Information security consultant, 16 years experience in different business domains. Expertise included in Security Governance, Strategy, Policies and Standards, Technology Risk Assessment, Security Architecture consulting, Application Security, Incident Management, Network security, PCI–DSS (Payment card Industry- Data security standards) control implementation and consultation, SoX , HIPPA, FFIEC, DPA etc regulatory control assessments, Vendor security due diligence , vulnerability assessment and Penetration testing (ethical hacking). Extensively used COBIT and COSO frameworks to design information security management systems.