Santosh Chachar
Verified Expert in Engineering
Information Security Developer
Pune, Maharashtra, India
Toptal member since October 19, 2022
Santosh is a seasoned information security professional with two decades of experience handling technical, business, legal, and regulatory aspects across cloud, network, systems, and application security. He has led organizations to comply with standards and regulations like ISO 27001, SOC 2, GDPR, CCPA, and HIPAA while working with various stakeholders and business units. Santosh is a CISSP, CEH, CCIO, and RHCE-certified professional with a diploma in internet crime investigation.
Portfolio
Experience
Availability
Preferred Environment
Linux, Amazon Web Services (AWS), Cloud Security, ISO 27001, Jira, Application Security, SOC 2, GDPR, Data Privacy, DevSecOps
The most amazing...
...projects I've delivered involved implementing information security management systems compliant with ISO 27001:2013 and with GDPR regulatory requirements.
Work Experience
Senior Program Manager | Information Security
SaaS Product Organization | Video Streaming Analytics
- Implemented the information security management system and achieved ISO 27001 certification by working with all the organization's departments.
- Established the third-party risk management plan, which included policies, multi-team workflows, processes, and automation with OneTrust.
- Developed and delivered the secure SDLC program, which included the following modules: developer training, secure design and coding guidelines, secrets scanning, security testing with SAST and DAST, penetrating testing, and security monitoring.
Principal Manager | Information Security
SaaS Product Organization | Meeting Automation
- Led the organization to meet the GDPR regulatory requirements and SOC 2 attestation objectives by collaborating with DevOps, IT, development, QA, and HR teams.
- Drove external penetration tests, third-party vendor assessments, pre-sales support for security and privacy, and data processing agreement reviews.
- Partnered with the legal, sales, and marketing departments for customer contracts, security negotiations, and data privacy matters.
Information Security Manager
SaaS Product Organization | In-app Customer Support Platform
- Served as a subject matter expert, providing advice to external and internal customers regarding security measures, risks, and business impact.
- Implemented GDPR and privacy compliance requirements and privacy shield certification from scratch.
- Developed the information security program, including policies, standards, and guidelines relevant to ISO 27001, ISO 27017, and ISO 27018.
IT and Security Manager
gslab
- Drove the implementation of ISO 27001 certification and HIPAA regulatory requirements for the SaaS business units collaborating with various corporate services.
- Performed vulnerability assessment and penetration testing (VAPT) on applications, networks, systems, and cloud environments.
- Rolled-out Wi-Fi security and secured remote access over SSL and IPSec VPN with multi-factor authentication (MFA).
- Prepared business continuity and disaster recovery plans, coordinating with all the organization's business units.
Technical Leader
Atos
- Led technical escalations of Linux support teams handling large server environments of the customer spread across Europe.
- Managed server hardening and baseline, Red Hat Cluster administration, and patching.
- Handled incident management, problem management, and change management plans.
System Engineer
Emptoris (now IBM)
- Managed Linux servers and 3-tier applications, hosting critical production environments.
- Analyzed and optimized shell scripts for the automation of routine tasks.
- Investigated Linux server performance, integration, and configuration issues.
Senior Member of the Technical Staff
gslab
- Deployed and maintained Linux-based firewalls, routers, VPN servers, DNS servers, and web servers.
- Rolled-out UTM firewalls, central antivirus, and HP Procurve VLAN switches.
- Deployed and upgraded open-source solutions for DNS, VPN, backup, email security like Spam Assassin, antivirus like ClamAV, and virtualization technologies.
Experience
ISO 27001:2013 Certification
GDPR Data Privacy Compliance
SIEM Deployment
• Installed and configured the AlienVault open-source SIEM
• Integrated network and endpoint security devices and servers with the SIEM.
• Trained the IT operations teams on day-to-day administration, integrating additional servers and equipment and adding, modifying, and optimizing rules and alerts.
• Created a custom document and linked it with the SIEM vendor documentation.
Advanced Cloud-based Endpoint Protection
Education
Bachelor's Degree in Computer Engineering
University of Pune - Pune, India
Certifications
ISAC Certified Cyber Crime Intervention Officer (CCIO)
Information Sharing and Analysis Center (ISAC)
CISSP – Certified Information Systems Security Professional
(ISC)2
Internet Crime Investigation
Asian School of Cyber Laws
Certified Ethical Hacker (CEH)
EC-Council
Red Hat Certified Engineer (RHCE)
Red Hat
Skills
Tools
VPN, Jira
Industry Expertise
Cybersecurity, System Security
Languages
Bash Script
Platforms
Linux, AWS
Paradigms
DevSecOps, Penetration Testing
Storage
Azure
Other
System Security, GRC, Risk Management, Linux Administration, Cross-functional Collaboration, ISO 27001, Security, CISSP, IT Security, Compliance, Information Security, Operating Systems, GDPR, Third-party Management, Data Privacy, SIEM, People Management, Software Development, Security Architecture, Identity & Access Management (IAM), Cloud Security, Third-party Risk, Risk Assessment, CISO, Networking, SOC 2( Service Organization Control), Security Operations Centers (SOC), Business Continuity, System Security, Application Security, SELinux, System Security, Antivirus Software, Email Security, Cyberpsychology
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring