Sriram C.N Information Assurance Consultant, CISA,PMP

Sriram C.N –Information Assurance Consultant, CISA,PMP

PROFILE  B.S in Engineering Technology - BITS, Pilani  7+ years in IT firms o 1.5 year in Information security consultancy – BS7799- ISMS Audit, Risk Assessment, Controls implementation, ITSM Audit (BS15000) o 2+ years as Project Manager/Account Manager/Change Management/Application Audit o 4 years as Business Analyst and ERP Consultant (SAP)  10+ years of Strong Enterprise wide Domain experience in Manufacturing Enterprises in various departments Strengths: o High aptitude to learn new areas of technology at a fast pace. o Recognized for hard work; innovative thinking; client-responsive o Very good at peer-interaction and inter-personal relationships. o A self-starter with excellent analytical, organizational, and creative skills. o Good Functional knowledge of Processes in Manufacturing, Insurance and Health Industry. o Well versed in enterprise wide performance improvement initiatives, viz, ISO 9000,BPR, ERP, Change Management, Risk Assessment, BS15000 (ITSM) etc. EMPLOYMENT RECORD Consultant - Information Assurance Sify Ltd. (September 2004- Present) Project Manager SAMCOMM Technologies Pvt ltd (June 2000 – August 2004) ERP Consultant Enterprise Business Systems ltd (August 1998 – May 2000) Business Analyst McCreade Software (Asia) Pvt. Ltd (January 1998 –July98) Engineer – Planning & Procurement Hindustan Motors Ltd (October 1988-January 1998) Engineer Trainee Shriram Diesel Injection Industries (One year) PROCESS SKILLS BS 7799 / ISO 17799 standards based Information security management system (ISMS) build and implementation Information Security Policies, Procedures and Standards design/review IS Audits- IS Audit Planning, ICQs, Execution and Reporting Incident Response Planning and Management Business Continuity / Disaster Recovery Planning ERP Audit/ Application Audit - Process Definition, Process Implementation, Process Reviews, Process Audits. Good understanding of CoBIT and its 4 domains and the implications of SOX to each of the key objectives of CoBIT. Familiar with audit tools such as ACL. Has excellent knowledge and experience in BS7799 ISMS build and Implementation, BS7799 Audit planning and Documentation, BS15000 (ITSM), Change Management, Business Continuity planning, information security standards and industry best practices. Exposure to AS 2 and 3 of PCAOB Standard and Section 302 and 404 of SOX 2002. Strong exposure to ERP (SAP), BPM, Workflow Solutions and quality processes. Good Knowledge of MS-Office report writing with excellent communication and people management skills. Workshops Attended SOX – Roadmap to compliance, Key issues and Implications Sify Ltd. COSO/C0BIT and Internal Control Framework, Sify Ltd.

of 6 Sriram C.N –Information Assurance Consultant, CISA,PMP

Project Management workshop-PMP Fastrac course conducted by Astrowix pvt ltd BS7799 PROJECTS Independently managing the projects & striving to continuously improve the consultancy practice procedures  Estimate the project requirements and Prepare proposals based on client interactions  Prepare detailed Project work plan and identify resources in co-ordination with Practice head Establish and Implement the BS7799 Risk Assessment, Risk Treatment, Security Policies & Procedures Involved in Pre-Sales calls along with Sales team to understand client requirements  Continuous monitoring of team members and their training requirements based on the appraisals and project requirements PROJECT–10 APPLICATION & COMPLIANCE AUDIT CLIENT LEADING TELECOM FIRM, DELHI Role PROJECT MANAGER SUMMARY Project comprises of conducting Enterprise Application Audit including Process and Compliance issues Key activities as part of projects so far conducted:  Prepare Audit charter, ICQ  Take relevant approvals and fix schedule  Audit the internal ERP/workflow application for IT controls (for Gaps) & benchmark to COBIT  Prepare and submit a GAP report  Currently conducting Risk Assessment

PROJECT–9 BS 7799 ISMS – IT CONTROLS IMPLEMENTATION CLIENT BPO FIRM (NON-VOICE) - BANGALORE Role PROJECT MANAGER SUMMARY Managing the ISMS implementation project to implement BS7799: 2-2002 Key activities as part of projects so far conducted:  Develop a detailed project plan and schedule.  Conducted comprehensive Gap Analysis to assess the existing security posture and provide a report benchmarking with the standard.  Conducted Risk Assessment  Completed Selection of Controls/ prepared a Risk Treatment plan to mitigate those risks  Conducted Business Impact Analysis (BIA)  Prepared a detailed BCP for Disaster recovery  Conducted awareness trainings  Facilitated the internal audit and preparation of corrective/preventive action plan  Coordinated the certification process

PROJECT–8 BS 7799 BASED ISMS – IT CONTROLS BUILD AND CERTIFICATION - IMPLEMENTATION CLIENT CMM LEVEL 5 SOFTWARE COMPANY- DELHI, NOIDA & SINGAPORE Role IMPLEMENTATION TEAM LEAD SUMMARY The project objective was to design and build BS 7799:2-2002 based Information Security Management System (ISMS). Key activities as part of projects so far conducted:  Business critical processes and respective configuration items/assets Identified and enumerated from respective function heads.  Conducted comprehensive Gap Analysis to assess the existing security Page 2 of 6 Sriram C.N –Information Assurance Consultant, CISA,PMP

PROJECT–8 BS 7799 BASED ISMS – IT CONTROLS BUILD AND CERTIFICATION - IMPLEMENTATION CLIENT CMM LEVEL 5 SOFTWARE COMPANY- DELHI, NOIDA & SINGAPORE Role IMPLEMENTATION TEAM LEAD posture, including physical security & drafted Scope for ISMS certification  Develop a detailed project plan and schedule.  Conducted Risk Assessment / Treatment as per NIST and GMITS methodology.  Completed Selection of Controls to mitigate those risks  Conducted Business Impact Analysis (BIA)  Co-ordination of following implementation activities: o Incident Management systems o Prepared a detailed BCP for Disaster recovery o Infrastructure change management system  Conducted awareness trainings

PROJECT –7 BS 7799 BASED ISMS- IT CONTROLS BUILD AND CERTIFICATION CLIENTS A LEADING CO-OPERATIVE FIRM – DELHI (5 LOCATIONS) Role IMPLEMENTATION TEAM LEAD The project objective was to design and build BS 7799:2-2002 based Information Security Management System (ISMS). Key activities as a part of projects:  In-depth study of existing system, business processes, security set-up assessment, network audit and recommendations (5 locations) SUMMARY  IT Security Risk Assessment  Security Policy design and Security Technology Roadmap  Security Solution Evaluation  Security Awareness Training

PROJECT –6 GAP ANALYSIS/RISK MANAGEMENT/BCP CLIENT LEADING CMM LEVEL 5 SOFTWARE FIRM (CHENNAI) Role ISMS IMPLEMENTATION TEAM MEMBER Business critical processes Identified and enumerated from respective function heads. Conducted comprehensive Gap Analysis to assess the existing security posture, including physical security. SUMMARY Preparation of Scope for ISMS certification Developed a detailed project plan and schedule. (Joined the team again after a break of few weeks) Developed Risk Treatment Plans of Controls selected to mitigate the risks identified in RA Prepared SOA Conducted BIA Developed BCP Strategy Plan Prepared BCP Policy/Procedure Designed and Developed Test Plan Schedule, conduct, and evaluate tests of the various components of the DR (BCP) plan. Co-ordinate with DR teams of all developments and changes in the plan to ensure that all sections of the plan remain integrated. Provide input to the

PROJECT –6 GAP ANALYSIS/RISK MANAGEMENT/BCP CLIENT LEADING CMM LEVEL 5 SOFTWARE FIRM (CHENNAI) Role ISMS IMPLEMENTATION TEAM MEMBER participating departments of the DR. Knowledge Sharing sessions to all the employees at client place to make them aware of their roles and responsibilities in the event of a disaster Communicate the Disaster Recovery plan throughout the firm. Developed training and handbook for Disaster Recovery and Business continuity.

OTHER ASSIGNMENTS PROJECT-5 PROJECT MANAGER

CLIENT SAMCOMM TECHNOLOGIES PVT., LTD, BANGALORE

Role PROJECT MANAGEMENT CONSULTANCY /ERP CONSULTANCY  As an Internal Security auditor was involved in the preparation of Security Policy manual and its implementation, incl., Application Audit & Change management policies/procedures.  Compliance audits w.r.t approved Entitlement matrix of all access and authorization controls.  As Project Manager primarily responsible for Delivery of ERP and other SUMMARY Customized Projects.  Regular interaction with Multinationals, Corporate firms, Public Sectors, Government Departments, Co-operatives for their I.T. requirements.  Pre-sales Presentation & Prototype demonstrations.  Conducting study of the system for client’s specific requirement.  Preparation of initial feasibility and detailed functionality documents for clients.  Functional Specifications for the Developers.  Defining and monitoring the schedules for Design, Development & Implementation of ERP Solutions.  Implementation of Systems with complete cognisance and Effective Management, fulfilment of regulatory and legal obligation for Information Security.  Actively involved in understanding requests for proposals, form a virtual team for each proposal, coordinate the proposal preparation and ensure quality of contents of the proposal.  Interaction with clients for feedback and reviews. Products Handled: ERP, Hospital Management, Document & Workflow Management Solutions, Co-operative Banking Application, Life-Insurance Solution, Computer based Tutorials

PROJECT – 4 ERP TEAM CLIENT ENTERPRISE BUSINESS SYSTEMS PVT LTD Role ERP CONSULTANT  Functional consultancy – SAP - MM (Materials Management)  Business proposals, feasibility studies SUMMARY  Go-live training for SAP implementation  Industrial survey of ERP systems for small scale industries (tie-up with Small Industries Service Institute, Government of India)  Development of Functional Specifications and Project management of ERP product for SME segment

PROJECT – 3 ERP TEAM CLIENT MCCREADE SOFTWARE (ASIA) PVT. LTD) Role BUSINESS ANALYST  Pre-sales Presentation & Prototype demonstrations.  Conducting study of the system for client’s specific requirement. SUMMARY  Preparation of initial feasibility and detailed functionality documents for clients.  Preparation of Proposals for Customisation and Implementation of ERP Systems.  Prepare Functional Specifications for the Developers.

PROJECT – 2 Engineer Planning & Procurement CLIENT HINDUSTAN MOTORS LIMITED, POWER PRODUCTS DIVISION, HOSUR Role ENGINEER  Member of functional team in design & development of ERP for in-house SUMMARY usage.  Planning, Procurement and control for a manufacturing module.  Requirement analysis, Planning, Scheduling, Replenishment and Re- Ordering of tools, Purchasing activities.  Vendor Support, Vendor Appraisals.  Inspection and payment follow-up.  Receiving of materials, Inventory controls, preparing shortage lists, Stock Adjustments and issues.  Actively involved as internal consultant in implementing Manufacturing Systems.  Engineering (MSE) and as member of Business Process Re-engineering (BPR).  Was a team member in the ISO 9000 procedures for designing, Material Planning, Process and Inventory control system.  Received a best Performance award for 1994-95.  As a Tool Designer was involved in the Design and Manufacturing of Jigs & Fixtures, Cutting tools, Inspection tools etc

PROJECT – 1 Engineer Trainee CLIENT SHRIRAM DIESEL INJECTION INDUSTRIES, BALANAGAR, HYDERABAD Role Engineer Trainee  Process Planning, Designing of Tools. SUMMARY  Preparing of Inspection sheets, Routing sheets, Estimation & Costing of tools

EDUCATION & ACCREDITATIONS

Academics Bachelor Degree in Engineering Technology from BITS, Pilani Diploma in Mechanical Engineering, S.V. Government polytechnic, Tirupati Post Diploma in Tool Design from Central Institute of Tool Design, Hyderabad Licentiate in Insurance from Insurance Institute of India Certified AutoCAD specialist from AutoDesk Training centre, Bangalore Accreditations CISA – Certified Information Systems Auditor PMP – Project Management Professional BS7799 – CIISA from STQC BS15000 (ITSM)- Lead Auditor and Implementer Professional Memberships Member of ISACA – Information Systems Audit & Control Association Member of PMI – Project Management Institute

PERSONAL DETAILS

D.O.B: 21st August 1966 Citizen: Indian ADDRESS FOR COMMUNCATION

Mobile number: 98407 43723 [email protected], [email protected]

Project Station Permanent (* This address is temporary ) #130, G2, 2nd Street, Bhaskar colony, No.104,’Ruby’, Lumbini Rockdale Virugambakam , Chennai 600092 apartments ,Somajiguda, Hyderabad 500082 Ph:040-23304251