Subrata Sarker

Led IT Security Analyst (A Reputed CII of GoB)

Subrata Sarker
লার্নার

80

কোর্স

2

চলমান ব্যাচ

0

 

Professional Profile

Strategic Information Security professional with over a decade of experience in IT Audit, Cybersecurity Governance, and Risk Management. Certified Information Systems Auditor (CISA) with a deep understanding of securing complex financial systems and digital infrastructures. Expert at identifying systemic vulnerabilities and implementing enterprise-level security frameworks to ensure business continuity and regulatory compliance.

Core Security Competencies

Domain Expertise
Audit & Assurance IT General Controls (ITGC), SOC1/SOC2 Readiness, System Integrity Audits.
Governance & Risk ISO 27001, NIST Cybersecurity Framework, COBIT 2019, Risk Assessment (OCTAVE, FAIR).
Cyber Defense Vulnerability Assessment, Penetration Testing Management, IAM (Identity & Access Management).
Compliance Data Privacy (GDPR), Financial Regulations (PCI-DSS), Local Banking Security Standards.
Cloud Security Securing Shared Responsibility Models in AWS/Azure, Cloud Governance.

IT Security Experience Highlights

Information Security Auditing

  • Internal Controls: Leads end-to-end audits of IT infrastructure, focusing on network security, database integrity, and application-level controls.

  • Vulnerability Management: Oversees regular vulnerability scans and coordinates with technical teams to prioritize and remediate critical security gaps.

  • Third-Party Risk Management: Evaluates the security posture of vendors and service providers to prevent supply chain attacks.

Cybersecurity Strategy & GRC

  • Policy Development: Drafted and implemented comprehensive Information Security Policies (ISP) that align technical operations with corporate risk appetite.

  • Security Awareness: Developed training programs to reduce human-centric risks like phishing and social engineering.

  • Incident Response: Plays a key role in developing Computer Security Incident Response Teams (CSIRT) and testing Disaster Recovery (DR) protocols.

Technical Toolkit

  • Security Tools: Nessus, Wireshark, Metasploit, Splunk (SIEM).

  • Frameworks: ISO/IEC 27001, NIST SP 800-53, ISACA IT Audit Standards.

  • Operating Systems: Hardening of Windows Server and Linux environments.

  • Networking: Firewall Management (Palo Alto, Fortinet), VPN Security, and Zero Trust Architecture.

Certifications

  • CISA (Certified Information Systems Auditor)

  • CISM (Certified Information Security Manager)

  • CEH (Certified Ethical Hacker)

  • CSA (Certified SOC Analyst)

  • CASA (Certified API Security Analyst)

  • CSCU (Certified Secure Computer User)

  • CCNA (Routing and Switching)