1. Girish Dambal
Email : girishsdambal@gmail.com
Contact: +91 990017579
Executive Summary
Having 20 years IT experience in Information Security Process & Compliance for an about 100
Domestic Customers, also served as Technical Manager for UNIX and Messaging stream, Project
Transition and CISO.
Areas of Expertise:
• Risk Mitigation & Control
• Strategic IT Planning
• Technological Enhancements
• Quality Assurance
• Capacity Management
• Cost Management
• Project Management
• Audits and Compliance
• Issue Management
• Transition Management (Onboarding / Off boarding)
• Operation Management
Awards:
• Award of Excellence – Special Contribution 2012,
• IBM Bravo – Best Individual Contributor – Kick Off 2008
• Best Technical Support Engineer - Wipro Acer 1999
Professional Experience
Process & Compliance Manager, CISO Netsol IBM Nov’2014till date
Key Deliverables:
• Managing Security Compliance for an about 100 domestic customers which includes the following
(UID Management, Shared ID Management, Antivirus Management, File Permissions, Trivial
Password Management, Patch Management, Issue Management, Risk Management, World
Writable permissions, Complex Password Management)
• Define Policy, Process, Procedures, & Checklist and getting it regularized in the Organization /
Customer Environment.
• Ensured to conduct Risk Assessment and treatment as per the calendar.
• Perform Business Impact Analysis on critical business elements to ensure Business continuity.
• Design and implement DR solutions to address high availability for business-critical services.
• Front End (SPOC) customers & corporate internal & external audits.
Tower Manager for UNIX & Messaging & CISO Netsol IBM Jul’2004 to Nov’2014
Key Deliverables:
• Define Policy, Process, Procedures, & Checklist and getting it regularized in the Organization.
• Ensured to conduct Risk Assessment and treatment as per the calendar.
• Ensured the Vulnerability Assessment and Penetrating Testing conducted on entire IMC IT
Infrastructure which includes Firewalls, Routers, Switches, Windows, Linux, and Applications.
• Perform Business Impact Analysis on critical business elements to ensure Business continuity.
2. • Design and implement DR solutions to address high availability for business-critical services.
• Ensured to perform the OS Hardening on all IMC IT Infrastructure which includes Firewalls,
Routers, Switches, Windows, Linux, and Applications.
• Ensured Security deliverables delivered to customers inline agreed and signed SLA.
• Maintenance of IMC Information Security Management System which includes Plan, Scope, MR,
DR / BCP, Internal Audit and External Audits.
• Maintenance of IBM Inter Enterprise Services (IES) certification which mandates compliance of
all IT infrastructure with ITCS 104 / ITCS 300 standards.
• Ensured to keep Mixed Address Database (MAD) up to date for penetration testing which is being
done from Australia on weekly basis, took necessary actions for any notified vulnerabilities.
• Ensured CEP (Computer Environment Profile) maintained accurately all times for both IMC
Infrastructure and Customers managed infrastructure.
• Ensured IES certification calendar maintained on time which includes Process Review, ID
Management, Validation of Static IPs, Tape Reconciliation, Security health check, Local Scan,
Server / Hub Room Verification, Local ID password changes, Security system filter Rules Review,
Restoration Drill, Patch Management, Security attack Detection, Change Management, and
Review IMC Infrastructure details.
• Ensured User ID provisioning and revoke done in line with IBM Global Standards.
• Ensured IBM QEV / CBN conducted as per the ITCS Calendar.
• Ensured periodic security system rules reviews conducted and necessary actions taken as per
the ITCS Calendar.
• Ensured ISO 27001 Internal / External audits are conducted as per the audit calendar.
• Ensured every yearly IBM Inter Enterprise Services (IES) recertification completed on time.
• Ensured to conduct Information Security awareness session for all staff / 3rd parties.
• Ensured MRM conducted on time update top management on the Information Security
developments.
• Ensured BTMT database up-to-date for all IMC used business applications.
• Actively involved in IBM Business Control Reviews / Customer Audits, Ensured ITCS Compliance
to all iMC Servers, Sub Systems, and Network devices.
• SPOC for all iMC Risk Evaluations, Asset maintenance in MAD, CMAD exceptions and
application maintenance in BTMT.
• Evaluation of Netforesnsics, OSSIM (Open Source) and Arc Sight towards building a SoC in IMC.
• Heading (Tower Manager for UNIX & Messaging) a team of an about 40 L1 / L2 / L3 engineers
towards Remote Customer Services & Support.
• Delivered remote monitoring and management services on UNIX and Messaging platforms for an
about 60+ customers.
• Driving Knowledge transfer from transition / customers to steady state IMC for operations.
• Driving reverse Knowledge transfer during off boarding customer on technology & process.
• Plan, meeting customer on site, Collection of Inventory / Configuration, processes, tools,
concluding monitoring KPI’s, Escalation matrix, train team on deliverables as per SLA during the
absence of transition team and educate team on technology, process, and deliverables.
• Interview and Hire Resources for UNIX and Messaging resources.
• Weekly meetings with team and provide updates to management (Highlights & Lowlights).
Highlights:
• Handled major projects on Technical Service Support & Delivery / Transition / Information
Security.
• ISO 27001:2005 Upgradation to ISO 27001:2013.
• BS 7799:2002 Upgradation to ISO 27001:2005 and IBM IES certification in the organization.
• Involved in ITSM (BS 15000) Implementation previous version of ISO 20000.
• Provided the Linux solutions towards customer’s IT infrastructure Management in line with IBM
IES standards.
3. • Evaluation / PoC of SoC (Security Operating Center) tools such as Net forensics / OSSIM / Arc
Sight.
• Instrumental in maintaining the Information Security audit ready posture all the time.
• Instrumental in Building UNIX and Messaging competency in remote service delivery.
• Fine tuning of monitoring KPI on both UNIX & Messaging stream towards monitoring on both
NOCi & Tivoli.
• Front ended Customers Audits such as FIS, DPLI, FIAT etc
• Transition done for Bajaj Allianz, Plan, visit, discuss, takeover from Microland, hire staff in pune,
educated and deployed in steady state.
Technical Specialist Netsol IBM Mar’2004 – Jul’2004
Client: Philips Medical Systems
Key Deliverables:
• Managed the PMS System’s IT infrastructure operations with a team of 4 engineers.
• Administration and Maintenance of Windows 2000, Solaris, and Linux.
• Instrumental in driving the Patch Management Practice for entire PMS.
• Worked towards BS 7799 compliance requirements.
Highlights:
• Investigation / Recommendation / Successful implementation of GFI LAN Guard Scanner 5.0 in
PIC environment towards patch management and ensured assets are free from threats /
vulnerabilities.
• Consultancy Services to DTDC India Pvt Ltd, Bangalore on mail services by successfully routed
mails on Lotus Domino from Satyam to Premas and setting up squid on Linux to access internet.
Project Lead
Client: Nirvana Business Solutions Pvt Ltd Jun’03– Feb’04
Key Deliverables:
• Ensured 1st IPCC Project of Netsol delivered as per the defined / agreed SLA.
• Handling escalations and SPOC to drive all Cisco TAC cases.
• Technical Lead for Nirvana voice operations with a team of 10 multi skilled engineers (CCM &
ICM).
• Administration and maintenance of Cisco Call Manager.
• Deployed the MRTG to monitor Internet, leased line & IPCC Ver 4.5 Servers utilization.
• Weekly meetings with Nirvana management and provide updates on the development and
progress of the project.
Highlights:
• Investigation / Recommendation / Successful implementation of MRTG and Whatsup Gold to
monitor WAN and IPCC Servers utilization.
• Accountable for Nirvana customer on Voice services.
• Availability and Performance monitoring of IT infrastructure.
• Availability, Performance monitoring and notify stake holders; ensured for quick resolution during
any IPCC technical issues.
System Administrator / UNIX Administrator / Team Lead Netsol IBM April 2000- Jun 2003
Clients:
4. • Huawei Technologies India Pvt. Ltd., Bangalore
• Alcatel India Pvt. Ltd., Chennai
• Aztec Technologies India Pvt. Ltd., Bangalore
• Mantra Broadband India Pvt. Ltd., Bangalore
• Health Scribe India Pvt. Ltd., Bangalore
Customer Support Engineer RCS Technologies PVT Ltd June 1996- Jun 2003
Clients:
• Wipro InfoTech Ltd., Bangalore
• Vysya Bank Ltd., Bangalore
Customer Support Engineer Computers Wares Inc June 1995-April 1996
Clients:
• Computer Wears Inc., Dharwad
Monitoring Tools : IBM Tivoli, Netsol NOCi, HP Open view, Whatsup Gold, MRTG, Solar
Winds.
Audit / Security Tools : HP Manage X, Sniffer Pro1.0, Syslog, Tacacs+, Snort IDS & IPS
Management Tools : Ssh & Tsclient
Storage : Tandberg, IBM DS, Sun & HP
OS : Windows, UNIX ( Linux / Solaris / AIX / HP-Ux ), Novell NetWare 3. X
Hardware : RISC/CISC–IBM/DELL/HP, IBM P Series, Sun Netra
Applications : MS Exchange with collaboration tools such as OCS, Lotus Domino with
collaboration tools such as Same time, CP Range of Messaging
Products, Iptables, Squid, Postfix, Trend IWSS & IMSS, Syslog, Ntp,
Tacacs, MS Proxy & Surf Control range of products, OSIM / Net
forensics, Veritas NetBackup, Cisco Call Manager & Cisco Intelligence
Call Manager 4.5.
Certifications
• ISO 27001:2013 Lead Auditor from BSI India Pvt, Bangalore.
• ISO 20000 Implementer from BSI India Pvt, Bangalore.
• BS 7799 Implementer from BSI India Pvt, Bangalore.
• Information Technology Information Library Certification (ITIL) V 2.0 & 3.0 BSI India Pvt,
Bangalore.
• Critical Path Messaging and Directory Services Range of Products from Critical Path Inc,
Dublin, Ireland.
• ISO 9000 from Wipro InfoTech Ltd, Bangalore
• Sun Solaris – Level I from RCS Education, Bangalore.
• UNIX Engineering from CMS Computers Ltd., Bangalore.
• Novell Netware 3.11 and 3.12 from CMS Computers Ltd., Bangalore
5. Academics
• MBA in Systems & IT from ICFAI, Bangalore
• Diploma in Instrumentation Technology (IT) from Karnataka Technical Board