AsticsIT Security & Compliance Manager
Jul. 2023Ahmedabad, Gujarat, India• Implemented and managed a comprehensive IT security program, ensuring compliance with industry standards and regulations (e.g., ISO 27001, PCI DSS, NIST, GDPR, HIPAA).
• Led cross-functional teams to conduct regular risk assessments and vulnerability assessments to identify and prioritize security gaps, resulting in a more robust and resilient security posture.
• Developed and maintained IT security policies, procedures, and guidelines, effectively communicating them to employees to foster a culture of security awareness and compliance.
• Oversaw the implementation and management of security controls, including firewall configurations, intrusion detection/prevention systems (IDPS), and endpoint protection, resulting in a significant reduction in security incidents.
• Collaborated with external auditors to conduct compliance audits, successfully achieving and maintaining regulatory certifications and industry accreditations.
• Implemented and optimized Security Information and Event Management (SIEM) systems to centralize log analysis and enhance real-time threat monitoring capabilities.
• Conducted security awareness training sessions for employees, enhancing the understanding of security best practices and minimizing the risk of social engineering attacks.
• Oversaw the development and execution of business continuity and disaster recovery plans, ensuring the organization's ability to respond effectively to potential crises.
• Assessed third-party vendor security risks and established vendor risk management procedures, ensuring the security of data and systems shared with external partners.
• Coordinated with IT teams to ensure timely patching and updating of systems, applications, and network devices, reducing potential vulnerabilities and exposure to cyber threats.
• Monitored industry trends and emerging cyber threats, proactively recommending and implementing security enhancements to stay ahead of potential risks.