboard for senior leaders Application security process and control development Show less

• 

  Wipro

  Aug 2018 - Dec 2018

  Manager - Security Operation Center

  Managing 24×7 L1/L2 SOC operations on email security, End point security and Web Security which involve several security tools like Proof Point, Carbon Black, Symantec, McAfee, Websense, Bit9, Kibana etc.

• 

  Swiss Re

  Jan 2019 - now

  AVP - IT Governance & Security

  IT Assurance & Risk: Providing end-to-end support to IT Assurance and IT Audit activities for SwissRe Corporate Solutions business Conduct Quarterly vendor contract review to check if there any change in the scope Conduct Yearly SOC2 CUEC and TPCRA review for vendors to check the compliance on security controls as per MSA Conduct Yearly review of IT Governance Handbook, Information Security handbook and security controls to ensure that they are aligned with latest regulatory changes Help IT owners and relationship managers to conduct yearly vendor audits conducted by GIA Work closely with IT owners and Product owners on IT regulatory Audit and branch audit preparations Manage Identity access management (IAM) document workflow in share point Monitor incidents raised in GRACE (open source GRC Tool) and ServiceNow (SNOW) and monitor them until close Conduct toll-gate review for Cloud Security, Access Management, Application Risk Assessment, Architecture design, for all new application and major change request Conduct monthly project IT Assessment and publish dashboard for higher management Work closely with Group IT Governance team and Information security team to ensure that all the controls and processes are well implemented and effective in Corporate Solutions business Show less