9547930744

www.linkedin.com/in/sarkarrana
sarkar.rana@outlook.com

RANA SARKAR
SUMMARY Extensive ~13 years of experience into Consulting and Managed Services for large scale client
facing engagements across BFSI, Agriculture, Government and ITeS sectors for information
security risk management, vulnerability management, ISO27K compliance, data center enabled
services, etc. Seeking a challenging role in an organization that offers challenging projects, career
development and leadership opportunities in the long run.

SKILLS  Leadership - Excellent communicator; leverage technical, business and financial acumen to
communicate effectively with the stakeholders. Extensive experience in resourcing,
mentoring, support and compliance documentation.
 Delivery - Ability to produce high-quality deliverables that meet or exceed timeline and
budgetary targets. Proven record of success leading all phases of diverse technology & IT
governance project.
 IT Governance frameworks – ISO 27001, PA-DSS, PCI-DSS, NIST
 IT Security Tools – Burp Suite, Acunetix, Nikto, Nessus, Nexpose, etc.
 PM Tools – MS Project, Access, Excel, Powerpoint, Visio

EDUCATION  MBA, SMU, 2014 in Project Management

 B.Tech, WBUT, 2006 in Electronics

TRAININGS &  C|EH

CERTIFICATION  ITIL v3 certified
 Six Sigma Green Belt certified
 Prince2 certified
 ISO 27001 LA certified
 ISO 27002 Foundation certified
 Certified in Ethical Hacking and Security
 Certified Data Center Professional (CDCP)
 Trained in PMBOK 6.0
 HPCSA (HPUX 11i)
 IBM AIX 6.0

CAREER HISTORY Manager – Managed Services | Sify Technologies Limited

Jun 2019 – Till date
 Client & project stakeholder management
 Engagement delivery
 Project P&L management
 Aid in proposals and new opportunity identification

Sr. Consultant in Advisory | PwC

Jan 2016 – Till date
 Engagement economics and quality management
  Engagement profitability planning for new pursuits
 Proposals and business development activities
 Information security governance and compliance
 Develop security standards, implement and maintain them
 VA/PT and ISO 27001 compliance reviews
 Delivery of IT assurance services

Deputy Manager in Enterprise Risk Services | Deloitte

Oct 2015 – Jan 2016 (3 months)
 Lead the third party audit team for IT audit services
 IT controls review and audit
 Information security audit management
 VA/PT and ISO 27001 compliance reviews
 BD and new pursuit proposals

Senior Consultant in Risk Advisory Services | KPMG

Apr 2012 – Sep 2015 (3.6 years)
 Lead the third party auditor team
 ISO 2000 (ITSM) compliance review for IT infrastructure projects
 Information security audit
 VA/PT and ISO 27001 compliance reviews
 BD and new pursuit proposals

Senior Systems Engineer - Data Center Services | Sify Technologies

Nov 2011 – Apr 2012
 Identification, assessment and remediation of vulnerabilities
 Incident, Problem and Change Management

Senior Analyst – UK Information Security Risk Team | HSBC

Sep 2009 – Nov 2011
 Vulnerability assessment of the Unix/ Linux servers in UK
 Change discussion with the asset / application owners
 Remediation of the vulnerabilities
 Incident, Problem and Change Management

Data Center Specialist (Unix) | Hewlett Packard

Jan 2007 – Sep 2009
 Unix / Linux Administrator

KEY PROJECTS Name of assignment : Design of cyber guidelines & advisories for GI Cloud Initiative
DELIVERED Positions Held: Guest consultant
Activities Performed:
 Study CERT-In forecast and alerts of cyber security incidents
 Attend sessions with CERT-In, NIC and STQC advisory committees

Name of assignment or project: Security Audit of ICAR Examination System

Positions Held: Engagement Manager
Activities Performed:
 Security Audit of the web application for ICAR
 Pen Testing
  Infrastructure and Network design review
 Assistance in design and deployment of SOC
 Training of staff and design of SOP based on ICERT emergency measures for handling
cyber security incidents
 Develop incident reporting mechanism with CERT-In for incidents captured in SIEM
 Assist in management in the implementation of ISO 27001-2013
 Assistance in the design of the monitoring and evaluation mechanism based in ISO
27004

Name of assignment or project: Information Security Risk Compliance – Unix Estate for HSBC
UK
Client: HSBC
Positions Held: ISR Expert
Activities Performed:
 Design of Vulnerability management strategy for Unix Estate across UK data centers
 Vulnerability Report management
 Incident & Change Governance
 Remediation of issues / vulnerabilities (Risk treatment)

Name of assignment or project: Design of security guidelines and policies for BI/DW project of
Income Tax Department, Govt. of India
Positions Held: ISR Lead
Activities Performed:
 Review of the network design
 Monitor the operations of Security Operations Center
 Preparation of compliance matrix based on ISO 27001:2013
 Design the IT security policy for the BI/DW DC and NOC based on best practices and IT
risk frameworks (COBIT)

Name of assignment or project: Pension Disbursement Application and Systems Audit

(Controller General of Defense Accounts)
Positions Held: Project team manager
Activities Performed:
 Review and audit of the logic and data controls in the application to be deployed
 Data quality audit of the pensioner’s database
 VA of infrastructure and application
 Pen Testing for XSS and SQL, LDAP, XML, XPath Injection, external service
interactions, etc.
 Assist in the implementation of ISO 27001:2013 for the Data center for Aashraya

Name of assignment or project: Dolphin & Samarth Application Security Audit (Ministry of
Defense)
Positions Held: Senior Risk Consultant
Activities Performed:
 Application controls and logic audit of Pension Disbursement System
 Source code review and audit
 Data Quality audit of the pensioner’s database
 VA/PT of infrastructure and application
 Network security scan and audit

Name of assignment or project: Security Audit of online payment system of Oman Air
Positions Held: Consultant for offline support
Activities Performed:
 Security audit of the web application on staging
 Assessment of idle time out on transactional pages
 Compliance review with PCI DSS clauses
  Review of fraud management filters
 Review of the ISO 27001 mandatory documentations and assistance in drafting of
monitoring and review checklist
 Assist the client to form the team and mechanism for periodic review of performance
and effectiveness

Name of assignment or project: Consulting for Cyber Security – Center of Excellence

Main Project Features: Advisory services for Design of Cyber Security CoE for State Government
Positions Held: Engagement manager
Activities Performed:
 Assist the client with planning and setting up of Cyber Security CoE
 Discussion with various CERT-In empaneled vendors for collaboration

Name of assignment or project: West Bengal State Data Center Audit

Client: Govt. of WB
Main Project Features: IT Audit of Data Center
Positions Held: IT Auditor
Activities Performed:
 SLA Audit
 ISO 20000 compliance audit
 VA & PT of network infrastructure
 Configuration files review of network nodes
 Network security scan and assessment
 ISO 27001:2005 review

Name of assignment or project: Andhra Pradesh State Data Center Audit

Client: Govt. of WB
Main Project Features: IT Audit of Data Center
Positions Held: IT Auditor
Activities Performed:
 SLA Audit
 ISO 20000 compliance audit
 VA & PT of network infrastructure
 Configuration files review of network nodes
 Network security scan and assessment
 ISO 27001:2005 review

Name of assignment or project: Rajasthan State Data Center Audit

Client: Govt. of WB
Main Project Features: IT Audit of Data Center
Positions Held: IT Auditor
Activities Performed:
 SLA Audit
 ISO 20000 compliance audit
 VA & PT of network infrastructure
 Configuration files review of network nodes
 Network security scan and assessment
 ISO 27001:2005 review

Name of assignment or project: Himachal SWAN Security Audit

Client: Govt. of Himachal Pradesh
Main Project Features: Security Audit and Remediation Consulting as CERT-In empaneled
auditor
Positions Held: Project Lead
Activities Performed:
  VA of network infrastructure
 Configuration files review of network nodes
 CAPA tracker for operator

Name of assignment or project: Assam SWAN Security Audit

Client: Govt. of Assam
Main Project Features: Security Audit and Remediation Consulting as CERT-In empaneled
auditor
Positions Held: Project Lead
Activities Performed:
 VA of network infrastructure
 Configuration files review of network nodes
 CAPA tracker for operator

Name of assignment or project: Project Management Unit for KMC Tier III Data Center
Client: Kolkata Municipal Corporation
Main Project Features: PMU & Advisory services for Design, Build, Implementation, Migration &
Operations of KMC Data Center
Positions Held: Project Leader
Activities Performed:
 Customer interactions and analysis of the business needs
 Alignment of team for assessment of existing applications and Data Center infra
 Oversee Data Center Design (Server, Storage, Network, Non-IT, Manpower, etc.)
 Finalize the budget and DPR in consultation with the Technical Committee
 Lead the Bid Management Team

Name of assignment or project: Tier III Data Center Design

Main Project Features: Advisory support for build, implement and operate Tier III Data Center
Client: Slum Rehabilitation Authority Mumbai
Positions Held: Design Lead
Activities Performed:
 Discuss business need with client
 Assess current application portfolio
 Detailed Project Report
 Design RFP
 Bid management for selection of SI

PERSONAL DETAILS • DOB – 16.10.1982

• PASSPORT – VALID
• ADHAAR - 934452608139
• MARITAL STATUS – MARRIED