Pawankumar Gupta

I am writing to express my interest in opportunities within your esteemed organisation, where I can leverage my 17 years of extensive experience in IT Security Audit Management. Currently serving as the Manager of IT Security Audit at Ebrahim Khalil Kanoo in Bahrain, I have honed my skills in risk management, IT governance, and compliance, ensuring robust security postures across diverse IT environments. My expertise in conducting comprehensive audits and implementing security frameworks such as NIST and ISO 27001 has consistently driven improvements in cybersecurity measures.

Throughout my career, I have successfully led teams in assessing and enhancing the security of IT systems, managing vulnerability assessments, and developing remediation strategies. My proficiency with various security tools and methodologies, combined with a strong foundation in incident management and business resilience, positions me to effectively contribute to your organisation's objectives. I am particularly adept at collaborating with cross-functional teams to ensure that security policies align with business goals while maintaining compliance with industry standards.

I am eager to bring my strategic vision and leadership skills to a forward-thinking environment that values innovation and security. I am confident that my proactive approach to identifying risks and implementing best practices will be an asset to your team.

Thank you for considering my application. I look forward to the opportunity to discuss how my background and skills can contribute to your organisation's success.

Sincerely,

Pawankumar Gupta

Key Result Areas

• Evaluating the security posture of IT infrastructure systems, conducting risk assessments, continuous monitoring, report generation, remediation planning, ensuring compliance and IT governance. Contributing toward the third layer of defense in an organization.
• Developing and maintaining audit frameworks and methodologies in line with internal security policies and external regulatory compliance (NBB, CBB, PDPL Bahrain).
• Leading periodic audits for networks, servers, endpoints, business applications (Oracle, ERP, Salesforce), cloud security (AWS, Azure, O365), IoTs OTS and ICS systems, vendor assessments, new IT assets etc.
• Reviewing and updating the 3-year audit plan, defining the approach, scope, checklist and methodologies for audits.
• Reviewing the IT infrastructure policies and procedures for IT assets and business applications across the organizations.
• Conducting regular vulnerability assessments using tools like Tenable Nessus, Qualys, OpenVAS, and NMAP. Orchestrate in performing internal penetration testing on network devices, websites, web applications and cloud services.
• Continuously monitoring logs from tools like PAM, Cisco ISE, and firewalls, providing reports for immediate action.
• Incorporating frameworks such as NIST, COBIT, GDPR, and ISO 27001 into IT security policies to enhance cybersecurity posture and ensure compliance.
• Participating in BCP and DR testing, providing reports to senior management.
• Conducting baseline security scans of OS (Windows, Linux, Unix), apps, and databases (Oracle, SQL) following CIS Benchmarks.
• Reviewing firewall configurations semi-annually to ensure alignment with security policies and compliance.

Date of Birth: 6th December 1983 Languages Known: English, Hindi and Marathi Present Address: Manama Bahrain (Middle East) Permanent Address: Mumbai

• Regularly visiting data centers to assess physical and logical security procedures.
• Supporting internal audits and other departments with IT security-related requirements and the development of security policies.
• Providing quarterly and semi-annual reports to senior management, offering assurance on IT infrastructure and security measures.
• Leading the investigation of security incidents and breaches, working with relevant teams to ensure swift identification and resolution of issues.
• Identifying and implementing best practices for security audits to continually improve the audit process and methodology.
• Preparing and presenting audit reports to senior management and other stakeholders, highlighting security risks, vulnerabilities, and proposed remediation actions.
• Managing, guiding and mentoring the IT security audit team, fostering an environment of continuous improvement and professional growth.
• Collaborating with IT infrastructure, network, and security teams to ensure that audit recommendations are implemented effectively.

ACADEMIC DETAILS − Post Graduate Certificate Programme in Business Management (PGCPBM) from Indian Institute of Management (IIM) Kashipur 2024. − Master of Business Administration (MBA) from Periyar University 2023. − Post Graduate Diploma in Systems Management (PGDSM) from Mumbai Education Trust (MET) 2010. − Bachelor of Commerce (B.Com) from Mumbai University 2006.

TECHNICAL SKILLS − Vulnerability Tools: Tenable Nessus, Nexpose, Qualys, OpenVAS − Pen-Testing Tools: Metasploit, Burp Suite, Wireshark, Nmap, Zenmap, Nikto, SQLMap, Hydra, Autopsy, Hashcat, YARA, Snort, DNSRecon − Network Security: Tcpdump, TCP/IP, DNS, FTP, SAML, DHCP, OSPF, SNMP, SMTP, VPN IPsec, and SSL, Cisco ISE, Firewall Administration (Checkpoint, Cisco ASA, Sophos) − Database: Oracle Database, MySQL, Microsoft SQL Server − Operating Systems: Microsoft Windows 7, Win 8.1, Win 10, Win11, Win Server 2012, Win Server 2016, Win Server 2019, Linux, Unix, CentOS 7, macOS − Security Tools: Splunk, Qualys Guard, Tenable Nessus, IBM QRadar, SailPoint IAM, Lansweeper asset management, Firewall Analyzer, etc. − Web Security: OWASP Top 10, Burp suite, WPScan, WhatWeb, Recon-ng, Nikto, Zaproxy − Cloud Security: Oracle OIC, M365, AWS, Azure AD and IAM, Cisco SASE SDWAN