Dhruv Pandya

 

I am an Information Security Professional with Masters in Computer Science and a Bachelors of Engineering in Computer Engineering. I believe learning is a perennial process. My Skills include Identity and Access Management (IAM), Threat protection and response (TP), Triage and Incedent Response(IR), security information and event management (SIEM), user and entity behaviour analytics (UEBA), point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing. Also, I have strong understanding of of ISO27001, SOC, HIPPA, PCI which includes internal and external third party assessments – specifications for a framework of policies and procedures. It involves all legal, physical and technical controls involved in an organization’s risk management.

I currently work at J.D. Power as Senior Manager, Information Security. Please feel free to contact me in case of employment or business opportunities.

Experience

Senior Manager, Information Security

J.D.Power, Westlake Village, CA.

Responsible for managing the information security function at J.D. Power to enable and support business growth.

• Creating, driving, and managing the information security strategies. 
• Manage Security Operations and Compliance teams.
• Be an integral part of major projects with security implications to advise the business and technology staff as well as key stakeholders on critical security matters.
• Responsible for information policy development and oversight including annual review and enforcement.
• Manage the client risk assessment requests and on-site audits of security controls and practices.
• Identify critical information assets and assess the risks associated with data management practices. Maintain updated data flow diagrams to address data protection risks.
• Develop, update, and implement the security incident response plan. Document all activities during an incident and provide leadership with status updates during the incident life cycle.
• Effectively communicate with users, management, customers, and vendors with information security related matters / audits / regulatory requirements / policies, etc.
• Prepare management presentation reports including security metrics.
• Serve as a focal point of contact for the information security team for the organization and communicate information security goals and programs with the organization.
• Perform contract reviews, evaluate, and communicate risks related to Information Security. 
• Assist the business with Request for Information and Proposal (RFI and RFP) responses related to security.
• Support IT system owners with Disaster Recovery and Business Continuity Planning and testing. Maintain DRP/BCP documentation for all major IT areas.
• Works closely with other teams such as the JD Power technology teams, as well as third party security service providers to help achieve the desired security goals and objectives.
• Monitor the threat landscape and effectively manage vulnerabilities.

October 2021 - Present

Information Security Specialist

J.D.Power, Westlake Village, CA.

• Identified vulnerabilities, gaps and strategize and the initiatives for the gap remediation.
• Designed and implemented monitoring strategy for the different monitoring tools like Security Incident Event Management (SIEM), Email Gateway, Intrusion Detection System (IDS) /Intrusion Prevention System (IPS), Endpoint Security Forensics. ( Alert Logic for AWS, Proofpoint Technologies for email security, Symantec Endpoint protection, Symantec IDS,IPS).
• Curate and develop a Domain-based Message Authentication Reporting and Conformance (DMARC) to strengthen the email security.
• Being a primary support for the client request for information (RFI)/ Vendor assessment, inquiring about information security.
• Analyze the incoming threat/ alert patterns and perform triage to remediate the findings.
• Conduct Vendor risk assessments for compliance based on ISO 27001/27002, SOC, PCI, SANS, CCPA, GDPR.
• Conduct successful internal and external audits for achieving and maintaining compliance for the organizations.
• Administrator for Email Security Gateway, Targeted attack protection, helping to ensure the email security.
• Security Incident response analysis and reporting.
• Create and edit information security and data protection policies as per ISO 27001/27002 standards and ensure the compliance.
• Served as a single senior security resource for 6 global offices leading with influence.
• Successfully lead and managed the effort for achieving SOC2 Compliance for the organization.
• Work with managed service provider to ensure the Service level agreement achieved.
• Focused area of work also includes Information Risk Management (Data Security, Endpoint Security, Record Retention, Data Privacy, Identity and Access Management, etc).

July-2018 - September 2021

Information Technology Volunteer

Turning Point Foundation, Ventura, CA

• Aiding the Nonprofit Foundation with an inhouse system security audit.
• Developing and Implementing strategy for the Identity management of users.
• Analyzing the vendor requests and quotations for the current services.
• Layout a plan to upgrade the infrastructure to AWS.
• Develop Payroll application and a user database.

January 2018 - July 2018

IT InFRASTRUCTURE STUDENT ASSISTANT

TECHNOLOGY and Innovation, CSU Channel Islands, Camarillo, CA

• Involved in installation and maintenance of network infrastructure equipment,CISCO and Alcatel-Lucent network switches.
• Strict implementation of California state rules for network infrastructure installation.
• Installtion and pulling of over 3500 feet of CAT5e/6 cable.
• Installation and maintenance of campus VoIP and emergency analog network equipment.
• Customise and update Nagios Server maintenance dashboard for the the server administrator.
• Installation , maintenance and management of Pharos printing for campus wide printers.

September 2015 - October 2017

Computer Science Tutor

Learning Resource Center, CSU Channel ISlands, Camarillo, CA

Resposnlible for one to one turtoring for Graduate Tutor for the following subjects:

• Intro Comp Programming (Comp 105), Object- Orient Programming (Comp 150), Data Structure & Program Design (Comp 151), Comp Arch & Assembly Lang (Comp 162),Software Eng (Comp 350), Operating System (Comp 362), Databases (Comp 420), Discrete Math for IT (Math 301).

August 2016 - May 2017

IT Department Student Intern

Madhya Gujarat Vij Company Limited, Vadodara,Gujarat,India

Trained on Oracle ERP E-Urja And Functioning of Data Collected in real time
on Linux based servers ,Regional Level MIS Study, Siemens SCADA
Functioning, Practical Study of Company Network Infrastructure at
State Level.

June 2013 - July 2013

 

Education

California State University, Channel Islands

Master of Science
Computer Science - Information Security

GPA: 3.641

August 2015- December 2017

Savitribai Phule University of Pune,India

Bachelor of Engineering
Computer Engineering

GPA: 3.0

October 2008- July 2014

Skills

Programming Languages & Tools
Infosec and tools
  • • Exploit techniques and bugs, such as Stack/Heap Buffer Overflows,Use After Free(UAF), SQL Injection, Man In The Middle(MITM), DDOS.
  • • Tools : ENCASE, FTK,Kali,Metasploit, Burp Suite, Nmap.
  • • Protocols: NAC,BGP, TCP/IP and other layer 2 and layer 3 protocols/technologies.
  • • Agile Development & Scrum.

Interests

Apart from being an Information Security Professional, I enjoy most of my time being outdoors. I am Blessed to be in California with a dream of visiting every US National Park and explore the Country. But here in Southern California, I enjoy sunny beaches, Hiking and Biking .

When forced indoors, I follow a number of sci-fi and fantasy genre movies and television shows, I am an aspiring chef, and I spend a large amount of my free time studying the latest technology advancements in the world information security.

Awards & Certifications