ARUN MENON

• Direct reporting to CISO
• Managing Information security and Cyber security aspects for the group companies
• Managing organization’s Information Security, Cyber Security and compliance to enterprise standards and frameworks
• Responsible for organization’s ISO 27001, ISO 22301, PCI DSS, ISAE 3402 type 2, SSAE SOC 2 audits and recertification’s year on year
• Conducting and facing client audits (200 plus customers)
• Key member of the ongoing Cloud adoption project in the organization
• Instrumental in setting up and securing full-fledged payment gateway for the organization
• Heads all security projects and vulnerability management programs of the group
• Ensuring critical vulnerabilities are addressed by respective teams within agreed timeline
• Managing development and maintenance of standard procedures and process related to Information/Cyber Security
• Orchestrating training exercises to ensure relevant skills maintained for team members
• Prepares management reports while ensuring compliance with all applicable policies
• Automation and efficiency enhancement initiatives
• Managing 24x7 SOC which monitor, detect and responds to security events and incidents
• Manages incident response / forensic investigations for security incidents for the multi country SOC
• Oversees capabilities of SOC which includes ongoing development of people, processes, and technology
• Migration of full enterprise SOC workload to an MSSP and ensuring security controls, playbooks, detection rules are as per the industry standards
• Supporting internal and external audits and ensure findings are closed within timeline
• Manages internal external security audits, Red teaming and Bug Bounty engagements
• Managing activities such as team budgeting, performance evaluation, liaising with procurement for licensing, support, AMC, SLA etc.
• Responsible for 3rd party cyber risk management for the organization
• Proved successful working within tight deadlines and fast-paced atmosphere.

Special projects successfully delivered and operationalized

• CyberArk PAM implementation
• Proofpoint email gateway and DLP
• Crowdstrike Falcon Advanced Threat Prevention suite implementation for multi country deployment
• Qualys Security suite for vulnerability management and security compliance
• Setup SOC to manage operations of group companies for 5 countries
• Managed a full-fledged SIEM implementation with SOAR and threat hunting
• Managed DMARC implementation for mail security
• Migration to Azure cloud and engineering cloud security components for SecDevOps with CI/CD pipelined components
• DDoS/WAF and BOT protection with Prolexic hardware and Akamai Managed services
• Breach and Attack Simulation with Cymulate for automated 24/7 RED teaming
• BugBounty engagement with HackerOne
• PaloAlto XSOAR implementation for automated security management
• Cloud security posture management using PaloAlto Prisma Cloud.

• Conducted security audits to identify vulnerabilities.
• Built compliance policies mapped to CIS standards and conducted vulnerability and compliance assessments using Tripwire and nCircle suite
• Security solutions designed for project and represented team in change control boards
• Reviewed and provides security sign offs for infrastructure projects
• Part of the agile team and Interacted with different units and embedded security requirements in to projects
• Tracked risk register and closed all risks within specified time
• Coordinated for internal, external penetration tests and remediation
• Reviewed violations of computer security procedures and developed mitigation plans.
• Performed risk analyses to identify appropriate security countermeasures.

• Deputed to Emirates NBD for the above role as a consultant for 3 years

• MAB was specialized in all kinds of low voltage security devices and fiber optics
• Managed several large size CCTV security turnkey projects for various hotels from POC to implementation (Trained by Department of Protective Systems, Dubai Police)
• Headed CCTV maintenance support division handling 200+ hotels in Dubai
• Implementations of HID access cards, biometric door access controls and gate barriers
• Centralized Wi-Fi controller implementations for several hotels including captive portals and wireless security.
• Liaised between business and technology units to manage delivery schedules for applications.
• Recruited and trained IT team members.

• Zenith was the 2nd largest PC manufacturer in India
• Was responsible for managing the pre/post sales technical support operations for 3 states with 32 staff
• Reported into country head of support division
• Team received the best support division in the country award under my watch.

• Sutherland was one of the pioneers of technical call centers in India catering to American clients
• Supported HP and Dell for their outsourced L2 technical support operations
• Streamlined operations to maximize business efficiency and profits.
• Reviewed individual department performance and worked with leadership to improve processes, procedures and practices.