#1101, Block C2, Palam Vihar

MUKESH SHARMA, CISM, ISO/IEC 27001:2005 LI Gurgaon (HR) 122 017

Manager Security and Risk Management Mobile: +91-81307-26677
Aon Service Corporation, Gurgaon (HR) Online.mukesh.sharma@gmail.com
Profile: Energetic, visionary strategist qualified by a 15+year record of ground-up success
in information security. Continuous learner with a passion for innovation in security risk
management to drive bottom-line business contributions (optimizes security investments,
avoid losses from security incidents, improve customer retention, enhance business
decision-making, reduce corporate liability). Exceptional levels of integrity, work ethic, and
drive to achieve. Expertise in:

Vulnerability Management User Access management

Information Risk Management IT Audit & Compliance Management
ISO 27001:2005,SOX, FFIEC, PCI DSS, HIPAA Security Tools, Processes & Policies
Security Incident Response Programs IT Risk Governance & Best Practices
Global Project Lifecycle Management Vendor Management
Information System security metrics

PROFESSIONAL EXPERIENCE
Aon Service Corporation Gurgaon (HR)
Manager- SRM-Global Infrastructure Security November 2013 Present

Information Security Operation

Re-defined and Re-established Vulnerability Management program (Vulnerability
advisory alert Notification, Internal and External Devices VA, Third party Penetration
Testing) for Aon Global (120 Countries)
Defined three year strategy for Vulnerability Management program; established VM
program; further moving towards maturity of overall program.
Working with Global and Regional security leaders to deliver the defined security goals
for the vertical.
Prepare or Update MBSS document for different software products (OS, Application &
Middleware) within AON computing profile environment.
Supported Security Operations Centre (GSOC) establishment in India and integration of
VM for hand in hand operations.
Front end client and internal audits for major clients and ensure compliance as per
contractual agreement from VM perspective.
People management, Stakeholder Management, Program/Activity Transitions and
Vendor Management.
Tool Management; Qualys Guard

Governance & Metrics:

Defined Strategy/Roadmaps and established processes around Vulnerability
Management (Process Documentation, Core Services identifications, Define SLAs for
Core services), Content Filtering (Security Risk assessment process), Policy Exception
Process.

1
 Defined metrics for different security programs and design a reporting framework,
Preparing Dashboards for different security programs and presenting same to
Stakeholders and Management.
Managed Global IT Risk assessment program for all the Aon centres in EMEA (55
Countries) and APAC (21 Countries) region.

IBM Global Process Services Pvt. Ltd. Gurgaon (HR)

Manager -Information Security Operations May 2010 - November 2013

IT Security Governance & System Security Metrics :

Ensure and drive compliance as per IBM Information Security Standards for IT
Infrastructure and Application Management (Data Privacy, Accessibility, and others as
applicable). Creating awareness of the security policies (policy Updates) among the
different teams. Tracking the awareness programs effectiveness/implementation through
different mediums. Live Testing, Quiz, Automated reporting, and Internal IS mandatory
courses.
Preparing and presenting MSAC reports to the information security executive
management on quarterly basis which covers all the Information Security compliance
metrics. For security activities i.e. ID Management, Devices Health Check, VA, Change
management, reviewed policy adherence, Incident management, AV Management,
Patch Management, Cyber security controls for Privilege Users etc.
Tracking the unmitigated security risks & follow-up for the risk mitigation through IBM
internal tools like CIRATS, ITT & Elixir. Reporting the risk status to management on
monthly basis.

Compliance:
Drive ISO 27001 - Achieve ISO 27001 certification IBM locations and perform internal
Audits.
Lead as project manager to assess and certify major clients on PCI-DSS
Review and develop Info Security operations/cross-functional processes and procedures
taking account of industry best practice, legislation and regulation, also to ensure
continuous improvements in quality & relevance.
Risk analysis and treatment for clients using proactive risk assessment methodology.

Information Security Operation:

Lead IS WRMs & ensure Info-Security Operations Calendar is monitored weekly and all
milestones are met as per target.
Ensure security activity like ID Validation, Patch Management, Antivirus Management,
Health Check, Vulnerability scan on OS (Windows, Non-windows ), Middleware,
Applications has been executed as per timeline and well documented.
Management of security tools like Websesne, IPS, Symantec PGP, Symantec end point
protection, FIM, DLP, TSCM & TCIM.
Front end client and internal audits for major clients and ensure compliance as per
contractual agreement.
Handle Security Incidents and provide corrective and preventive controls
Part of Change Advisory Board; Review the BCP testing reports, and initiate corrective
actions for the identified gaps.
Centralization of Security operations to improve governance and control.

2
Business Centric:
Writing response to client RFP, IT Security solution for clients, based on IBM Security
standards, Creation of Qsec (Mutually agreed controls, On the basis of contractual
requirement) document for clients.
Manage team of 3 resources, assign them KRA and their development plans. Finalize
their yearly performance assessment.

Automation and Implementation:

Successfully implemented the Privilege ID tool and CBN Tool for ID Validation
perspective PAN India & Manila.
Implemented Websense V10000G2 Appliances for content filtering using WCCP and IP
spoofing features across IBM GPS locations and helped to implement the same at
Philippines and china locations.
Implementation of Websense remote filtering (RFS) across IBM GPS locations.

Dell International Services Chandigarh(UT)

IT Support Sr. Specialist July 2006 - May 2010

IT Security Operations:
Security Tools management; Symantec Antivirus server, Smart filter content filtering,
Mcafee safeboot (Endpoint Encryption software).
Workstation and server patching reports using SMS 2003 server and getting that fixed
from desktop location team.
Desktop image hardening for the locations and implementation of the controls with the
help of ADS team (GPOs, Scripts and Batch files)

Remedy Incident Queue Manager/IT India Situation Manager Role:

Remedy Incident Tickets assignments, Escalation Handling, Managing Remedy
compliance, CE Scores and SLA, analysis of Root Cause and work and eliminate the
common issues.
Reporting the critical India level situations to the global teams and SMT also following up
with them until issues gets resolved.

Part of Virtual Network Team:

Worked with core network team all the site network related issues, Local management of
LAN/WLAN at the site also new network device implementation at the site.
Handling the LAN/WAN documentation for the site.

Interpro Resource Management Pvt Ltd

(On deputation to Dell International Services) Chandigarh(UT)
Support Engineer Jan 2006- July 2006

Responsibilities:
Providing resolution to IT issues for Desktop/Servers/Network etc. Providing technical
support.

3
 Assisting in solving problems using available SMS & other software tools. Also
supporting operating systems, software and related I/T peripherals.
Addressing and resolving hardware, software and customer issues.
Expertise in Troubleshooting, Researching, Diagnosing, Documenting & Resolving
technical issues surrounding Active Directory Administration, Exchange Administration,
Windows XP/2000, Microsoft Office 2003, Email Client configuration, Remote
Connectivity, SMS client, Dragnet(VPN Client) & Wireless configuration, Symantec
Antivirus & eliminating spywares, Roaming/Local NT profiles, COF and Dell specific
applications

Spectranet Ltd. A Division of Punj Lloyd Ltd. Delhi

IT Engineer June 2005-Dec 2005

Responsibilities:
Management of firewall, LAN and Data shares and other local servers. (DC, DNS,
DHCP).
Taking care of efficient and smooth functioning of network operations (TCP/IP, Domains,
Protocols)
Maintenance of Computer Hardware / Software (Assembling, installation &
Troubleshooting) for the organisation & office documentation work.

I&IT Computer Education Center Una(H.P.)

IT Services Executive Nov 2002-May 2005

Responsibilities:
Installation & Management of LAN (Ethernet Cabling, Installation of severs.
Creation of different domains for all the class rooms/labs, configuration of computers on
domains & workgroups, TCP/IP monitoring)
configuration & assembling of new computers, Installation of Operating System
(Windows) with device drivers and other applications, configuring them in domain,
Troubleshooting of H/W parts

Poonam Computertech Una (H.P.)

(Franchisee of Aptech Computer Education)
Sr. Faculty April 2000-Nov 2002

Responsibilities:
Trainings for Bank Employees MS Office and their own applications (State Bank of
Patiala, SBI)
Helping the teams with their final projects (Foxpro), Hardware/Network/OS trainings.
Maintenance and Installation of Hardware, LAN and OS related issues for the centre.

EDUCATION & PROFESSIONAL PROFILE

Bachelor of Science (B.Sc.): Himachal Pradesh University, 1999

Diploma in Information system Management (DISM): Aptech Ltd.
BS ISO/IEC 27001:2005 Lead Implementer: BSI, Delhi
ITIL V3 Foundation: EXIN CONSULTANCY. LTD

4
Microsoft Certified system Engineer (2003 Server): Microsoft Corporation.
Cisco Certified Network Associate (CCNA ): Cisco Systems, Inc.
CISA In progress, exam scheduled on June, 2016