Experience Summary
Bridge the Gap Between InfoSec and IT No Maturity Means No Security No Governance Means No Effectiveness I have extensive experience in information security and regulatory compliance. I have helped many companies to mature their security by managing remediation projects. I have unique way to enforce governance to handle gaps and their fixes which can show maturity progress. I have also strong understanding of security controls and policies. I can easily explain the intent of regulatory compliance to IT people in their language since I come from IT background which makes life easier to take security and regulatory requirements to IT in their language. I have also managed third party risk assessments life cycle to identify gaps, remediate, reassess to qualify onboarding for them. I have strong understanding of NIST 800-53, PCI-DSS, ISO, HIPAA HITRUST. I have also experience in cloud security audit as well. Now days many companies offer SAAS based solutions. I have performed audits for SAAS based companies as well and helped them to meet security standards.
