VISWESWAR CHINTA

Hyderabad, India
Contact: + 91 900 0050 586 | E-Mail: [email protected]
Information Security| InfraStructure Security| Application Security| Cloud Security|
GRC| ITGC, SoX, SOC Audits
Governance | Compliance | VAPT | DevSecOps | Python | COBIT, NIST, ISO 27001,
PCI DSS, HIPAA, GDPR
PROFILE SNAPSHOT
 ISACA Credentialed Information Security Auditor offering over 15 years of extensive track record of
success specialising in Security, IT Auditing, IT Risk Management Frameworks & Standards,
including NIST, COBIT, COSO, GDPR, ISO 27001, executing & delivering IT Security engagements
like applications, database, operating systems, middleware, networks, IT application controls, and
IT attestation within the Information Technology & BFSI , FinTech domains
 Leverages expertise in incorporating application development technologies & development related
security plans, logging & server monitor models, datawarehousing, Big data concepts,
Infrastructure architecture, SSL self-signed & third-party certificates’ installations, and renewals
 performed various functionalities on GitHub, Jenkins CI/CD, Ansible, Docker containers, Cloud technologies like
AWS & Azure, Cloud Security POCs, AIML model training and fitting & security with a keen focus on technical
components/layers/technical tools involved in development & support projects
 Adept at technology risks & controls of emerging technology solutions, including Cloud, & DevSecOps,
reviewing various documents like the assessment of materiality, significant risks, & significant accounts, and
enhancing the end-to-end software lifecycle focusing on the 2LoD focus areas
 possessing an adequate understanding of IT audits, readiness/support related to FISMA (NIST, RMF, FISCAM,
SA&A Support), commercial frameworks (COBIT, ITSM / ITIL), IT Security, IT Infrastructure, Internal Controls,
remediation of identified deficiencies & vulnerability scanning, and regulatory requirements like MAS TRM
Guidelines, PCI DSS, HIPAA and SOX
 coordinating the performance of Sarbanes Oxley Management design assessment, testing, & issue closure
process for multiple IT applications/processes in a global structure and handling ERP systems like SAP, Oracle &
AWS Cloud, Linux OS, Middleware & Web Servers, SSLs, etc.
 Profound efficiency in correlating with cross-functional and multinational teams with the ability to prioritise,
assign, and manage IT security & governance tasks within timelines and interact with clients/stakeholders
across hierarchal levels to ensure smooth project execution and maintain solid client relationships

GLOBAL EXPOSURE
Gained valuable global exposure by spearheading multiple projects as a Senior Member of Technical
Security in Singapore and the United States of America

AREAS OF EXPERTISE
Vulnerability Assessment | Server Management | Risk Management | Operations Management | Networking &
Security Management | Troubleshooting | Security Incident Management | Technical Documentation | IT Security
Planning | Security Analysis | Monitoring Security Access | Database Security | Risk Mitigation Planning | Security
Standard Auditing | Requirement Gathering & Analysis | Quality Assurance | Threat & Vulnerability Assessment | IT
Networking | Malware Analysis & Mitigation | Team Building & Management

TECHNICAL COMPETENCY
Operating Systems: Aix, Linux (REDHAT, Ubuntu), & Windows
Cloud Computing: AWS & Azure
DevOps/Container GIT, Maven, Jenkins, Ansible, & Docker
Tools:
Application/Web WebSphere, Tomcat, IHS, & Apache
Servers:
Database: DB2, Oracle, SQL Server, MongoDB , SnowFlake
Monitoring Tools: SiteScope,Wily Introscope, SCOM, Splunk, BSM, BPM, Burpsuite, Wireshark,
Dynatrace, & AppDynamics
Languages: Python & Java , shell scripting
SAST & DAST : Sonarcube , Veracode , Nessus , Qualys

CAREER CONTOUR
 Sep 2023 – May 2024 | Information Security Ops Assurance Analyst - VMware Broadcom through Magnit
Corporation | India
 Oct 2018 – Sep 2023 | Manager –Projects | GSR Services pvt Ltd | Chennai | India
 Dec 2017 – Sept 2018 | Associate Architect at Virtusa Corporation, Hyderabad, India
 Mar 2014 – Nov 2017 | Senior Member Technical Security at Broadridge Financials, Hyderabad, India
 Mar 2010 – Jan 2014 | Senior Software Engineer at HCL Technologies, Bangalore, India
 Jun 2005 – May 2008 | Software Engineer at Systems Technology Group , Chennai, Tamil Nadu, India

SCHOLASTICS & ACCREDITATION

2005 Master of Computer Application | Anna University, Chennai, Tamil Nadu, India
2002 Bachelor of Computer Application | Andhra University, Visakhapatnam, India
Certification:
Accredited with “Information Systems Auditor” certification from ISACA, 2022

OVERALL KEY DELIVERABLES

As an Information Security Ops Assurance Analyst
Information Security |Infra Security |Governance |IT Audit&Compliance | App Security |
VulnerabilityManagement | Client Relations
 Establish and ensure effective implementation of security controls and best practices.
 Enable the highest level of observability into business-critical infrastructure, applications, and services for
effective monitoring, investigations, and response.
 Deploy, manage, and maintain suite of security tools and services, adhering to best practices, tracking industry
trends, and ensuring solutions are maintained and aligned with changing needs and industry advancements.
 Support the design and implementation of technical security controls for on-premises and cloud environments.
 Research and apply guidance to further strengthen configurations of compute, storage, network, application,
and authentication systems for hardened security.
 Prepare and deliver security metrics and reports.
 Respond to incidents, participate in investigations, and contribute to the Computer Incident Response Team
(CIRT).
 Contribute to vulnerability and threat assessments, ensuring rapid identification, isolation, remediation, and
effective communication of issues
 Proven experience in a technical IT security capacity, with relevant security engineering experience and focus
on authentication systems and technologies
 Authentication Systems Management: Design, implement, and manage robust authentication systems ensuring
secure access to resources.
 Azure Active Directory (Azure AD): Administer and optimize Cloud AD environments, including demonstrable
experience on best practices for user provisioning, group management, and directory synchronization and trust
management.
 Single Sign-On (SSO): Develop and maintain SSO integrations with various applications and services, ensuring
seamless and secure user access.
 Conditional Access Policies: Create and manage conditional access policies to enforce organizational security
requirements, ensuring compliance and protecting against unauthorized access.
 Experience with AWS, GCP and IBM cloud platforms and securing cloud-native infrastructure.
 Proficiency in enterprise operating systems, including Linux, Ubuntu, and Windows.
 Demonstrated knowledge of privacy and compliance frameworks such as ISMS ISO 27001 ,PCI DSS, GDPR,
HIPAA, NIST CSF , NIST 800-50 Rev2 , SOC 2.

As Senior Manager - Information Security & Compliance

Information Security |Infra Security |Governance |IT Audit&Compliance |App Security |
VulnerabilityManagement |Client Relations
 Proficiently conducting Information Security Metrics for all quarters of the financial year
 PWC RED Team Assessment Report remediation
 Effectively maintaining the Company Cyber Site coordination with all stakeholders
 Efficiently performing VAPT & VA functionalities for 100+ important applications of the IndusInd Bank
 Actively participating in technical discussions with cross-functional teams for implementing new features
 Liaising as a SPOC for Information Security, Application Security, and Governance for all application teams
 Carrying out client meetings and assisting the customers by providing appropriate documents
 Correlating and analysing various events using SIEM tool to detect IT security incidents
 Scrutinising multiple security technologies like SIEM, IDS IPS, Syslog, file integrity, Nessus vulnerability
scanners, and VAPT operations
 Analysing the IT environment to evaluate the application and mitigate infrastructure risks and controls
 Developing & executing tests to identify control weaknesses, document deficiencies, and provide
recommendations to enhance business & technology operations
 Proactively building & maintaining solid client relationships by exceeding expectations and demonstrating
detailed knowledge of the clients’ business & technical environment
 Enhancing the entire facets of IT audit & maintenance engagements
 Extending leadership & technical guidance to all levels of personnel, including mitigating infrastructure-related
issues
As a Manager – Projects
Infrastructure Security | App security |IT Audit Management | Security Planning | Audit Deliverables
Management| Training & Development
 Dealt with Infrastructure management & Infrastructure Security.
 Planning, directing, overseeing, and reviewing security assessments, prioritizing engagement tasks, including
supervising the tests of business process and IT general controls, communicating engagement progress to
Leadership and the engagement team, reviewing report drafts, and assisting with presenting engagement
results to Leadership
 Participate in cybersecurity assessments for ISO 27001 assessments in service industries
 Assist with other cyber engagements including IT auditing, risk assessments, SOC reporting, compliance
 Assist the Organization in developing new tools/Techniques that enhance the efficiency of completing a
application security validated assessment
 Participate in developing threat landscape, security threat and vulnerability management, and security
monitoring and analytics
 Strategically developed staffing plans and audit & security skill development programs
 Actively involved in planning, testing, & reporting phases of assigned IT audits and liaised as the IT resource for
the integrated audits
 Ensured the audit deliverables complied with the pre-determined due dates
 Performed various analyses and presented the findings to clients, and suggested appropriate action plans
 Carried out special projects and other responsibilities as per project requirements
 Proactively trained the clients and peers on various technologies and assisted the external auditors
 Coordinated with multiple security implementation teams to resolve OS-related issues
 Carried out the end-to-end audit management & maintenance activities, including project/workforce
management
 Coordinated with the web developers to successfully manage client relationships
 Liaised as a SPOC for audit requirements and simultaneously managed multiple projects
 Correlating with the Cloud Engineering teams for providing cloud-based security solutions to diversified clients
 Configuring & installing SSL certificates for secured communication on web and app server layers

PROJECT CONTRIBUTION

# Title: VMware Ops Assurance | Client: WellsFargo | Role: Information Security Analyst |
Environment: Information Security, Compliance, VAPT, Vulnerability Management, ITGC Audit |
Tenure: Sep 2023 – March 2024

# Title: APSFL – EPD | Client: APSFL | Role: Manager - Projects , Senior Manager - Information Security &
Compliance
| Environment: Information Security, AWS, DevOps, Middleware, Security, ITGC Audit , Compliance,
VAPT, Vulnerability Assessment, Vulnerability Management, Auditing | Tenure: Oct 2018 – Sep 2023

# Title: Lilly Shared Services | Client: ELI Lilly, Indiana Polis, USA | Role: Associate Architect |
Environment: Vulnerability Management, AWS, DevOps, Middleware, Security, ITGC Audit | Tenure:
Dec 2017 – Sept 2018

# Title: PS UNIX | Client: Broadridge ICS SD, USA | Role: Senior Member Technical Security |
Environment: Aix, Linux, Websphere, IBM Http server, Apache, Tomcat, SSL Installations & Renewals,
Auditing | Tenure: Mar 2014 – Nov 2017

# Title: DBFeeds | Client: Deutsche Bank, Singapore | Role: Senior software engineer |
Environment: ITGC Audit | Tenure: Mar 2010 – Jan 2013

# Title: FOM Issam | Client: Ford of Mexico | Role: Software Engineer | Tenure: Jun 2005 – May 2008