Académique Documents
Professionnel Documents
Culture Documents
amitarora13@gmail.com
+91 9899967265
EXECUTIVE SUMMARY
Information security professional in a leadership position with 14 years of work experience with relevant
Information security experience of 13 years in the areas of information security program management, enterprise
risk management, compliance & audit, business continuity management, data privacy, IT compliance and security,
information security project management, vendor management & due diligence.
Currently managing security assurance practice for CPA Global for the past 6 Years across US, EMEA and India
Delivery centres implementing and managing global Information security program with an objective to sustain and
Enhance information security posture and manage overall compliance to the emerging standards and client specific
requirements.
I have been extensively involved in providing information security services to international (US, EMEA & APAC)
Clients representing broad industry sectors.
My professional certifications include CISA, CISM, CISSP, DCPLA, ISO27001 LA, BS7799-ISMS, ITIL v2.0, CCSP, CCNA &
MCSE.
CORE COMPETENCIES
Practice Management - Security Assurance RFP/RFI, Security Questionnaire
Enterprise Risk Management Information Security Project Management
IT Compliance (ISO27001, SOC2, SSAE-16, PCI-DSS, HIPAA) Security Budgeting & Cost Optimization
Business Continuity / Disaster Recovery Security Transitions & Due Diligence
Data Privacy Reviews Vendor Management
Information Security Awareness People Management
CERTIFICATIONS
CISA
CISM
CISSP
ISO 27001: 2013 Lead Auditor
DSCI Certified Privacy Lead Assessor
BS7799-ISMS
ITIL V2.0 Foundation
CCSP
CCNA
MCSE
Page 1
AVP Global Information Security & Business Continuity
CPA Global Feb 2010 Sep 2016
Management of information security assurance practice and leading information security program for CPA
Global US, EMEA & India offices.
Implementation of ISO/IEC 27001:2013 standard across organizations global offices and associated third party
data centers
Implementation and management of ISO31000 enterprise risk management practice to mitigate the risks.
Establish and manage internal compliance & audit practice and track remediation through corrective and
preventive action plan.
Lead and facilitate external audits based on ISO27001 standard and coordinate SOC2 attestations for CPA
Global software products.
Establish and manage enterprise wide business continuity practice for continuity of operations.
Lead and facilitate client audit engagements and provide CPA Global management responses.
Conduct security transitions and baseline security assessments for CPA Global new acquisitions.
Ensure information security compliance to applicable regulations, data privacy & contractual security
Requirements.
Act as an advisory to CPA Global executive management on policy compliance and information security best
Practices.
Lead and facilitate information security awareness program, projects & initiatives.
Contribute to global security roadmap aligned to business strategy and implement security projects with CPA
Global channel partners and third party vendors.
Participate in business development by providing information security responses to client RFi / RFP and
Conduct due diligence for CPA Global Clients.
Provide periodic inputs to CPA Global security governance group & regional Information security steering
committees.
Acted as Lead Information Risk Manager and Compliance Assurance Manager for Motorola / Freescale Asia,
UKBA, Royal Mail Group & UKBA.
Implementation and Maintenance of Information Security Management System (ISMS) For Client Operations.
Documentation and Updating of Clients Security Policies, Standards, and Standard Operating Procedures.
Conducting Risk Assessments at Periodic intervals as Per Client Information Security Lifecycle.
Manage and Coordinate Onsite Annual SAS70 Type II Audit Preparations Across Hong Kong, People Republic of
China and Malaysia data centers.
Page 2
Engage in SAS70 Pre-Audit Evidence Collection, Evidence Analysis, and Providing CSC Management Response to
Audit Queries Raised By External Auditors During the Course of Audit.
Communicating Audit Progress and Open items Remediation Status to CSC & Client Management.
Conducting Internal Audits and Evaluating Internal Controls for Compliance.
Conducting Periodical Information Security Awareness Programs For Offshore Staff.
Respond to Security Incidents by Chairing Service Restoration Teams and Analyze Potential Business Impact and
Recommend Remedial Action.
Coordinating with CSC Field services for Deployment of Critical Security Patches and latest Anti - Virus
Definitions across Client Infrastructure Managed by CSC.
Periodically Reporting Information Security Status to Governance Board through Monthly Reviews.
B. Internal Projects
ACADEMIC CREDENTIALS
Graduation : B.Com (Honors), Delhi University
High School : N. C Jindal Public School
PERSONAL DETAILS
Date of Birth : 13 March ,1977
Address : 250-E, MIG DDA Flats, Rajouri Garden, New Delhi -27
Valid Passport : Yes
Visa : US BI / B2
Linkedin ID : https://in.linkedin.com/in/amita1
Page 4