top of page

Alan Janson

​

E-mail: alanjannson@gmail.com

Tel: 9930647705

Alan Janson.jpg

Professional info

 

  • 9+ years of experience in Information Security.

  • Certified Information Systems Auditor (CISA), Certified Lead Auditor in ISO 27001:2013 (ISMS), ISO 22301:2012 (BCMS) and ISO 20000-1:2011 (ITSM) standards. Certified Lead Implementer in ISO 27001:2013 (ISMS). Also certified in CEH, Microsoft Certified: Security, Compliance, and Identity Fundamentals, Azure Fundamentals, Google-Cloud Digital Leader, AA Certified Advanced RPA Professional, JNCIA-Cloud, AWS Security Fundamentals, ITIL, CyberArk Certified Trustee, CCSA, CCNA, Onetrust PMP, CNSS, FSE, ACE - PAN-OS, SFC, SCP and other security related certifications.

  • Experience in conducting IS audits, PCIDSS Compliance & advisory, Information Security Management Systems (ISMS), Business Continuity Management (BCM), Risk Management, Data Localization (RBI), Third Party Risk Management (TPRM),  Data Privacy, Data Protection Framework implementation, IT General Control (ITGC) SAP SOX governance services, SEBI System audits, ITGC Assessment, Quality Assurance Review (QAR) Review, SOC Maturity Assessment, Vulnerability Management, Process review, GDPR, Network Security and Cybersecurity Awareness framework implementation.

  • Experience in designing Azure Cloud Security architecture framework and Azure Security Solutions

  • Expert in troubleshooting of networks and devices. Also performed Service and Incident /Problem Management.

  • Expert in security device management for Malware Protection System, Firewalls, Intrusion prevention systems, Load Balancers, Proxy, SFTP, Antivirus and Mail gateway.

  • Managed and executed projects for client located in Indian and across globe.

  • Involved in project management, business development and sales activities.

Job Experience

 

​

Company – Accenture

Designation – Security Delivery Associate Manager, Duration – June 2023 to Present

·         Projects Worked: Global savings and investment company

·         Exposure received in performing Technology Risk Management, Risk Assessments, RCSA

·         Performed Technology Risk Management for a Global savings and investment company. Activities involved performing risk assessments across technology. Triage discussion to understand the risk and evaluate the risk acceptance or risk mitigation approaches, finalizing the risk assessment template and seeking relevant approvals.   

​

​

Company – Larsen & Toubro Infotech Limited

Designation – Specialist – Information Security, Duration – May 2021 to June 2023

·         Projects Worked: leading private sector bank in India

·         Exposure received in Azure Cloud Security architecture framework, Azure Security Solutions, SOC Maturity Assessment and Governance Risk Compliance.

·         Involved in business development activities such as drafting proposals, taking interviews and other client management activities.

·         Leading the TPRM practice within LTI. Exposure on TPRM tool – Prevalent

·         Designed Cloud Security architecture framework and security solutions as part of a data platform project for a leading private sector bank in India. Activity involved understanding the existing cloud environments, security requirements and controls. Developed security design principles. Integrated with existing security solutions and leveraged Azure cloud native security controls. Validated security configuration and controls. Performed vulnerability remediation activity. Coordinated and managed third party audit performed on the platform.  Published HLD and LLD documents

·         Performed Security operations center (SOC) Maturity Assessment for a leading private sector bank in India. Activity involved validating the SOC CMM requirements basis interview and Evidence analysis

​

Company – Protiviti

Designation - Manager – Technology Consulting, Duration – Jan 2020 to Jan 2021

 

·         Projects Worked: Leading stock exchange in India, German telecommunications company, Swedish multinational clothing retail company, Leading Retailer, global service provider and a global payment processor.

·         Exposure received in Data Localization (RBI Guidelines), ITGC SAP SOX governance services, PCI DSS audits, SEBI System audits, BCM, Capacity Planning, Quality Assurance Review & Third-Party Vendor Audits.

·         Involved in business development activities such as understanding the client's requirements, resource management, drafting proposals, sales pitching, and other client management activities.

·         Performed system audit as per SEBI approved scope for the leading stock exchanges in India. Activity involved auditing the trading application/infrastructure and other related systems as per SEBI Term of Reference (TOR), circulars and additional areas. Published a System Audit report.

·         Involved in ITGC SAP SOX governance services for a German telecommunications company. Activity involved assessing current state and identifying relevant processes, documenting the control design, evaluating current processes & controls, designing and implementing solutions for control gaps to meet yearly SOX compliance requirements.

·         Executed PCI DSS audits for a Swedish multinational clothing retail company across global stores. Activity involved assessing the infrastructure, reviewing the PCI DSS controls and interviewing store personnel. Published Report on Compliance (ROC) and Attestation of Compliance (AOC)

·         Performed vendor audits for a global financial services company. Activity involved understanding client’s policy and procedures, drafting control testing procedures for the assessment, auditing and report preparation for each IS domain.

·         Performed Quality Assurance Review (QAR) for the multiple internal audits for a leading insurance company in Switzerland. The scope of work involved reviewing the audit process as per ISACA Information technology assurance framework (ITAF) and International Professional Practices Framework (IPPF) frameworks. 

·         Performed Data Localization audit as per RBI guidelines for a leading global payment service provider. Audit scope involved assessing end to end Indian transaction infrastructure and evaluating the existing controls and processes. Published a System Audit Report (SAR).

·         Performed BCM implementation for a leading global service provider. . Involved in formulating BCM plan, IT DR Plan and IT DR testing runbook. Assisted in IT DR test for the critical application with the report. Also developed capacity management process and templates.

·         Performed vendor risk management assessment for a leading global retailers. Activity involved assessing the vendor basis the client’s policy and procedures through ServiceNow portal.

​

​

Company - Deloitte Touche Tohmatsu India LLP

Designation - Deputy Manager – Risk Advisory Cyber Risk,  Duration – Feb 2018 to Jan 2020

​

·       Projects Worked: leading public sector bank in India, global oil & gas Company, leading Swiss multinational investment bank and a global payment processor.

 

·       Exposure in PCI-DSS compliance, consulting & Advisory, Finding Management, Process review, IS audits, Vendor Audits, MAS TRM Gap assessment & GDPR Compliance.

 

·       Executed PCI DSS related consulting and advisory for a leading oil and gas company across global market. Activities involved assessing of projects from PCI DSS applicability and suggesting them relevant controls. This project assessment lifecycle involves Business Impact Analysis (BIA), Legal & Regulatory Assessment (LRA) and Control Selections in RSA Archer GRC platform. Involved in PCI DSS assessment across markets. Involved in end to end risk assessment for new releases of the mobile applications. Also carried out finding management process for PCI scoped systems.

 

·       Developed GDPR Training content for stakeholders.

 

·       Performed IS audits for an insurance based client and Vendors audits global payment processor.

 

·       Involved in gap assessment of MAS TRM guidelines for a leading Swiss multinational investment bank.

 

·       Performed process review for an Indian based Bank for their mobile app. This involved understanding of various enhancement and assessing it from security perspective.

​

​

Company – Paladion

 

Designation - Sr. Associate Consultant - Consulting Services, Duration - Sept 2014 to Feb 2018

​

·       Projects Worked: leading private sector bank in India, leading retailer in India, leading payment gateway in Thailand and a leading utility company in Saudi Arabia.

 

·       Exposure in PCI-DSS, Merchant Compliance, ISMS Management, Cybersecurity Awareness Framework development, Data Flow Analysis, ISO 27001, Risk Assessment and Policy creation.

 

·       Executed Merchant and Service Provider Compliance project for acquiring bank towards PCI DSS standard. Project involved understanding of end to end transaction flow of Bank’s applications to evaluate the PCI DSS applicability. Seek compliance status against VISA International Operating Guidelines /MasterCard/ RBI Guidelines, Policies and Practices. Identifying Merchants and Service Provider levels and their environment for PCIDSS Applicability and suggesting them suitable PCI DSS document/ SAQ. Reviewed PCI DSS Compliance documentation / evidences provided by merchants to Validate complete transaction process. Conduct Con-calls with merchants and service providers to communicate validation requirements. Hands-on experience on enhancement and development of PCI DSS portal hosted by Paladion.

 

·       Conducted QA signoffs to multiple PCI DSS engagements like merchants and service providers which involved understanding of PCI DSS requirements, cardholder data flow and controls in place. The activity involves evaluating the Report on Compliance (ROC) document, Attestation of Compliance (AOC) and the mapped evidences to verify completeness and accuracy of the observation in alignment with the PCI DSS v3.1 and PCI DSS v3.2. Also created policies for services providers.

 

·       Implemented Data Protection Framework and conducted process audit for various business processes for banking industry in India. Project Involved in identifying business critical and customer sensitive data in the business processes and sub-processes followed within the Bank. The activity involves preparation of Data Flow Diagram, Data Register and Threat Identification. Recommendations and follow up on remediation.

 

·       Understanding of ISO 27001:2013 standard and performing ISMS Internal Audit for an insurance Industry in India. Audit involved documentation and reporting of non-conformances. Provided recommendations for remediation of non-conformances. Ensured findings are reported to the Internal Audit Team and that action plans are documented and tracked.

 

Involved in implementation of Information and Cybersecurity Awareness framework for a retailer company in Saudi Arabia. Activity involved assessing the maturity level, Gap Analysis, Establishing an ICA Framework, Cybersecurity Awareness Plans, Awareness Material Development and Awareness Session.

​

·       Worked as a Security Analyst in 24/7 IT Security team. Performed troubleshooting of Networks and devices. Also involved in Service and Incident /Problem Management.

 

·       Exposure in Malware Protection System i.e. WEB MPS, Email MPS, File MPS and Mandiant (FireEye), Firewall (Checkpoint and Juniper), Proxy (Cyberoam and ISA Server (Forefront TMG)), Antivirus (Symantec Endpoint Protection), SSL VPN (F5), SMG (Symantec Mail Gateway), IPS (IBM Proventia, Intel McAfee and HP Tipping point), Load Balancer I.e. Local Traffic Manager and Global Traffic Manager (F5), SFTP server and other security devices.

 

Managed network and security devices at Tier 4 Certified Data Center and managed Bank's dealing application setup.

International Publication

 

  • Published Technical Paper in International Journal of Computer Applications (0975 – 8887) Volume 81 – No 14, November 2013 based on Simulation and Comparison of Various Lossless Data Compression Techniques based on Compression Ratio and Processing Delay.

 

  • Published Technical Paper at International Journal of Scientific and Engineering Research (422-430),Volume 5, Issue 8, August-2014 (ISSN 2229-5518) based on Efficient Power Management Technique Of Multicore Architecture For Real Time Visual Data

 

Skills

 

PCI DSS

ISO 27001

ISO 20000

ISO 22300

System Audits

ITGC SAP SOX Governance

CSA Framework

Data Flow Analysis

Merchant Compliance

Azure Cloud Security

MAS TRM

Findings Management

IS Audit

Vendor Audit

Auditing

Consulting

FireEye

Firewall

Antivirus

Proxy

VAPT

CCNA R&S

Network Security

 

Others

Robotics

PLC

SAP

Robotic Arm

Android

MATLAB

Arduino

AVR

​

2010 - present

2010 - present

Internship Experience

 

Undergone practical training on Color Temperature Changing LED fixture in Design Department in Lighting Division at Crompton Greaves Ltd, Mumbai from 17th June 2013 to 15th July 2013. 

Awards

 

 

  • Received Paladion Gold Star for Excellence in workspace on August 2017.

  • Received Paladion Silver Star for Excellence in workspace on Jan 2017.

  • Received Paladion Champ Team for Excellence in workspace on April 2015.

  • 2nd in INDO-US ROBO League 2014 in Line Follower competition [National Level Competition] at IIT Bombay.

  • 4th in International robotics challenge [IRC] held at IIT Techfest 2013, Bombay representing INDIA [International & National level Competition].

  • 4th in INDO-US ROBO League 2013 in Line Follower competition [National Level Competition] at IIT Bombay.

  • 2nd prize in Technical Paper Presentation at ENCORE’14 at DBIT held on 8th April,2014.

  • 1st in Department level Project Exhibition 2013 at DBIT

  • 2nd prize in Technical Paper Presentation 2011 [IEEE-DBIT]

  • 2nd prize in Circuit Design contest held on 7th October, 2011 at DBIT.

  • 4th in Department level Project Exhibition 2012 at  DBIT

  • 1st prize in project 2009 [NES Ratnam college, Bhandup].

  • 2nd prize in Biology Quiz Competition 2009 [NES Ratnam College, Bhandup].
 
Certification & Courses
 
  • Certified Information Systems Auditor (CISA) | ISACA

  • Lead Auditor ISO/IEC 27001: 2013 | Exemplar Global, Inc | License CC-17343IS

  • Lead Implementer ISO/IEC 27001: 2013 | NQA Global | License NQA/ISMS/LI/20/01

  • Lead Auditor ISO 22301: 2012 | Exemplar Global, Inc | License CC-17237BC

  • Lead Auditor ISO/IEC 20000-1:2011 | Exemplar Global, Inc | License CC-17231IT

  • Certified Ethical Hacker | EC-Council | License ECC73124074179

  • Microsoft Certified: Security, Compliance, and Identity Fundamentals | Microsoft | License I305-2202

  • Microsoft Certified: Azure Fundamentals | Microsoft | License H460-5359

  • Automation Anywhere Certified Advanced RPA Professional | Automation Anywhere | License AAADVC-21564115

  • Juniper Networks Certified Associate, Cloud | Juniper | License 337F81QS0FE1Q69N

  • ITIL® Foundation Certificate in IT Service Management | EXIN | License 5341760.20391344

  • Implementation Workshop on PCI DSS v4.0 | QRC Assurance And Solutions Pvt Ltd | License PCIDSSv4.0/05092022/016

  • Privacy Management Professional | Onetrust | License C6536

  • Third Party Risk Management | SecurityScorecard | License 3rddcedwv5wu

  • CNSS Certified Network Security Specialist | ICSI | License 18212172

  • Lean Six Sigma Yellow Belt Certified | Anexas Europe | License YBDL010220/1531/13

  • CyberArk Certified Trustee | CyberArk | License 315023

  • AWS Security Fundamentals | AWS

  • FireEye Systems Engineer | FireEye | License 259479

  • Check Point Certified Security Administrator | CheckPoint | License CP0000082186

  • Cisco Certified Network Associate (CCNA R & S) | Cisco | License CSCO12726708

  • FireEye Partner Sales Certification| FireEye | License 259479

  • Accredited Configuration Engineer - PAN-OS 7.0 Version | Palo Alto Networks

  • Solarwinds Certified Professional | SolarWinds | License SCP4130

  • TIC CIU Certified Security Associate | Cambridge Intercontinental University| License TCCSecA591845042

  • Cyber Security | DeVry University MOOC | License UC-MB162094

  • Scrum Fundamentals Certified | SCRUMstudy | License 79407

  • SAP01 | SAP | License EC1110511

Organisation Experience

 

  • Don Bosco Institute Of Technology, General Secretary, June 2013 to June 2014

  • IEEE-DBIT, Chairperson, January 2013 to January 2014

  • Domain-DBIT, Chairperson, June 2012 to June 2014

  • IETE-DBIT, Vice-Chairperson, January 2012 to December 2012

  • ACM-DBIT, Member, June 2011 to Present

  • NSS-DBIT, Member, June 2011 to June 2013

  • ASME, Member, January 2013 to January 2014

bottom of page