Babu Shetty

Experience

• 

  IBM

  Oct 1998 - Aug 2003

  Information Security Focal

  Job Role Summary: Acted as Information Security Focal Point and was end-to-end responsible for implementation of Security Policy / standards, documentation of security processes / procedures in line with the security policy, perform vulnerability assessment & assess controls environment of other IBM customers as an independent party. Information Security Focal, Oct 1998 – Aug 2003 (4 Years 10 Months)1. Managed End to End security for one of the major multi-national clients for IBM.2. Conducted periodic review of IS Policies / standards and led teams to implement the customer agreed standards / policies. Implemented Security Technical Standards in client environment which included Operating Systems (Windows, UNIX), Web Applications (IIS, Apache), Enterprise Business Applications (SAP, PeopleSoft), Database Management Systems (SQL, Oracle, Sybase), Network Infrastructure (DNS, Firewall, Routers, DHCP).3. Performed periodic risk assessment through vulnerability assessment, penetration testing,4. Performed security health check of IT systems to validate compliance with security standards.5. Carried out IT Audit and consulting assignments to assess effectiveness of IT controls of other clients of IBM.6. Created information security and risk management training documentation and conducted formal training sessions for client teams. Show less

• 

  PIDILITE INDUSTRIES LTD

  Sept 2003 - Jun 2004

  IT Executive (Security)

  Job Summary: As Information Security Officer for Pidilite Industries Ltd, I managed Information Systems Security area for the company which included drafting and rolling out security policies from scratch, hardening of all servers, implementing DR setup.IT Executive (Compliance), Sep 2003 - Jun 2004 (10 Months)1. Established Information Security Management System from scratch. 2. Deployed centrally managed client protection solutions e.g., Desktop Firewall, Antivirus, Patching etc.3. Implemented gateway security products (HTTP / email gateway, Intrusion Prevention Systems)4. Designed DR Plan for the critical IT Systems Show less

• 

  TIMKEN ENGINEERING & RESEARCH INDIA PVT LTD

  Jun 2004 - Sept 2009

  Sr. IT Auditor

  Job Summary: For the first two years in Timken, I was responsible for improving the existing security practices and implement new initiatives e.g. vulnerability assessment, security products evaluation / recommendation, security policy reviewer etc. Later I moved to Information Systems Audit Dept and as an IT auditor, I was involved in IT Technology Risk Assessment, assurance assignments to check compliance of IT Security Practices with the corporate policies / standards and the applicable regulations (SOX), IT Governance and Security.Sr. Information Security Analyst, Jun 2004 – Dec 2006 (2 Years 6 months)1. Managed security operations including Security Assessments & Vulnerability Management, Access Control, Third Party Security Reviews, Security Infrastructure Administration and Monitoring.2. Evaluated security solutions and recommended best suited solutions to the management.3. Performed risk management process in-line with ISO3100 standards of critical IT Assets.Sr. IT Auditor, Jan 2007 - Sep 2009 (2 Years 9 Months)1. Conducted IT audits of the critical IT systems such as Active Directory, Database Systems, Telecommunication, Mainframe, SAP, Web applications.2. Participated as core team member in establishing SOX regulatory Compliance framework. Conducted SOX audits and trainings for IT management / Subject Matter Experts to enable them to perform self-assessment of their systems against SOX requirements.3. Led projects to identify Segregation of Duties gaps, access issues using Governance Risk Compliance tool. Show less

• 

  ADITYA BIRLA MANAGEMENT CORPORATION PVT LTD

  Oct 2009 - Apr 2011

  Sr. IT Audit Manager

  Job Summary: Assisted achievement of Corporate Audit's objectives by way of effective participation in management of IT audits (assurance and consulting assignments) in assigned units.Sr. IT Audit Manager, Oct 2009 – Apr 2011 (1 Year 6 Months)1. Planned engagements of varying size and scope, performed audit procedures and reviewed audit work.2. Carried out annual IT Audit Planning based on risk assessment. 3. Conducted assurance and consulting assignments using a systematic and an independent audit approach based on internal audit standard operating procedures and international audit best practices. The systems audited were SAP, Oracle Application, D2K Applications, Web applications, Infrastructures systems like email, DNS, Proxy, Domain controllers, Cisco Unified Communication etc.4. Facilitated Information Security Survey Self-Assessment (CISO Semi-annual exercise where each business unit self-assesses on compliance posture) by validating responses from business units to ensure that the responses are accurate supported by necessary artifacts / documentation.5. Provided management assurance on security of online business services, customer data protection and regulatory compliance. Show less

• 

  IBM

  Apr 2011 - Jan 2017

  North America Compliance Programs and Projects Manager

  North America Compliance Programs and Projects Manager April 2015 – Till date (1 Year 2 Months)1. Led a project that migrated of 250+ North America clients to a system which ensured compliance with contractual requirements on off-shoring, regulatory requirements such as EU Model Clause and US ITAR.2. Led a project to transform 200+ managed infrastructure contracts. These were limited infrastructure outsourced contracts, did not have a strong compliance management system and serious contractual and regulatory compliance issues. The project involved an evaluation of actual security services delivery against the contractual, regulatory and IBM internal policies / standards requirements and drive actions for any identified gaps. Also, a strong management system was put in place to ensure all existing and new contracts remain compliant.3. Password Compliance Verification project was implemented with validation and certification of password quality belonging to 10000+ personnel who were directly or indirectly supporting North America customers.4. Provided Subject Matter Expertise advisory support to other complex projectsSector Compliance Leader – United Kingdom and Ireland, Apr 2011 – Apr 2015 (4 Years)1. Defined and implemented compliance management system for European clients (regular interlocks with stakeholders on security issues, define compliance metrics, management reporting on compliance posture, running projects on pervasive compliance gaps, conduct compliance education programs, conduct compliance testing program etc.,)2. Designed risk based Compliance Readiness Checklist and performed audit readiness review on multiple clients.3. Evaluated accounts / projects on compliance posture and on compliance maturity. Drove ‘Get To SAT’ program for accounts / projects rated ‘< SATISACTORY’.4. Provided leadership to the future development of the compliance system by initiating development of Early Warning Systems and pro-active assessments. Show less

• 

  Philips

  Feb 2017 - now

  IT Risk and Compliance Manager