Manoj Gupta

Nationality – Indian, Current Residency - India

+91-99-11-11-00-92
Email: manoj.gupta4444@gmail.com, manoj.gupta@outlook.com

** IMMEDIATELY AVAILABLE **

PROFESSIONAL SUMMARY
 Working professional of 16 years in IT Industry. Experienced in Industry domain like Banking, Telecom, Retail
Manufacturing, Publishing, Airline/Airport Aviation Industry.
 Roles covering human capital leadership, Service Management, Project management Leadership, ICT Services
Management consultant, Enterprise Architecture Solutions, team, and leadership coaching.
 Involvement in establishment of IT Infrastructure departments likes IT Service Desk, Command Centre,
Application team, Database team.
 Managing Framework and compliance like ITIL/GDPR/PCIDSS and IT audit activities and Security assessment for
clients including IT general controls review, cyber security assessment, IT Governance and Business Continuity
readiness review.

PROFESSIONAL CERTIFICATION / TRAINING / WORKSHOP S ATTENDED

ITIL V3 Expert Certified. PMP Certified.
PRINCE2 Project Management Certified. ISO 20000 Implementation Certified.

CISSP Certified. COBIT 4.1 Certified from ISACA.

GDPR (General Data Protection Regulation), (California Trained, Attended PCI DSS compliance training.
Consumer Privacy Act) CCPA

ISO 27001 Lead Auditor Certified. IBM TIVOLI 5.5 Certified (Backup & Storage).
ISO 27002 Certified
BSI ISO 9001 2008 Lead Auditor QUALITY MANAGEMENT Completed CCNA and MCSE training from STG Education.
STSTEM.

ISO 22301 - Business Continuity Management Systems CISA, CCSP trained.

Certified from EXIN.
NIST SP 800-53(Security Controls), AWS Cloud Solution Architect Certified

Vulnerability Management (Nessus, NMAP) OWASP Understanding.

Microsoft cloud Azure Administrator Certified

EDUCATIONAL QUALIFICATIONS

 B.C.A Degree (Bachelor of Computer Application), IGNOU University, India

ORGANISATIONAL EXPOSURE

Quickwin Groups Saudi Arabia(Remotely from India)

Senior IT Security Consultant March 2020 – March 2021
Project: Saudi Arabian Banks
 Worked as Manager for Governance Risk and Compliance for Banking environment. Managed a team of 7 IT GRC
professionals for looking after banking IT environment. Managed bank’s IT’s governance, enterprise risk management and
compliance against standards and frameworks like ISO 27001, SAMA, NCA.
 Experienced in engagements with and presentations to senior management (CxO’s) for various Cyber Security GRC tasks.
 Worked on Information Security Risk Assessment to identify the risk associated with the existing Infrastructure and
providing recommendations to maximize the protection of confidentiality, Integrity and Availability.
 Reviewed, developed, or evaluated information security policies through IT Audit and recommending the gaps and changes
to be developed in the organizations policy and procedures.
 Reviewed Security Architecture design to determine the design flaws/weakness and to accessing the implemented
architecture against industry’s standard and best practices.
 Designed a self-assessment CMMI maturity tool for banking clients for SAMA. NCA and CMA regulations and compliances.
Malaysia Airport Consultancy Services Doha, Qatar
Subject Matter Expert – IT Governance Jan 2015 - Dec 2019
Project: Airline / Aviation Industry/ Qatar Airways, Hamad International Airport
 Managed Airlines, Airport IT Infrastructure systems comprises of IT Security, IT GRC, Change & Digital transformation at
Airport with managing a team of 20 IT security consultants on 24*7 basis.
 Implemented IT GRC Solution for Airport/Airline by serving as IT Security GRC manager to ensure and monitor compliance
with Industry’s regulations at Enterprise/Region/Site level with help of Standards/ Frameworks like ISO 27001, Privacy,
GDPR.
 Worked on DLP (Data Loss Prevention) activities for Security transformation through Firewall/Antivirus, with regular checks
for backups, and Security patches and with McAfee Data Loss Prevention. Worked on SIEM tool (SPLUNK) for monitoring
logs and detection.
 Worked on VAPT coordination activities and worked with tech teams to handle the VAPT findings. Monitored SEIM tools,
IPS/IDS, Firewall, event logs, security logs to analyze and risk mitigation.
 Worked on IT Security Risk Management which involves identifying, assessing, and treating risks to the confidentiality,
integrity, and availability of asset at Hamad International Airport and Qatar Airways.
 Assisted with maintenance of Business Continuity standards, procedures, BIA, Continuity Plans methodologies and
templates for business processes in co-operation with Airport IT Crisis Management Team (CMT). Coordinated training and
awareness for people having a need to understand Business Continuity Management.
 Worked on defining and regular monitoring on KPIs (Key Performance Indicators) for IT Security and Compliance as per SLA
(Service Level Agreement) to improve IT performance. Conducting weekly and monthly spot checks on the PCI-DSS
(Payment Card Industry Data Security Standards) mandated checklist to ensure that the IT Security team meets the
standards strict requirements.
 Performed Risk Assessments to understand the level, significance, and scope of risk. Monitoring compliance, regulations
and internal policies on regular basis and Investigating irregularities and non-compliance issues and report to management.
 Worked on Information Security activities like reviewing and coordinating activities for Microsoft OS Security vulnerability
patches for workstations and Servers. Worked with multiple IT Security vendors and assessed work of scope as per
contract.
 Analysed the IT Security impact of any change deploying in the Airport IT infrastructure production environment and
making sure that any IT Security change goes through IT Change management process.
 Ensured the implementation of guidelines and strategies. Ensured the adherence to processes for very department as per
SLA. Defining the roles and responsibilities and regular checks as per description.
 Involved in conducting incident response analyses by monitoring the system for network and developing the Incident
Response Plan in correspondence to NIST framework. developing, and conducting training programs for Cybersecurity
awareness. Worked on Cyber Security threats, Malware and Vulnerabilities to secure network systems by updating systems
on updated patches from OEM on regular basis.
 Worked on regular IT Audits for all departments and presents reports to senior management.
 Have knowledge and understanding of Qatar NIA (National Information Assurance Policy).
 Managed IT Register for documenting risks, and actions to manage each risk and making it sure that actions are taken to
respond to each risk. Developed and Maintained KRI (Key Risk Indicators) and monitoring it regularly.
 Analysed the Security impact of any change deploying in the Airport IT infrastructure production environment.
 Worked on IT Security Risk Management which involves identifying, assessing, and treating risks to the confidentiality,
integrity, and availability of assets . Managed Security governance through applying Security principles via Change control
and management. Mainly change activities involves installation of OS Security patches (test patches to be done),
Upgradation of Antivirus of Symantec client Antivirus on Servers and on workstations which are recommended by OEM
(original equipment manufacturer). Worked on Vulnerability assessment through Nessus, NMAP tool to continuous
monitoring, mitigation, remediation to protect IT.
 Performed review of various access review i.e. USB, Firewall rules, VPN review, User access, Admin access user review.
 Developed documents and implementing security policy, standards, procedures, and guidelines throughout the
organization in correspondence to ISO 27001 Security standard and frameworks like ITIL/ISO20000/COBIT and PCIDSS as
compliance and NIST Cyber Security framework SP 800-53.

Quickwin Groups Saudi Arabia, UAE

IT Consultant July 2013 –Dec 2014
 Worked as IT GRC consultant for Saudi Arabian Bank and UAE Bank.
 Supported ICT (Infrastructure Communication Technology) processes like Access, Event, Request Fulfilment, and Service
Desk and coordinating lifecycle management for Infrastructure Services.
 Working on several service desk quality metrics to improve performance of service desk agent and team.
 Managing Different IT Teams like Service Desk, Command Centre, windows Team, Messaging Team.
 Worked on governance activities through ISO 20000 and ISO 27001 standards.
 Executed technical risk assessments around applications, Networks, control testing etc.
 Documented policies & procedures meeting the regulatory compliance and risk management requirements.
 Managed 3rd party/sub-contractors as part of the GRC delivery engagement.
 Performed Gap analysis of processes and indicative process maturity based upon the capability maturity model (CMMI), i.e.
Initiation, Awareness, Control, Integration, and Optimization.

Tata Consultancy Services Pune, India

Project Manager IT Security July 2011- June 2013
 Worked as IT Security Project Manager for IT Application Support Environment for Retail Manufacturing P&G, Barclays Bank
which involved 10 IT security consultants in-house and remote office.
 Performed compliance reviews to identify their gaps against industry standards or regulations and support clients in
developing and implementing processes and controls to meet requirements.
 Worked on BIA (Business Impact Analysis) Business Continuity Planning, DR (Disaster Recovery) for different technical team.
Worked on BCMS ISO 22301 requirements (Business Continuity Management System), Helped Business continuity
manager in creating policy, objective, and processes. Developed BCP/DR (Business Continuity Planning/Disaster Recovery)
document with help of technical teams. Drive awareness and communication to field leadership for crisis management
plans with all relevant teams.
 Worked on IT Security controls and involved in checking effectiveness of controls and identify opportunities for
improvement. I had regular interaction with Senior management to convey findings identified through walkthroughs and
testing, assess the risk and impact of deficiencies, and make recommendations for remediation.
 Worked for developing IT Security Policies and Procedures for IT Infrastructure as per ISO 27001 standard and COBIT
framework.
 Monitored on-going compliance of suppliers and Third party within set schedules depending on the risk profile of the
supplier. Partners with key stakeholders in the business and overseen the identification, assessment and documentation of
risks and controls, including risks associated with new or modified products, services, distribution channels, regulations
and/or third-party operations.
 Supported the implementation and maintenance of the company's security awareness program, including execution of
regular assessments, awareness training and other activities.
 Worked with crisis management team and was responsible for supporting the delivery and management of crisis/incident
response and testing on a global scale.

Cognizant Technologies Pune, India

Tech Lead – Managed Services, IT IS Oct 2010 - July 2011
 Worked for two projects: AT&T (Telecom) and Credit Suisse Bank.
 Worked as Manager to manage a team across different parts of the organization to conduct privacy impact assessments
and guide the business in implementing good data privacy practices.
 Worked collaboratively with Banking business and technical teams to define and operationalize privacy governance
requirements.
 Experienced in supporting a privacy Vendor due diligence review program.
 Assisted in telecom project in coordination and monitoring of the execution of each Business Continuity / DR testing from
beginning to end.
 Worked for Business continuity planning, prepared the IT Risk Assessment, Impact Assessment and BCP/DR plans. Risk
assessment for each process as per project requirement.
 Maintained IT Security Policy document and reviewed it on regular intervals and provided awareness sessions to staff.
 Worked on developing and regular checks in KPI to ensure all measures are in place.
 Prepared various training and awareness programs include IT Security for various business partners and in documented
process. Responsible for ensuring that project resources receive any necessary training and are used effectively.

HCL Technologies Ltd. Noida, India

Senior Specialist, Service Delivery, ITIS March 2009 - Oct 2010
 Worked as IT IS specialist for RDA (Reader’s digest Association) Infrastructure Project.
 Experienced in understanding of IT Governance, Risk and Compliance (GRC) processes and solutions for Publishing industry
and applied and monitored continuously.
 Worked on IT Security and Compliance program to review and implementation of information security policies,
procedures, and technical standards to prevent unauthorized disclosures, unauthorized use, modification, and suggested
control improvements.
 Reviewed and updated IT processes and IT Security Policy & Standards documentation. Assisted with development and
delivery of IT Security awareness training and materials.
 Regularly interacted with all levels of management to present and discuss audit results and obtain gap remediation status.
 Worked for ICT (Infrastructure Communication Technology) processes like Access Management, Event Management,
Request Fulfilment, and Service Desk.
 Designed ITIL process procedures, checklist documents for processes like Incident, Change, Release, IT Security, and
configuration, IT Capacity, IT Service Continuity and Availability Management.
 Worked for EUC (End User Computing) services like Service Desk, Helpdesk, Command Centre, and Application Packaging
etc. Responsible for ensuring that project resources receive any necessary training and are used effectively.

Agilis Information Technologies Ltd. Gurgaon, India

Application Support Engineer March 2008 - Oct 2008
Reason for Job Change: Laid off due to Recession
 Ensure Continuous Service Improvement Management (CSI) in delivering resolution and restoration of service of IT Services
with SLA.
 Worked with OS UNIX for finding different Server Health report.
 Develops workflow, processes, goals, and policies to continually improve the quality of customer service and technical
service provided to the help desk customers.
 Involved in Infrastructure Planning and Development for Operations Teams for BC/DR (Business continuity
 Worked with firms like AT & T, Verizon to sell Network monitoring tools and preparing sales report.
 Worked for Analysing Application and System logs on daily basis to prevent any failure.
 Pre-release follow up with client addressing issues are going to be fixed in release, fixing time
 Worked om monthly tickets closure reports through Sales Force CRM tool.

Network Bulls New Delhi, India

Project Consultant, Infrastructure Support Jan 2004 - Feb 2008
 Worked for Punjab National Bank and managed IT projects including activities like developing detailed  project plans,
identifying, and coordinating tasks, milestones, risks, resources.
 Managed infrastructure type projects: from network cabling to LAN, Server and PC integration and consolidation activities
like dealing with clients, escalation handling. This includes but not limited to understand customer requirements, budget,
objectives, user expectations and a plan accordingly making sure project are delivered on time, within budget and within
company IT standards.
 Measured service levels aligned to the agreed criteria levels in the SLA/OLA for different IT Clients. Establish and manage
OLA’s with internal Banking IT Infrastructure teams. Worked with presales team to write Proposals for different IT services
like implementation of ITIL Based Service Desk Model.
 Performed IT material management, AMC (Annual Maintenance Contract) including install planning, provisioning
requirements determination, acquisition, distribution, accountability, and issue for consumption, retention, or disposal.
 Prepared reports for the attended support calls and forwarded to the supervisor.