Executive Summary
Surajit is a Director with over 14 years of relevant experience in information risk management. He has extensive experience understanding complex information and information processing facilities. His skill summary includes ISMS, BCMS, e-Governance, Vendor risk management, IP network security review, IT network performance review, VAPT, Application Security testing, ITGC, and Technology Evaluation. Extensively engaged in providing information risk management services to Government, Financial Institute, Telecom and FMCG clients.
Performed security audit for a leading middle east central Bank to validate the software’s abilities to provide protection from malicious access, modification, destruction, or data disclosure, and verify system compliance with the security specifications. Key activities included VAPT, Application Security Testing, and application architecture review.
Led the team for performing Information System (IS) audits for multiple BFSI sectors based on regulatory guidelines such as RBI, IRDAI, IDRBT, NPCI, SEBI, etc. Led the team for Cyber Security assessment at multiple clients. Following are the major activities performed:
Infrastructure VAPT, Application Security Testing, Device Configuration Review, Secure network architecture review, Red teaming exercise, etc. Led end-to-end ISO 27001 ISMS advisory for multiple clients across India. Was responsible for the project initiation, planning, execution, and interfacing with external auditors
Performed TPRM review of IT Services and operational procedures of outsourced parties. Performed and led the team for Third Party Audit of various NeGP (national e-Governance project - MMP) engagements such as SWAN, CCTNS, SDC. Performed business continuity and disaster recovery management framework review aligning with ISO 22301 standard.
Professional Affiliation
CCNA, CCNP, MCSA, ISO 27001, AWS Cloud Architect
Education
Bachelors in Science (B.Sc.)