Harshad Madhukar Mengle

+91 98207 82144 (GMT +5.3)

[email protected]
D-601, Sarovar Darshan Tower, Opp TMC, Panchpakhadi, Thane West, Maharashtra, IN.

Experties in: Information Security & Compliance / IT Risk & Assurance Management / IT Security
Consulting / Information Security Governances / Manage Security Services / Information Security
Control Framework Design and Assessment.

SUMMARY

 Over 14 years of extensive experience in Information Security Certifications

Management, Consulting, Project Management & Delivery for
Domestic and onsite client.
 5+ years of International experience Majorly Worked on
information security & compliance, IT Risk & Assurances, Security
designing & Management, IT Infrastructure consulting, ITGC,
Internal Business Process Audits, IT Infrastructure Audits,
Application Security and Mobile Business process Security Testing
 Comprehensive understanding of concepts pertaining to
information security, IT communication and maintenance in multi-
platform environments
 Demonstrated abilities in leading and guiding project teams to
deliver projects to clients within specified timeframe and as per
specifications Major Brands Worked with
 Possess the ability to determine and recommend security solutions
for conducting the audits
 Proven expertise in performing the management of information
systems, technologies & security audits for evaluating the
effectiveness of operations and compliance with applicable laws &
regulations
 Defining ISMS scope and exclusions.
 Facilitate and support VAPT process and deliver report to
customer.
CAREER TIMELINE

PERSONAL ATTRIBUTES

Leader, Planner, Organizer Active Listener Good Communicator Thinker Passionate

Educational Qualifications
 Diploma in Computer (ITES)
 Bachelor’s in Arts (Economics)
 Master in Computer Application
 Pursing MBA from New South Wales (UK)

Experience

 Business oriented risk analysis, security testing and benchmarking.

 Security strategy, governance, compliance and risk management.
 Enterprise and technical security architectures.
 Data protection and privacy - securing information and sensitive data flows.
 Business continuity strategy, implementation and monitoring.
 Identity and Access management Consulting.
 Infrastructure security like network zoning and security monitoring and management.
 SOA, middleware security, Security Incident Management and Fraud management.
 Securing enterprise applications like ERP (SAP and Oracle).
 Governance, Risk and Compliance.
 Being close but neutral with enterprise security vendors and products like IBM, Oracle, Symantec,
Microsoft
 Gap analysis between requirements and IT capabilities
 Marketing and networking internally, and through industry associations like ISF, ISACA.
 Relationship-building and coordinating work between different teams at different locations and
geographies
 Collaborate and Network with security collogues globally
Please Refer to Annexure for detailed Work Experience
ANNEXURE
Professional Experience

Oraganisation – Larsen and Toubro Finance Limited

Profile: Chief Information Security Officer (May 15)

Brief Profile:

L&T Finance Limited (LTF) is a wholly owned subsidiary of L&T Finance Holdings Limited. It was
incorporated as a Non Banking Finance Company (NBFC) in November 1994. Through LTF, L&T
aims to make a strong foray in the ever-expanding financial services sector.

Role: Head Information Security and Risk Management

Domain – Information Security - Risk and Compliance

Responsibilities:

Developing Plan and Approach to strengthen the Information Security Posture which includes

 Determines enterprise-wide vision for information security issues, policies, standards,

priorities and projects.
 Identifies security protection goals, objectives and metrics consistent with State’s strategic
plan and priorities; may enter into Service Level Agreements (SLA) with State agencies.
 Defining KRA/KPI for Security Processes.
 Evaluates proposed project plans and determines priorities for major initiatives and insures
proper implementation of programs and projects.
 Insures that the department is compliant with current with existing legislation provides vision
and anticipates potential legislation at a country level, determines proactive responses.
 Continually educates State on changes in information security as well as threats on a global
level.
 Reviews standards for information security from multiple sources including National Institute
Standards and Technology (NIST), Pay Card Industries (PCI), ISO.
 Plans for incident-specific responses as well as disaster recovery planning.
 Coordinates enterprise-wide information system access control including identity verification
system.
 Responds to data security breaches and leads the development of appropriate tracking /
reporting systems.
 Providing subject matter expertise to the Group IT and Legal for New initiatives.
Oraganisation – National Stock Exchange

Profile: Information Security Advisor to CISO (July 14 – Mar 15)

Brief Profile:

National Stock Exchange is 3rd largest exchange in the world having nearly 400+ applications and
spread across multiple location. Since NSE is financial Instituation they are very concern about
Information Security.

Role: Information Security Advisor

Domain – Information Risk and Compliance

Responsibilities:
Developing Plan and Approach to strengthen the Information Security Posture which includes

 Establishing and implementing security-related policies.

 Overseeing regulatory compliance.
 Managing Technology and Process Risk Management
 Deploying data Security and privacy Policy.
 Establishing and overseeing the organization's security architecture.

Oraganisation - Larsen and Toubro InfoTech Consulting

1. Though Partnership – Banking and Insurance Client Dec. 2011 – July 2014

Client: Nordic banks, South African Bank, US Insurance

Brief Profile: Engaging clients under Thought Partnership flagship for GRC.

Role: Information Security Domain Consultant

Domain – Information Risk and Compliance (ISO27001)

Responsibilities:
 Engaged Client understanding Problem Statement in Information Security and helping client to
achieve the objective.
 Building BFSI Value chain documents and helping client to showcasing POC’s
 Building POV’s, Whitepapers.
 Optimizes resource use and foster linkages with other business units within BU.
 Oversees development of fair and effective hiring processes to assess the qualifications of
candidates to perform job duties.
 Defines the work and roles of subordinate staff, and establish performance goals and
standards for each function.
 Understanding Client GRC and helping client to achive benefits of Frameworks.
2. Project: Nordic eSecurity Provider July. 2010 – Oct. 2011

Client: Nordic eSecurity Provider (Oslo, Norway)

Brief Profile:
Customer is among the largest companies in Northern Europe in the market for payment cards,
payment solutions and the exchange of payment information. They are also active in eSecurity
solution provider.

Role: Sr. Security Consultant

Domain – Application Security (Cryptography)

Responsibilities:
 Liaison with one of the Nordic eSecurity provider for Implementation and testing PKI Solutions
to Customers, Highlights include Integrating OTP, POC for Microsoft FIM CM (Identity
manager) and PKI solutions.
 Involved in Pre sale activity to provide Solution feasibility, CBA to End Customer

Technical Environment:
Unicert PKI, Mobile OTP, Todos eCode (Gemalto)

Oraganisation – Wipro Technologies Ltd

1. Project: Australian Retails Inc Oct. 2009 – June 2010

Client: Retail Vertical (Melbourne, Australia)

Brief Profile:
Customer is a global premium-branded beverage company dedicated to delivering quality
products enjoyed by millions around the world every day.

Role: Security Solutions Consultant

Responsibilities:

 Project Planning - Initial knowledge acquisition Phase planning, Business as Usual steady state
Planning.
 Overseeing Security Operations.
 Building Initial process documentation and assigning tasks to Teams.

Technical Environment:
RSA Authentication Manager, Mcafee WebSense, Mcafee ePO

2. Project: Security Platform Migration in Australia Sept. 2008– July. 2009

Client: Australian Telecom (Sydney, Australia)

Brief Profile:
The largest communications company in Australia provide various mobile and data solutions to
customers. These customers provide end services to clients.
Role: Project Manager

Responsibilities:

 Understanding Technical Dependencies, Managing cost of the projects

 Engaging Tire1 Customer and communicating Migration plans on-behalf of the Customer.

Technical Environment:
Crossbeam, Checkpoint

3. Project: Log Analysis May 2007 – May 2008

Client: US Security Service Provider (California, US)

Brief Profile:
The Company Provides secure appliances for real-time log analysis and report generation in real-
time from various security devices and operating systems

Role: Lead Log Analyst (Security Consultant)

Domain – Security Analyst

Responsibilities:

 Interacting with Customer and gathering requirement, assigning work to offshore team .
 Analysing logs for devices, Understanding Events and mapping to respective compliance. (PCI,
SOX, HIPPA, Basel).

Technical Environment:

Antivirus - (McAfee, Trend Micro, Symantec)

Operations Systems - ( z/OS, Tandem, Windows)
Security Devices – Cisco ACS, Brightmail, NetApp etc

4. Project: Security Consultant Retails Vertical Oct. 2006 – April 2007

Client: Retails vertical (Offshore, Pune)

Brief Profile:
Customer is global provider of commercial cleaning, sanitation and hygiene solutions for business.
They outsourced Security operations, we managed it thru GCC Pune.

Role: Security Consultant

Responsibilities:

 Daily Operation - Managing Security Devices including Checkpoint Firewall, IBM ISS, IDS/IPS
6.0, MacAfee ePO 3.6. WSUS Patch management.
 Weekly Operations - Ticket Tracking and Reporting.
Technical Environment:
Checkpoint Firewall, IBM ISS, IDS/IPS 6.0, MacAfee ePO 3.6. WSUS Patch management

Oraganisation – Securities Trading Corp India Ltd (Setup By RBI )

1. Project: Asst. Manager IT operations Nov. 2000 – Aug. 2006

Client: Securities Trading Corp India Ltd. (Mumbai)

Brief Profile:
Securities Trading Corporation of India Limited (STCI) was promoted by Reserve Bank of India (RBI)
in 1994 along with Public Sector Banks and All-India Financial Institutions with the objective of
developing an active, deep & vibrant secondary debt market. STCI was one of the first accredited
Primary Dealers in the Indian government securities market and has contributed immensely to the
development of the Indian fixed income market.

Responsibilities:

 Managing Functional / Technical Audits

 Defining security policies
 Understanding Payment Gateway Systems / RTGS / PDO-NDS / CBLO / Gilts Order Matching /
STP for Delivery Verses Payments
 Payment System DR site setup and BCP plan and conducting periodic drill with Core-Payment
Gateway-RBI
 Building of DR Site survey / Data center Infrastructure Readiness / Data migration /
Implementation and User Training.
 Proposal building for New Installation / AMC / Budget Sanction / RFP / Vendor Empanelment /
Hardware & Software Procurements etc
 Involved in Developing application for Fixed Income Security System including Oracle D2K
forms 6 and Database (8/8i/9i) Migration / Implementation

Technical Environment:

Oracle Database, Linux and Windows

Awards

Best Employee Award – 2003, 2004, 2005

Feather in the Cap Award – 2008
Best Team Manager – 2011
Viking Award (Innovation) – 2013