Amit Arora

amitarora13@gmail.com
+91 9899967265
EXECUTIVE SUMMARY

Information security professional in a leadership position with 14 years of work experience with relevant
Information security experience of 13 years in the areas of information security program management, enterprise
risk management, compliance & audit, business continuity management, data privacy, IT compliance and security,
information security project management, vendor management & due diligence.
Currently managing security assurance practice for CPA Global for the past 6 Years across US, EMEA and India
Delivery centres implementing and managing global Information security program with an objective to sustain and
Enhance information security posture and manage overall compliance to the emerging standards and client specific
requirements.
I have been extensively involved in providing information security services to international (US, EMEA & APAC)
Clients representing broad industry sectors.
My professional certifications include CISA, CISM, CISSP, DCPLA, ISO27001 LA, BS7799-ISMS, ITIL v2.0, CCSP, CCNA &
MCSE.

CORE COMPETENCIES
Practice Management - Security Assurance RFP/RFI, Security Questionnaire
Enterprise Risk Management Information Security Project Management
IT Compliance (ISO27001, SOC2, SSAE-16, PCI-DSS, HIPAA) Security Budgeting & Cost Optimization
Business Continuity / Disaster Recovery Security Transitions & Due Diligence
Data Privacy Reviews Vendor Management
Information Security Awareness People Management

CERTIFICATIONS
CISA
CISM
CISSP
ISO 27001: 2013 Lead Auditor
DSCI Certified Privacy Lead Assessor
BS7799-ISMS
ITIL V2.0 Foundation
CCSP
CCNA
MCSE

HIGHLIGHTS OF PROFESSIONAL EXPERIENCE

Vice President / Global Head of Information Security Sep 2016-Till date

Copal Amba ( A Moodys Analytics Company)
Responsible for management of Copal Amba Information security program across the organization Asia, EMEA
& US Offices.
Management of ISO27001 Program and contractual security requirements for the organization.

Page 1
AVP Global Information Security & Business Continuity
CPA Global Feb 2010 Sep 2016
Management of information security assurance practice and leading information security program for CPA
Global US, EMEA & India offices.
Implementation of ISO/IEC 27001:2013 standard across organizations global offices and associated third party
data centers
Implementation and management of ISO31000 enterprise risk management practice to mitigate the risks.
Establish and manage internal compliance & audit practice and track remediation through corrective and
preventive action plan.
Lead and facilitate external audits based on ISO27001 standard and coordinate SOC2 attestations for CPA
Global software products.
Establish and manage enterprise wide business continuity practice for continuity of operations.
Lead and facilitate client audit engagements and provide CPA Global management responses.
Conduct security transitions and baseline security assessments for CPA Global new acquisitions.
Ensure information security compliance to applicable regulations, data privacy & contractual security
Requirements.
Act as an advisory to CPA Global executive management on policy compliance and information security best
Practices.
Lead and facilitate information security awareness program, projects & initiatives.
Contribute to global security roadmap aligned to business strategy and implement security projects with CPA
Global channel partners and third party vendors.
Participate in business development by providing information security responses to client RFi / RFP and
Conduct due diligence for CPA Global Clients.
Provide periodic inputs to CPA Global security governance group & regional Information security steering
committees.

Group Lead Information Security

Amdocs Sep 2009 - February 2010
Acted as a central information security point of contact for Amdocs Gurgaon office.
Conducted internal audits & health check activities for Amdocs clients.
Documentation of security policies and associated control framework.
Reviewed contracts to determine contractual security requirements and oversee implementation of Security
controls.
Provided security response to client RFP / RFI.
Imparted security awareness to new joiners.
Performed security evaluation of tools.

Lead Consultant Information Security

Computer Sciences Corporation May 2006 - Sep 2009
A. Client Projects

Acted as Lead Information Risk Manager and Compliance Assurance Manager for Motorola / Freescale Asia,
UKBA, Royal Mail Group & UKBA.
Implementation and Maintenance of Information Security Management System (ISMS) For Client Operations.
Documentation and Updating of Clients Security Policies, Standards, and Standard Operating Procedures.
Conducting Risk Assessments at Periodic intervals as Per Client Information Security Lifecycle.
Manage and Coordinate Onsite Annual SAS70 Type II Audit Preparations Across Hong Kong, People Republic of
China and Malaysia data centers.

Page 2
 Engage in SAS70 Pre-Audit Evidence Collection, Evidence Analysis, and Providing CSC Management Response to
Audit Queries Raised By External Auditors During the Course of Audit.
Communicating Audit Progress and Open items Remediation Status to CSC & Client Management.
Conducting Internal Audits and Evaluating Internal Controls for Compliance.
Conducting Periodical Information Security Awareness Programs For Offshore Staff.
Respond to Security Incidents by Chairing Service Restoration Teams and Analyze Potential Business Impact and
Recommend Remedial Action.
Coordinating with CSC Field services for Deployment of Critical Security Patches and latest Anti - Virus
Definitions across Client Infrastructure Managed by CSC.
Periodically Reporting Information Security Status to Governance Board through Monthly Reviews.

B. Internal Projects

Conducted Physical Security Audit for CSC Chennai Facility.

Conducted Physical Security & Logical Access Management Audit for Royal Mail Group Operations Managed at
CSC India Facilities.
Represented CSC India team for Security during Various External Audits Conducted for Multiple Clients of CSC.
Developed Physical Security Framework for CSC Noida Campus Facility in line with ISO27001 Requirements.
Conducted Baseline Security Assessment of CSC India & Covansys Information Security Controls for Merger of
Information Security Frameworks.
Completed Documentation on CSC India Information Security Controls and Processes for Client Outsourced
Operations.
Provide Response to Request for Proposals for CSC Potential Clients Through Scoping, Solution Design, Effort
Estimation Computation and Due Diligence Participation.

Associate Consultant Information Security

Intersoft Data Labs Nov 2005 Mar 2006
Conduct quarterly risk assessment for Citigroup.
Verification of BS7799 compliance through internal security audits and reviews.
Documenting changes in security policies and standard operating procedures.
Participate In Citigroup external audits and annual BS7799 audits.
Tracking security incidents and ensuring timely resolution through incident response process.
Conducting business impact analysis (BIA) for Intersoft business functions.
Defining test evaluation criteria for business continuity plan and verifying results of test plans.
Conducting security awareness training for employees at regular intervals.
Ensuring infrastructure security compliance through change management process.
Verification of privilege management through user entitlement reviews.

Senior VPN Engineer

Convergys India Dec 2002 - Oct 2004
Configuration and troubleshooting of site-to-site and remote client to site VPN tunnels based on IPSec and
PPTP protocol across Cisco 3000 Series Concentrators, Cisco Pix Firewall and Cisco Routers.
Configuration and troubleshooting of VPN Termination with Cisco and third party devices including Netgear,
Sonicwall, Netscreen, Checkpoint and Linksys.
Reporting and tracking bug Issues and fixes for Cisco customers.

Technical Support Engineer

VCustomer Services Oct 2001- Sep 2002
Installation and configuration of Netgear Small Office-Home office products for customers.
Configuration of Microsoft file and print resources for customers.
Page 3
 Customization of IP protocol filters to meet customer traffic filtering requirements.
Configuration of Site-to-Site and Remote Client Virtual Private Networks.

ACADEMIC CREDENTIALS
Graduation : B.Com (Honors), Delhi University
High School : N. C Jindal Public School

PERSONAL DETAILS
Date of Birth : 13 March ,1977
Address : 250-E, MIG DDA Flats, Rajouri Garden, New Delhi -27
Valid Passport : Yes
Visa : US BI / B2
Linkedin ID : https://in.linkedin.com/in/amita1

Page 4