SAGAR RANE

Phone: +91 8975963426 [email protected] LinkedIn: www.linkedin.com/in/sagar-rane9

OBJECTIVE
Information Security & Cyber Security Specialist with over 10.9 years of experience in Third party Risk
Management (TPRM), SIG Risk Assessment, Threat modelling, Security Testing and Data privacy
including corporate security systems. Specialization in intrusion management and threat detection for API
systems and department of Defensive intensive training. An innovative & expertise in architectural security
review and writing threat scenarios for internal and external web applications. Primary focus on domain
includes the Technical 3rd Party Risk Assessment, Third Party Risk Implementation and Data Privacy

EDUCATION

Graduate Certificate in Information Technology at Feb 2017-March2018

University of Technology Sydney, Australia

• Secured Distinction in the Post-Graduation Studies

• Deep learning of all aspects with regards to Cyber security and phishing prevention.
• Studying the configuration management on Risk Modelling & Security Review.

Bachelors of Computer Engineering from Siddhant College of Engineering, Pune Maharashtra, India

• Secured First Class with Distinction in the bachelor’s Program. August 2011- May 2015
• Competence in computer programming languages: C/C++, Python and Java.
• Proficient in Cyber Security tools like Nmap, Metasploit & Wireshark.

S.N.B.P Jr.College, Pune, Maharashtra, India January 2009- February 2011

• Knowledge of Computer Science, Physics, Chemistry and Mathematics kept me endorsed that I
simply lose track of time while engrossed in solving any topic of it and as a result I secured first
class in 12th.

TECHNICAL SKILLS

• Third Party Risk Management, Change Management, Risk Compliance, TPRM Due Diligence.
• DLP solution Maintenance & Monitoring, Cyber Security Risk Management
• Security Component Design, Project Management, Stakeholder Management.
• Threat modelling using STRIDE, PASTA, CVSS, Attack Trees, Security Cards & HTMM
methodologies.
• Risk Analysis, Threat Analysis, Malware Analysis, Data Analytics
• Coding skills: Network Security (Cipher Algorithms, Symmetric Models, Rotor Machines).
• Core Knowledge of understanding architecture, administration and operating systems.
• Proficient in designing various network security firewalls for security attacks.
• Vulnerability remediation, strategically able to perform VAPT activities on networks, web servers
& Client Networks.
• Preparation of presentations and trends identified for reporting to senior management
• Hands on experience on Project Management tools and techniques
PROFESSIONAL EXPERIENCE

Information Security Technical Lead July 2021 - Present

At Wipro Technology Pune

• Working with Risk Officers and Stakeholders in conducting & executing the Risk Assessments for
internal applications & external Third Parties.
• Applying a broader knowledge of internal audit policies and practices, risk assessment methodologies
and current laws and regulations in order to facilitate the company’s Risk Assessment process.
• Assisting Directors, Managers and other Internal Audit team members to fully engage in the risk
assessment process and principles
• Assisting with implementation and execution of the end-to-end process for the annual global CIB
Compliance Risk Assessment (CRA) and Rules Mapping
• Working in the areas of internal controls, operational risk, and regulatory risk management
• Providing meaningful Information Security metrics, which include identifying historical trends, areas
of risks/gaps, violations and/or improvements.
• Maintained the risk register database to ensure accurate risk data and reporting.
• Assisting IT functional management to identify, assess and document risks to the IT environment
• Analyzing IT control environment of vendors providing various IT services to the bank.
• Participate in initiatives to improve Risk Assessment processes and tools across the company
• Analyzing network infrastructure change requests and raising potential risk issues

Authorized Officer - Risk Advisory

At UBS Business Solutions India Pvt.Ltd May 2020 – June 2021

• To understand the application architecture thoroughly and gathering information about its all
connectivity, databases and perform security review.
• Information Security Policy Management – Supports the development and maintenance of corporate
Information Security related policies and procedure Network/Perimeter security.
• Tracks, coordinates, and resolves issues identified in and related control, compliance, or risk work.
• Monitor Access Management activities to ensure segregation of duties.
• Manages information systems security, including disaster recovery, software development and
database protection.
• Reviewing and recommend for design of technical security upgrades based on counter-threat plans,
technical security policies and physical security.
• Documents risk analysis and controls and evaluates control design and continuous control
improvement IT Control testing/development.
• Monitoring of computing platform compliance with security policies and directives.
• Assisting stakeholders with recommendations to address key control deficiencies.
• Contributing to the teams’ continuous improvement efforts.
• Maintaining familiarity with industry trends and security best practices.
• Evaluating management responses to ensure remediation tasks adequately address identified gaps.
• Conducting information security assessment of information systems as per our methodology
• Perform Security Risk Assessment for various business areas such as Retail Banking & Wealth
Management, Commercial Banking, and Global Banking & Markets.
• Providing subject matter expertise in IT Risk Management; leading trainings and awareness
presentations.
Cyber Security Risk Advisory
At Deloitte Touche Tohmatsu India LLP Pune July 2019 – May 2020
TPRM Threat modelling application review & Security Testing
• Assist developers, analysts, and designers in conceptualizing and developing new Security for
programs and applications
• Works closely with the Database Architects and Database Administrators (DBA’s) to establish
Security guidelines and best practices
• Manage security risk software vendor relationship to improve use of automated security risk
assessment tools
• Build relationships with corporate wide business unit personnel, third parties providing support to
HPHC, and information operations personnel
• This position synthesizes data and information to create reports, manuals, and procedures and
presentations of varying levels of complexity
• Work with OIS leadership to establish and document security risk assessments
• Keeps users informed by preparing performance reports; communicating system status
• Performed Risk Analysis Security Testing and understanding system requirements which adheres the
Test case preparation and execution, Functional testing, Regression testing, Integration Testing,
Usability Testing
• Track issue records and reporting by Using bug tracking tool, Preparing Bug Matrix. Types of Testing
performed: Manual Testing, UI Testing, Integration Testing, Regression Testing, Black Box Testing,
Localization Testing, and Hoffman Box Testing. Tested web applications for flaws like Cross site
scripting (XSS), SQL injection, HTTP response splitting, Link injections, URL redirection, cookie.
Role: Assistant Manager

Responsibilities:

• Identifying comprehensive target set of compliance data for users across teams
• Monitoring and evaluating compliance data and information collected in support of
activities and initiatives
• Supporting of KPIs/KRIs which are currently used across businesses/regions to build one
set of metrics
• Consolidate data from businesses and testing teams to build monthly reporting package
• Review reports to identify trends and key risk areas
• Preparation of presentations and trends identified for reporting to senior management
• Identifying additional metrics to be included in reporting packages
• Developed and implemented the next-level down risk management processes (process-
level, asset-level, etc.), including embedding risk assessments into existing capabilities
(architecture reviews, secure design and development, etc. Performed End to End Security
Review of applications.
• Developed and articulated the vision, strategy, and direction of the information security risk
program.
• Worked proactively with the IT compliance function regarding key information security
risk considerations.
Cyber Security Risk Advisory
At Ernst & Young Pvt Ltd Pune

Project Name: TPRM Threat modelling application review at Client Location. 2018 – 2019

Project Description: Engage with internal and external stakeholders to maintain complete awareness,
expertise and governance of all Boeing Information Security policies and standards including the
Government prescribed directives and controls.

• Partner with internal IT services providers to ensure compliance with IT security requirements
• Manage the operations of the perimeter security devices and the perimeter security infrastructure
• Evaluate information security risks and develop corrective action plans as required
• Provide compliance and audit support, communicating compliance status to internal stakeholders
• Contribute to service improvement activities within the IT organization
• Support long range business planning in conjunction with other IT stakeholder
• Provide guidance on IT security issues to internal and external stakeholders

Role: Associate Consultant Risk Advisory

Responsibilities:

• Develop, manage and improve security processes

• Knowledge of incident and problem management frameworks (eg NIST, ITIL)
• Manage process for reviewing security for CEB vendors and other third-party service providers
• Perform monitoring of SOX compliance for application access and provide monthly reporting
• Providing third level support to the Identity & Access Management team
• Providing meaningful Information Security metrics, which include identifying historical trends,
areas of risks/gaps, violations and/or improvements
• Write threat scenarios about the application architecture.
• Performing end to end security review of applications
• To understand the application architecture thoroughly and gathering information about its
all connectivity, databases and perform security review.
• Provide mitigations to the application team and help them in understanding
application architecture from security perspective.

Cyber Security Intern

At EY Sydney Australia May 2017- March 2018

• Responsible for undertaking daily operational service monitoring activities over the Security
Services Infrastructure.
• Health care Services project was undertaken and I was responsible for all the SIEM procedures.
• Lead and develop a team of Security Analysts.
• Working with multiple clients on Real time threat management using SIEM and solutions.
• Real Time Log analysis from different network devices such as Firewalls, IDS, IPS, Operating
Systems like Windows, UNIX, Proxy Servers, Windows Servers, System Application, Databases,
Web Servers and Networking Devices.
• Comprehensive knowledge on IPS/IDS, Malwares and intrusion detection.
• Performs real-time monitoring, security incident handling, investigation, analysis, reporting and
escalations of security events from multiple log sources.
 • Firewall administration & change management
• Mastery of information systems security principles, concepts, and methods, and knowledge of the
total infrastructure protection environment to integrate information systems security with other
security disciplines
• Executed regular vulnerability assessments, report the findings and drive the remediation

Key Achievements: Successfully bypassed various security breaches and designed them to improve
more along for security purpose involving Symmetric Cipher Models along with Substitution
techniques.

Linux Administrator& Cyber Security Analyst At Anand Wire Ltd Pune 2016 -2017

• Identifying vulnerabilities of the Internet and Intranet facing applications for

British Telecommunications.
Tested web applications for flaws like Cross site scripting (XSS), SQL injection,
HTTP response splitting, Link injections, URL redirection, cookie manipulation etc.
• Responsible for maintaining the datasets from Datawarehouse using MYSQL/SQL.
• Handling OLTP queries into Oracle 10g Database.
• Monitoring the system and carrying out the maintenance for Databases.
• Responsible for installing, configuring and maintaining the Linux servers and workstations.
• Perform regular security monitoring to identify any possible intrusions.
• Perform daily backup operations, ensuring all required file systems and system data
are successfully backed up to the appropriate media, recovery tapes or disks are
created, and media is recycled and sent off site as necessary.

Key Achievements: Successfully created Hadoop cluster gaining access to each node by distributed
Hadoop File Systems and performing query operations for the databases.

Network &Information Security Admin

At OmVenkatesh Engineering Pune April 2013 –June 2016

• IT security specialist with a passion and talent for aligning security architecture, plans, controls,
processes, policies and procedures with security standards and operational goals.
• Project leader with proven experience directing all phases of complex projects while managing,
motivating and mentoring global team members.
• Extensive experience developing and testing security architectures of cloud-based systems.

Key Achievements: Successfully developed the front-end application using JSP, Servlets and
Custom tag libraries where user can enter the input data for business logic.

Software Engineer Internship July 2011 – May 2012

At S’Cube Enterprise Pune

• Plan and implement data analyses and reporting projects of varying degrees of complexity using a
variety of databases and software
• Develop and produce reports of varying technical complexity. The Senior IT Security Specialist
confers with users to determine problems, resolutions, and requirements
 • Gather facts, analyze data, and prepare synopsis comparing alternatives in terms of cost, time,
availability of tools and personnel, and recommend a course of action
• Demonstrated oral and written communication skills in the preparation and presentation of security
concept or evaluation documents; preparation of clear requirements documentation, user and
system manuals, test cases, or other technical documents

CORE SKILLS

Cyber Security Skills

• Strong attention to detail, analytical skills, ability to multi-task, and ability to work both
independently as well as part of an assessment team
• Demonstrated outstanding level of professionalism in providing management support, including
ability to exercise good judgment, discretion, tact and diplomacy
• Strong conceptual thinking ability
• Proven Technical expertise, at least 9 years in Information Technology and 2 years on Security
products with hands-on experience on - System management (Linux, Windows, Unix-like) and
networking knowledge (TCP/IP networking protocol)
• Strong analytical, problem-solving and decision-making capabilities with the ability to analyze
situations, identify existing or potential problems and recommend solutions
• Knowledge of Vulnerability Scanning Solutions - Nessus or Qualys
• Knowledge of IT Security principles, techniques and technologies (including IDS/IPS, Firewalls,
Vulnerability Management, Pen Testing
• A dynamic profile, a result-oriented approach to work and an ability to motivate others to deliver
results

Network Security Skills

• Access control
• Antivirus and antimalware software
• Data loss prevention
• Email security
• Firewalls
• SIEM - Security information and event management
• Web Security
EXTRA-CURRICULAR ACTIVITIES

CERTIFICATIONS

• CEH – Certified Ethical Hacker

• CISSP- Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor
• CCSP – Certified Cloud Security Professional
• OWASP – Certified
• Oracle Cloud Infrastructure Associate Certified

Ethical hacking workshop at Pune University

• The main Goal of this workshop was too aware the people about the security threats and
how privacy is important in maintaining the confidential data in a secured manner.
• Workshop was arranged at the University Level including 9 days seminar in Siddhant
College of Engineering Pune.

Freelancing as Junior Python Developer

• Developed Python based API (RESTful Web Service) to track sales and
perform sales analysis using Flask, SQL and PostgreSQL.
• Developed and designed an API (Restful Web Service) for the company’s website.
• Maintained customers relationship management databases (MySQL / PostgreSQL)
• Managed company’s virtual servers at Amazon EC2, S3.

Project Team Leader at Pune University

• Successfully implemented the task as a project leader which was based on Advance Search
Engine Optimization which made the server side and the client side easy for searching various
online queries, with the help of Big Data Technology using the Hadoop Framework, resulted in
saving space complexity for the administrator and saving the time complexity for the client.

Sports Achievements

• Appointed as National Level Volleyball Team Captain for Pune University, India.
• 2 times sprint runner winner at State Level.
• Cricket captain at District Level by winning the runner-up trophy.
• Determination activities (running, swimming, cycling, climbing, etc.)

REFEREES
Available upon request