Naveen Kumar pal
Information Systems Auditor | Payment Card Security Implementor
Naveen has almost a decade of experience in the field of Information Security, with IT Governance, VA, PT and Risk & Compliance as core areas.
Naveen, presented the Importance of PCI|DSS & Forensic Analysis of Skype in International Conference held by OWASP & CSA.
He has experience in managing complete lifecycle of Security Implementation and consulting with different clients across various industries and domains.
Education and Certifications
- MS in cyber security & Cyber Law 2012
- CISA (Certified Information System Auditor)
- Certified Lead Auditor ISO 27001 By PECB
- CIPSI ( Certified Payment Card Security Implementor)
- Certified Acunetix Web Vulnerability Scanning Professional
- CE|H(Certified Ethical Hacker)
Industry and functional experience
- Banking
- Health
- Entertainment
- IT
- Insurance
- Payment Merchants
- Défense System
- Cyber Security
- Consulting
- Government Agency
Few Top Skills
- PCI DSS
- IT Risk Management
- Information Security Management
- IT Governance & Risk Compliance
- ISO 27001 Audit & Implementation
- Policy and Process Documentation
- Expert in VA PT
Relevant Project Experience
- Implementation, Consulting& Auditing for ISO 27001 for multiple clients in multiple domains.
- Implementation and Consulting for PCI|DSS for one of the biggest entertainment industry .
- Implementation and Consulting for BCP/ DR in Insurance sectors .
- Implementation and Consulting for security designed review for multiples clients .
- Responsible for drafting Information Security policies/procedures
- Performing gap assessment, risk assessment, implementing appropriate controls.
- Conducting business impact analysis (BIA), BCP centric risk assessment and threat modelling, implementing the preventive controls
- Devising recovery strategies and emergency response plan, drafting the BCP/DR – testing the BCP, training and awareness
- Worked on GRC Framework’s for automation of various process i.e. IT, Risk, Threat, Vulnerability, Policy, Compliance, Vendor etc..
- Designing KPI & KRI Metrics for the governance of an Organization
- Conducting training session over compliance related to ISO 27001, Infosec, PCI DSS
- Conducting Privacy impact assessments for new technology solution& platform
- Identify and Mitigate risks related to PII
- Evaluating privacy compliance checks for clients & with in organization.
- Reviewing the policies within origination and with the vendors.
- Responsible for drafting Information Security policies/procedures
- Performing gap assessment, risk assessment, implementing appropriate controls
- Vulnerability assessment and control implementation.
- Access Control Management Review (IAM)
