Suraj Kumar

Information Assurance | Security Consulting | CISM | CISA | CISSP | VAPT | CEH | ECSA | LPT | OSCP | ISO 27001:2013 LA | FSCA | CSSA

I have specialized in information and cybersecurity policy writing, IT security risk, IT audit and compliance with 14 years of experience, and proven ISO[removed]Lead Implementation practice. I can help organizations with ISO 27001, SOC 2, or other compliance framework preparation, implementation, creating and updating policies, and procedures. If your company need to update its policies and procedures or need to create new ones for: - a due diligence process/RFP security questioner, - you want to be compliant for regulatory reasons PCI-DSS, GDPR, CCPA - you are aiming at security certification ISO 27001, SOC 2, HITURST CSF, HIPAA IRAP, FEDRAM, GDPR, - you just would like to level up your maturity in the security domain - simply just would like to consult and get informed of security best practices and need professional advice.

Please don't hesitate to contact me!

My knowledge, experience, and skill can help you to achieve your goal and succeed! Please click on the Invite to Job button, and let's talk! Over 14 years, I gained knowledge on both sides of the table: Governance, Risk, and Compliance GRC and security operation, implementation, engineering.

My skills in Information IT and Cybersecurity includes: - Information Security Policies based on NIST guidelines or ISO[removed]including Incident Response Plan, Acceptable Use, Encryption Policy, Risk management, Audit logging and monitoring policy, User account and access management, Asset management, Data Classification, Change Management, Vulnerability and patch management, Asset Disposal, Third-party Management, Security Configuration, and many more. - Business Continuity Planning and Disaster Recovery Planning BCP, DRP - investigating cyber and information security incidents, - Policy reviews, GAP analysis, - IT audit - Risk assessment, - Evaluation of operation/technology/procedure against current industry best practices or regulatory requirements. - Information security awareness training and training material - Compliance specific training GDPR, SOC2, NIST. RISK management


I have the following certifications: CISM, CISSP, CISA, PMP project management, Microsoft, Azure, EC Council, Forescout, Checkpoint, Soniwall, Attivo Networks, RedHat, etc. I'm familiar I'm actively working with them on a day to day basis with the following compliance and security frameworks: ISO 27001, SOC 2 TSC, NIST CSF, GDPR, NIST[removed], ISF SoGP, SANS, HIPPA, HITECH. HITRUST CSF, PCI-DSS You can keep ease of mind after we have agreed on the tasks, with more than 14 years of security industry experience independent operation is guaranteed. All the work is completed by myself; therefore focus and attention to your project are guaranteed.