Jaideep Patil

ISO 27001 Lead Auditor, CCNA, MCP, ITIL V3 (Trained)

He is an ISO 27001 Lead Auditor, CCNA, MCP, ITIL V3 (Trained) and has over all experience of more than 16+ years in Training, Network Management, IT Infrastructure Management, Support domain, Information Security Consulting and Management of Compliance Practices at the organization.

He has an experience of over 7+ years in information security with specializations in Information Security Management Systems (ISO 27000 series), Payment Card Industry Data Security Standard (PCI DSS)) ITIL and Business Continuity Planning. Experience ranges from executing implementation projects in addition to auditing, risk assessment and overall management of the compliance practice at the organization.

Profile

  • ISO 27001:2005 Lead Auditor Course (International Standard for Information Security)
  • CCNA, MCP, ITIL V3(Trained)

He has understanding and knowledge of the following domain-specific repositories of practice information. These are used in conjunction with NII’s custom-methodology for approaching each assignment

Standards
  • ISO 27001 - Information technology -- Security techniques -- Information security management systems -- Requirements
  • ISO 27002 - Information technology - Security techniques - Code of practice for information security management
  • ISO 27005 - Information technology -- Security techniques -- Information security risk management
  • ISO 20000 – International standard for IT Service Management
  • BS 25999 and ISO 22301 – Standard for Business Continuity Management
  • PCI DSS – Payment Card Industry Data Security Standard
Frameworks
  • OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation
  • CoBIT – Control Objectives for Information and related Technologies
  • NIST - Risk Management Guide for Information Technology Systems from the National Institute of Standards.
Regulation
Data Protection Act, UK 1998
SOX
IT, Security Audit and other Compliance Assessment Projects
  • BS25999 Readiness Consulting, Implementation assistance, audits and certification:
    • Asia’s largest and world’s third largest data center services company in India.
    • Travel technology Solutions Company that works with leisure travel companies across the globe, to help them grow their online travel business. Their solutions work across air, hotel, car, vacations, activities / transfers and insurance travel needs.
    • Biggest BPO in India and UK
  • ISO 27001 Readiness Consulting, Implementation assistance, audits and certification, Risk Assessment, Due Diligence audits., policies and procedures development and documentation, Risk Mitigation planning, Vulnerability assessment, Service Desk Auditing based ITIL practices for :
    • Automobile giant from Germany
    • Germany based Software Development company
    • US based Software Development company
    • US based Database organization
    • India’s Leading General Insurance Company
    • Leading Engineering Design Services Organization from India
    • US based BPO and Software Development Company
    • India’s Leading integrated publishing services and content technology solutions provider
    • Leading Business Intelligence Company in India
    • Doha, Qatar based client.
  • ISO 20000 Readiness Consulting, Implementation assistance, audits and certification:
    • Asia’s largest and world’s third largest data center services company in India.
    • Leading Managed Services Organization in India
    • Automobile giant from Germany based out of Pune
  • PCI DSS Readiness Consulting, Implementation assistance, audits and certification:
    • Leading Business Intelligence Organization in India based out of Bangalore.
    • Leading Business Intelligence Organization in India based out of Mumbai.
  • PA DSS Readiness Consulting, Implementation assistance, audits and certification
    • Leading application development organization specialized into Travel Industry Applications based out of Pune.
  • ISO 9001:2008 readiness consulting Implementation assistance, audits and certification:
    • Leading Corporate training organization company in Pune having offices in Bangalore, Delhi, Noida, Hyderabad
    • Leading ITFM company in Pune
  • Compliance checks for a Data Center automation product and interpretation of standards like PCI DSS, ISO 27001, DISA, CIS, SOX (COBIT Framework), HIPPA for the various OS like Windows 2003, Red Hat Linux, AIX, Solaris
  • Compliance management for leading Manufacture in VISA and Master Cards, Smart Cards, Scratch Cards, SIM Cards based on PCI DSS and ISO 27001
  • Compliance management for leading banking BPO based on ISO 27001, PCI DSS and SAS 70
  • Design, Implementation, Documentation and Support of Distribution and Access layers of Wireless and Wired Internet for leading 5 Star Hotels in India.
  • Carried out Network Architecture Review and VAPT for various organization including Public and Private sector banks.
  • Development and Review of Info Sec Policies and Technical Standards for leading bank in Mauritius based on the various international standards and local regulatory requirements.
  • Development and Review of Info Sec Policies and Technical Standards for leading bank in Riyadh, Saudi Arabia based on the various international standards and local regulatory requirements.
  • Gap Assessment against ISO 27001:2005 requirement for a leading bank in Lagos, Nigeria.
  • IT Audit for a leading Bank in Abudhabi, UAE

Carried out more than 1000 Internal Audits for various clients ranging from Banking and Finance, BPO, Software Development, Insurance, Government Sector, Automobile, Manufacturing based on the compliances of ISO 27001, ISO 20000, BS 25999, PCI DSS, ISO 9001 etc

Other Exposures

Standards: SAS 70 and ISO 9001:2008

Network Security
  • Good knowledge of TCP/IP fundamentals
  • Worked on security for a range of Operating Systems, databases, web servers and mail servers
  • Firewall and Router Configuration Review
Wireless Security
  • Auditing WPA and WPA2 encryption
  • Wireless network implementation review
Application Security
  • Well versed with OWASP – Top Ten and WASC Threat Classifications
Penetration Testing
  • Social Engineering
  • Phishing
  • Client-side Attacks
Consulting Process-related
  • Scope identification, expectations management, and resource management
  • Risk Assessment and Management Approaches: Probabilistic Risk Assessment, Current State Assessment, Qualitative and Quantitative Risk Assessment
  • Readiness Consulting for;
    • ISO 27001, PCI DSS, ISO 20000, BS 25999, ISO 22301, ISO 9001-2008
  • Implementation assistance, audits and certification
  • Due Diligence
Project planning and management-related
  • Planned and managed projects involving management framework design and implementation, internal security reviews, and security awareness programs
  • Due Diligence audits
  • Risk Mitigation planning, Vulnerability assessment
  • Compliance management for ISO 27001:2005, PCI DSS
  • Quality Management System (ISO 9001:2008)
  • Business Continuity Management (BS 25999-2:2007, ISO22301:2012)
  • IT Service Management System (ISO 20000-1:2005)

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content