Gautam has over 12 years of experience in designing, implementing and auditing risk-driven IT controls based on COBIT, ITIL and ISO 27001 for clients across telecommunications, oil and gas, banking, and manufacturing industries. He has assisted clients in responding to business environments and aligning their IT strategies to the business objectives and strategies. He has leveraged standards such as Zachman Framework and TOGAF to design and deliver IT Architectures responding to client needs. Further, he has carried out several implementation and internal control assessment reviews for clients based in India and the Middle East region.

He is an ISACA member in good standing for more than 6 years and has been a speaker on IT Governance and Business Continuity at forums such as ISACA and IDC.  

 

Areas of Practice

Industry Lines

IT Governance

Telecommunications

IT Strategy Consulting

Oil and Gas

IS Audit, Risk and Controls

Banking and Financial Services

Business Continuity Management

 

Information Security Consulting

 

 

Standards, Best Practices, Frameworks and Tools

COBIT, ISO 38500

ISO 27001

Zachman Framework, TOGAF

OCTAVE, CRAMM

BS 25999, PAS 77 and others

ITIL, ISO 20000

PMI – PMBOK

SABSA

SDLC, Unified Processes, UML

 

 

Certifications and Education

Certified Information Security Manager (CISM)

June 2008

Certified BS 7799 Lead Auditor (BSI India)

June 2005

Certified information Systems Auditor (CISA)

June 2003

Post Graduate Diploma in Software Technology Management

January 2000

Bachelor of Engineering (AMIETE)

June 1998

 

Professional Memberships

Member - ISACA (USA)

Life Member – IETE India

 


Recent Project Highlights

Information Systems Architecture

Client

Large oil refining company in Kuwait

Team Size

8

Project Role

Project Consultant

Brief Description

The client required development of a target IT Architecture for the future aligning with current and foreseeable business developments and considering computing trends and technologies such as Green IT, Cloud Computing, Virtualization Web 2.0 and others. As a senior team member, Gautam was involved throughout the project.

He helped the client’s IT Management to develop an IT Strategy aligned with the business environment. He and his team-mates further developed the IT Architecture at various levels including IT Services, Data, Applications and Infrastructure Technology to deliver on the IT Strategy. In this the team extensively used COBIT, Zachman Framework, TOGAF and ITIL guidance.

He proposed and designed an IT Services view aligned with ITIL and COBIT. The team developed this further into the Data and Applications architecture adopting required concepts from available SOA guidance. Finally an infrastructure technology model was designed adopting consolidation and virtualization concepts at server, storage and network level. These concepts were all developed into workable solution models based on technology from various vendors such as Sun, Cisco, Oracle and others. For instance the usage of Sun Zones, LDOM or Cisco SONA was considered. At various stages Gautam sought and obtained specialist expertise from his team members and from relevant vendors.

Finally Gautam designed an Architecture Governance model based on TOGAF and COBIT. The model consisted of the organizational structures and required processes to manage and maintain the developed IT Architecture.

 

 

 

COBIT Consultancy for a Bank

Client

Leading Bank in Kuwait

Project Role

Consultant – COBIT Implementation

Brief Description

The IT department of a leading bank had embarked on a COBIT implementation project in the previous year (2007-08). Gautam performed an as-is review of the IT Governance artifacts, progress records and an Internal Audit Report on the COBIT implementation. He advised the CIO and the IT Governance Manager on developing a way forward for the implementation.

Some key recommendations included focus on the business goals and drivers, agreement on outcome measures as advised by COBIT and potential roadmap for the current period including some quick wins and some fundamental building blocks. The consulting engagement and its output provided through the discussion meeting were specifically appreciated by the CIO.

 

 

IT Strategy Development

Client

Upstream oil company in Kuwait having overseas operations

Project Role

IT Strategy Consultant

Brief Description

For an upstream oil exploration company having operations in multiple countries in the Middle east and Asia Pacific, Gautam assisted the IT Management in designing and adopting an IT Strategy. For the project he reviewed the business goals, vision and strategy of the company and assisted the organization to develop their IT goals aligned with the defined business directions.

He leveraged the guidance from COBIT and other standards to assist the organization develop its strategy comprehensively covering the development of its existing and future IT assets and developing short term and long term plans for the IT organization. This project was delivered in alignment with two other projects for the same client to develop the IT Security Policy (ISO 27001) and to develop the Business Continuity Management (using BS 25999 and PAS 77) strategy for he organization.

 

 

Business Continuity Management

Client

National Oil Company in Kuwait

Team Size

8

Project Role

BCM Practice Manager

Brief Description

 

Gautam was part of a multi–faceted Protiviti team – consisting of nationals from 5 countries including USA – that assisted the National Oil company in Kuwait and 11 of its subsidiaries develop their BCM Strategy.

Gautam and the team extensively leveraged guidance from BS 25999, COBIT and other standards to plan and conduct IT Risk Assessment and Business Impact Analysis. Based on the result of the RA and BIA IT recovery requirements were determined across all the companies.

A consolidated BCM strategy including alternate disaster recovery sites, application redundancy and recovery options and data replication option was designed. The design was extensively discussed and analyzed within the Protiviti team and presented to the client. While Gautam delivered value through his knowledge of BS 25999 and COBIT and participated throughout the project, the overall BCM strategy was a collective team effort leveraging the best skills from Protiviti.

Gautam also developed and published the Governance and Policy structures that were required by the client to deploy, manage and operate the BCM Strategy recommended by Protiviti.

 

 

 

IT Internal Audit Management

Client

Large Telecom Operator in Middle East and Africa

Team Size

6

Project Role

IT Audit Manager

Brief Description

Managed the internal IT audit team planning and delivering IT audits across multiple countries in the Middle East (Kuwait, Bahrain, Jordan, Lebanon) and Africa (Sudan, Kenya). As a project leader he planned the annual risk-driven audit plans across these countries and managed a team of IT auditors across the plan schedule for nearly 3 years.

He conducted security and controls reviews including IT Management, IT Governance using COBIT and Change controls, Logical Access controls of the core billing application, Operating system and database controls and interface controls between the core application and Oracle Financials system. He also assisted the client through conducting ISO 27001 surveillance audits to help the client retain its ISO 27001 certification.

 

 

Information Security Consultant

Client

Largest telecom Operator in the KSA

Project Role

Information Security Consultant

Brief Description

Gautam worked with the Information Security planning team to review the Information Security policies and presented the gap analysis reports vis-à-vis the BS7799 certification readiness status.

He identified gaps in the policy framework and selected mitigating controls using BS7799, COBIT, ITIL and NIST security guidelines. He assisted the company to review the COBIT Security baseline and assimilate the gains into its security policy framework.

 


Chronological CV

Senior Manager – Technology Risk Services

Protiviti Member Firm (Middle East) Limited, Kuwait

From

October 2008 to Current

October 2007 to September 2008 (as Manager)

 

Supervisor – IT Audit and Consulting

Moore Stephens International Al Nisf and Partners, Kuwait

This company merged into Protiviti Member Firm (see above) after September 2007.

From

September  2005 to September 2007

 

Principal Consultant, Assistant Manager

SIFY, India (SafeScrypt and SIFY Assure Strategic Business Units)

From

January 2004 to July 2005

 

Entrepreneur and Consultant

SecureInfo, India

From

September 2002 to December 2003

 

Security Software Engineer

Internet Trends (India) Pvt. Ltd.

From

February 2000 to September 2002

 

Research Assistant

National Center For Software Technology (now CDAC) India

From

August 1998 to January 2000

 

 

Personal Details

Permanent Address

5-A, Onkar Society, Amboli, Andheri (west), Mumbai 400058

INDIA.

Current Location

Salmiya, Kuwait

LinkedIN Profile

http://www.linkedin.com/in/gsarnaik

Email ID

gautam<dot>msil<AT>gmail<dot>com

Date of Birth

09 July 1974

Marital Status

Married