Académique Documents
Professionnel Documents
Culture Documents
www.linkedin.com/in/sarkarrana
sarkar.rana@outlook.com
RANA SARKAR
SUMMARY Extensive ~13 years of experience into Consulting and Managed Services for large scale client
facing engagements across BFSI, Agriculture, Government and ITeS sectors for information
security risk management, vulnerability management, ISO27K compliance, data center enabled
services, etc. Seeking a challenging role in an organization that offers challenging projects, career
development and leadership opportunities in the long run.
SKILLS Leadership - Excellent communicator; leverage technical, business and financial acumen to
communicate effectively with the stakeholders. Extensive experience in resourcing,
mentoring, support and compliance documentation.
Delivery - Ability to produce high-quality deliverables that meet or exceed timeline and
budgetary targets. Proven record of success leading all phases of diverse technology & IT
governance project.
IT Governance frameworks – ISO 27001, PA-DSS, PCI-DSS, NIST
IT Security Tools – Burp Suite, Acunetix, Nikto, Nessus, Nexpose, etc.
PM Tools – MS Project, Access, Excel, Powerpoint, Visio
KEY PROJECTS Name of assignment : Design of cyber guidelines & advisories for GI Cloud Initiative
DELIVERED Positions Held: Guest consultant
Activities Performed:
Study CERT-In forecast and alerts of cyber security incidents
Attend sessions with CERT-In, NIC and STQC advisory committees
Name of assignment or project: Information Security Risk Compliance – Unix Estate for HSBC
UK
Client: HSBC
Positions Held: ISR Expert
Activities Performed:
Design of Vulnerability management strategy for Unix Estate across UK data centers
Vulnerability Report management
Incident & Change Governance
Remediation of issues / vulnerabilities (Risk treatment)
Name of assignment or project: Design of security guidelines and policies for BI/DW project of
Income Tax Department, Govt. of India
Positions Held: ISR Lead
Activities Performed:
Review of the network design
Monitor the operations of Security Operations Center
Preparation of compliance matrix based on ISO 27001:2013
Design the IT security policy for the BI/DW DC and NOC based on best practices and IT
risk frameworks (COBIT)
Name of assignment or project: Dolphin & Samarth Application Security Audit (Ministry of
Defense)
Positions Held: Senior Risk Consultant
Activities Performed:
Application controls and logic audit of Pension Disbursement System
Source code review and audit
Data Quality audit of the pensioner’s database
VA/PT of infrastructure and application
Network security scan and audit
Name of assignment or project: Security Audit of online payment system of Oman Air
Positions Held: Consultant for offline support
Activities Performed:
Security audit of the web application on staging
Assessment of idle time out on transactional pages
Compliance review with PCI DSS clauses
Review of fraud management filters
Review of the ISO 27001 mandatory documentations and assistance in drafting of
monitoring and review checklist
Assist the client to form the team and mechanism for periodic review of performance
and effectiveness
Name of assignment or project: Project Management Unit for KMC Tier III Data Center
Client: Kolkata Municipal Corporation
Main Project Features: PMU & Advisory services for Design, Build, Implementation, Migration &
Operations of KMC Data Center
Positions Held: Project Leader
Activities Performed:
Customer interactions and analysis of the business needs
Alignment of team for assessment of existing applications and Data Center infra
Oversee Data Center Design (Server, Storage, Network, Non-IT, Manpower, etc.)
Finalize the budget and DPR in consultation with the Technical Committee
Lead the Bid Management Team