Alan Janson

Manager - Protiviti

E-mail: alanjannson@gmail.com

Tel: 9930647705

Professional info

 

  • 5+ years of experience in Information Security.

  • Certified Lead Auditor in ISO 27001:2013 (ISMS), ISO 22301:2012 (BCMS) and ISO 20000-1:2011 (ITSM) standards. Also certified in CEH, JNCIA-Cloud, ITIL, CyberArk Certified Trustee, CCSA, CCNA, FSE, ACE - PAN-OS, SFC and SCP.

  • Experience in conducting IS audits, PCIDSS Compliance & advisory, Findings Management, Data Protection Framework implementation, Process review, GDPR, Vendor audits and Cybersecurity Awareness framework implementation.

  • Expert in troubleshooting of Networks and devices. Also performed Service and Incident /Problem Management.

  • Expert in security device management for Malware Protection System, Firewalls, Intrusion prevention systems, Load Balancers, Proxy, SFTP, Antivirus and Mail gateway.

  • Executed projects in India (Onsite), Saudi Arabia (offsite), Singapore (Offsite), Thailand (Offsite) and other global locations.

  • Handled multiple projects as Project Lead.

Job Experience

 

 

Company – Protiviti

Designation - Manager – Technology Consulting, Duration – 13th Jan 2020 to Present

·         Projects Worked: leading Retailer in India and a global payment processor

 

·         Exposure in BCM, Capacity Planning & Data Localization (RBI Guidelines).

Company - Deloitte Touche Tohmatsu India LLP

2nd Designation - Deputy Manager – Risk Advisory Cyber Risk,  Duration – 1st June, 2019 to 2nd Jan 2020

1st Designation - Assistant Manager – Risk Advisory Cyber Risk,  Duration – 26th Feb, 2018 to 31st May 2019

·       Projects Worked: leading public sector bank in India, global oil & gas Company, leading Swiss multinational investment bank and a global payment processor.

 

·       Exposure in PCI-DSS compliance, consulting & Advisory, Finding Management, Process review, IS audits, Vendor Audits, MAS TRM Gap assessment & GDPR Compliance.

 

·       Executed PCI DSS related consulting and advisory for a leading oil and gas company across global market. Activities involved assessing of projects from PCI DSS applicability and suggesting them relevant controls. This project assessment lifecycle involves Business Impact Analysis (BIA), Legal & Regulatory Assessment (LRA) and Control Selections in RSA Archer GRC platform. Involved in PCI DSS assessment across markets. Involved in end to end risk assessment for new releases of the mobile applications. Also carried out finding management process for PCI scoped systems.

 

·       Developed GDPR Training content for stakeholders.

 

·       Performed IS audits for an insurance based client and Vendors audits global payment processor.

 

·       Involved in gap assessment of MAS TRM guidelines for a leading Swiss multinational investment bank.

 

·       Performed process review for an Indian based Bank for their mobile app. This involved understanding of various enhancement and assessing it from security perspective.

Company – Paladion

2nd Designation - Sr. Associate Consultant - Consulting Services, Duration - 4th Sept, 2015 to 21st Feb, 2018

·       Projects Worked: leading private sector bank in India, leading retailer in India, leading payment gateway in Thailand and a leading utility company in Saudi Arabia.

 

·       Exposure in PCI-DSS, Merchant Compliance, ISMS Management, Cybersecurity Awareness Framework development, Data Flow Analysis, ISO 27001, Risk Assessment and Policy creation.

 

·       Executed Merchant and Service Provider Compliance project for acquiring bank towards PCI DSS standard. Project involved understanding of end to end transaction flow of Bank’s applications to evaluate the PCI DSS applicability. Seek compliance status against VISA International Operating Guidelines /MasterCard/ RBI Guidelines, Policies and Practices. Identifying Merchants and Service Provider levels and their environment for PCIDSS Applicability and suggesting them suitable PCI DSS document/ SAQ. Reviewed PCI DSS Compliance documentation / evidences provided by merchants to Validate complete transaction process. Conduct Con-calls with merchants and service providers to communicate validation requirements. Hands-on experience on enhancement and development of PCI DSS portal hosted by Paladion.

 

·       Conducted QA signoffs to multiple PCI DSS engagements like merchants and service providers which involved understanding of PCI DSS requirements, cardholder data flow and controls in place. The activity involves evaluating the Report on Compliance (ROC) document, Attestation of Compliance (AOC) and the mapped evidences to verify completeness and accuracy of the observation in alignment with the PCI DSS v3.1 and PCI DSS v3.2. Also created policies for services providers.

 

·       Implemented Data Protection Framework and conducted process audit for various business processes for banking industry in India. Project Involved in identifying business critical and customer sensitive data in the business processes and sub-processes followed within the Bank. The activity involves preparation of Data Flow Diagram, Data Register and Threat Identification. Recommendations and follow up on remediation.

 

·       Understanding of ISO 27001:2013 standard and performing ISMS Internal Audit for an insurance Industry in India. Audit involved documentation and reporting of non-conformances. Provided recommendations for remediation of non-conformances. Ensured findings are reported to the Internal Audit Team and that action plans are documented and tracked.

 

Involved in implementation of Information and Cybersecurity Awareness framework for a retailer company in Saudi Arabia. Activity involved assessing the maturity level, Gap Analysis, Establishing an ICA Framework, Cybersecurity Awareness Plans, Awareness Material Development and Awareness Session.

1st Designation - Jr. Analyst Infrastructure Security – L2, Duration – 5th Sept, 2014 to 3rd Aug, 2015

·       Projects Worked: leading private sector bank and leading Retailer industry in India

 

·       Worked as a Security Analyst in 24/7 IT Security team. Performed troubleshooting of Networks and devices. Also involved in Service and Incident /Problem Management.

 

·       Exposure in Malware Protection System i.e. WEB MPS, Email MPS, File MPS and Mandiant (FireEye), Firewall (Checkpoint and Juniper), Proxy (Cyberoam and ISA Server (Forefront TMG)), Antivirus (Symantec Endpoint Protection), SSL VPN (F5), SMG (Symantec Mail Gateway), IPS (IBM Proventia, Intel McAfee and HP Tipping point), Load Balancer I.e. Local Traffic Manager and Global Traffic Manager (F5), SFTP server and other security devices.

 

Managed network and security devices at Tier 4 Certified Data Center and managed Bank's dealing application setup.

International Publication

 

  • Published Technical Paper in International Journal of Computer Applications (0975 – 8887) Volume 81 – No 14, November 2013 based on Simulation and Comparison of Various Lossless Data Compression Techniques based on Compression Ratio and Processing Delay.

 

  • Published Technical Paper at International Journal of Scientific and Engineering Research (422-430),Volume 5, Issue 8, August-2014 (ISSN 2229-5518) based on Efficient Power Management Technique Of Multicore Architecture For Real Time Visual Data

 

Skills

 

PCI DSS

ISO 27001

ISO 20000

ISO 22300

CSA Framework

Data Flow Analysis

Merchant Compliance

MAS TRM

Findings Management

IS Audit

Vendor Audit

Auditing

Consulting

FireEye

Firewall

Antivirus

Proxy

VAPT

CCNA R&S

Network Security

 

Others

Robotics

PLC

SAP

Robotic Arm

Android

MATLAB

Arduino

AVR

Internship Experience

 

Undergone practical training on Color Temperature Changing LED fixture in Design Department in Lighting Division at Crompton Greaves Ltd, Mumbai from 17th June 2013 to 15th July 2013. 

Awards

 

 

  • Received Paladion Gold Star for Excellence in workspace on August 2017.

  • Received Paladion Silver Star for Excellence in workspace on Jan 2017.

  • Received Paladion Champ Team for Excellence in workspace on April 2015.

  • 2nd in INDO-US ROBO League 2014 in Line Follower competition [National Level Competition] at IIT Bombay.

  • 4th in International robotics challenge [IRC] held at IIT Techfest 2013, Bombay representing INDIA [International & National level Competition].

  • 4th in INDO-US ROBO League 2013 in Line Follower competition [National Level Competition] at IIT Bombay.

  • 2nd prize in Technical Paper Presentation at ENCORE’14 at DBIT held on 8th April,2014.

  • 1st in Department level Project Exhibition 2013 at DBIT

  • 2nd prize in Technical Paper Presentation 2011 [IEEE-DBIT]

  • 2nd prize in Circuit Design contest held on 7th October, 2011 at DBIT.

  • 4th in Department level Project Exhibition 2012 at  DBIT

  • 1st prize in project 2009 [NES Ratnam college, Bhandup].

  • 2nd prize in Biology Quiz Competition 2009 [NES Ratnam College, Bhandup].
 
Certification & Courses
 
  • Lead Auditor ISO/IEC 27001: 2013 | ISC Global | License CC-17343IS

  • Lead Auditor ISO 22301: 2012 | ISC Global | License CC-17237BC

  • Lead Auditor ISO/IEC 20000-1:2011 | ISC Global | License CC-17231IT

  • FireEye Junior Systems Engineer | FireEye | License 259479

  • Certified Ethical Hacker | EC-Council | License ECC73124074179

  • FireEye Systems Engineer | FireEye | License 259479

  • Juniper Networks Certified Associate, Cloud | Juniper | License 337F81QS0FE1Q69N

  • ITIL® Foundation Certificate in IT Service Management | EXIN

  • Lean Six Sigma Yellow Belt Certified | Anexas Europe | License YBDL010220/1531/13

  • CyberArk Certified Trustee | CyberArk | License 315023

  • AWS Security Fundamentals | AWS

  • Check Point Certified Security Administrator  | CheckPoint | License CP0000082186

  • Cisco Certified Network Associate (CCNA R & S) | Cisco | License CSCO12726708

  • Solarwinds Certified Professional | SolarWinds | License SCP4130

  • Payment Card Industry Data Security Standard PCI/DSS | Cybrary | License SC-65d131ce-96a019

  • TIC CIU Certified Security Associate | TIC CIU | License TCCSecA591845042

  • Accredited Configuration Engineer - PAN-OS 7.0 Version | Palo Alto Networks

  • Cyber Security | DeVry University MOOC | License UC-MB162094

  • Diploma in Digital Marketing | Shaw Academy

  • Big Data Foundation | IBM

  • SAP01 | SAP | License EC1110511

  • Android Certified Programmer | Suven Consultants & Technology Pvt Ltd.

  • Basic PLC | Siemens

  • iTouch Robotic Arm | Technophilia | License C74E0923

  • Embedded Systems | Vivta Embedded Technology

  • Programming C, C++ & JAVA | CAT Education Pvt Ltd | License CR 779 & CR 782

  • SL 275 - JAVA Programming Language | Oracle Workforce Development Program

     

Organisation Experience

 

  • Don Bosco Institute Of Technology, General Secretary, June 2013 to June 2014

  • IEEE-DBIT, Chairperson, January 2013 to January 2014

  • Domain-DBIT, Chairperson, June 2012 to June 2014

  • IETE-DBIT, Vice-Chairperson, January 2012 to December 2012

  • ACM-DBIT, Member, June 2011 to Present

  • NSS-DBIT, Member, June 2011 to June 2013

  • ASME, Member, January 2013 to January 2014

2010 - present

2010 - present

© 2014 by Alan Janson
 

This site was designed with the
.com
website builder. Create your website today.
Start Now