Summary
Overview
Work History
Education
Skills
Websites
Certification
Publications
Interests
Timeline
Generic

TARUN JAIN

Senior IT Audit Manager
Melbourne

Summary

Highly skilled Cybersecurity Solution Architect and IT Risk Manager with over a decade of experience in Information security, offering expertise in audit planning, regulatory compliance, and cybersecurity. Proficient in managing internal controls, configuration management, and continuous monitoring to ensure operational efficiency. Excellent at leveraging technical expertise in Amazon Web Services, Microsoft Azure, and Google Cloud, alongside knowledge of Kubernetes and CI/CD, to enhance security frameworks. Experienced in coaching teams, engaging with stakeholders, and aligning strategies with industry standards like NIST CSF and GDPR. Passionate about driving audit engagements, targeting new technologies, and fostering resilience through robust service management and problem management practices.

Overview

14
14
years of professional experience
8
8
Certifications

Work History

SENIOR SECURITY ENGINEER

Peter MacCallum Cancer Centre
04.2024 - 12.2024
  • Managed a Security Operations Centre (SOC), overseeing threat hunting and incident response. Utilised Microsoft Sentinel, LogRhythm, Defender for Endpoint and Tenable for vulnerability scanning, reducing risk exposure substantially. Delivered detailed reports to executives using Pivot Tables, ensuring compliance with Essential 8 and fostering a proactive security culture across the organisation.
  • Oversaw endpoint security using Defender for Endpoint, CrowdStrike and Cylance, achieving reduction in malware incidents. Utilised PowerShell for automation of security processes, improving efficiency. Produced comprehensive security reports for stakeholders, maintaining transparency and achieving substantial improvement in incident response times across the organisation’s IT environment.
  • Led the development and implementation of compliance policies, reducing risk exposure through strategic use of Microsoft Sentinel and Tenable. Drove a proactive compliance culture across the organisation.

INFORMATION SECURITY MANAGER

PointsBet
02.2022 - 03.2024
  • Oversaw endpoint security using Defender for Endpoint, CrowdStrike and Cylance, achieving a 40% reduction in malware incidents
  • Utilised PowerShell for automation of security processes, improving efficiency
  • Produced comprehensive security reports for stakeholders, maintaining transparency and achieving substantial improvement in incident response times across the organisation's IT environment
  • Managed SOC operations, overseeing threat hunting and incident response with tools like Microsoft Sentinel and Tenable
  • Enhanced endpoint security and automated processes using PowerShell, ensuring compliance with Essential 8
  • Expertly coordinate audit engagements by developing comprehensive audit scopes focused on cybersecurity, resilience, and business continuity management, ensuring alignment with organisational goals and regulatory requirements
  • Leverage analytical skills to assess risks associated with new product development and emerging technologies, providing actionable insights to senior management for improved operational efficiency
  • Utilised Microsoft Sentinel and RSA NetWitness for threat detection and incident response, performing in-depth forensic analysis when required
  • Leveraged Defender for Endpoint and Defender for Cloud to monitor and secure network endpoints and cloud resources, ensuring rapid identification and response to security incidents
  • Developed and executed comprehensive cybersecurity strategies, with a focus on compliance, vendor management, and business continuity
  • Collaborated with stakeholders, delivering security awareness training through KnowBe4 and managing Microsoft Purview for data governance
  • Produced detailed reports using Pivot Tables, maintaining clear communication with executives and cross-functional teams
  • Provide technical expertise in evaluating ITGC and application security, incorporating industry standards and frameworks to strengthen internal controls
  • Collaborate with global audit teams to design and execute audits, targeting risks in cloud environments like Amazon Web Services and Microsoft Azure, while maintaining meticulous documentation for compliance

HEAD OF INFORMATION SECURITY

Victorian Institute of Forensic Medicines (VIFM)
08.2021 - 02.2022
  • Managed a Security Operations Centre (SOC), overseeing threat hunting and incident response. Utilised Microsoft Sentinel, LogRhythm, Defender for Endpoint and Tenable for vulnerability scanning, reducing risk exposure substantially. Delivered detailed reports to executives using Pivot Tables, ensuring compliance with Essential 8 and fostering a proactive security culture across the organisation.
  • Oversaw endpoint security using Defender for Endpoint, CrowdStrike and Cylance, achieving reduction in malware incidents. Utilised PowerShell for automation of security processes, improving efficiency. Produced comprehensive security reports for stakeholders, maintaining transparency and achieving substantial improvement in incident response times across the organisation’s IT environment.
  • Led the development and implementation of compliance policies, reducing risk exposure through strategic use of Microsoft Sentinel and Tenable. Drove a proactive compliance culture across the organisation.

SOC MANAGER

460degrees
05.2021 - 07.2021
  • Managed a Security Operations Centre (SOC), overseeing threat hunting and incident response. Utilised Microsoft Sentinel, LogRhythm, Defender for Endpoint and Tenable for vulnerability scanning, reducing risk exposure substantially. Delivered detailed reports to executives using Pivot Tables, ensuring compliance with Essential 8 and fostering a proactive security culture across the organisation.
  • Oversaw endpoint security using Defender for Endpoint, CrowdStrike and Cylance, achieving reduction in malware incidents. Utilised PowerShell for automation of security processes, improving efficiency. Produced comprehensive security reports for stakeholders, maintaining transparency and achieving substantial improvement in incident response times across the organisation’s IT environment.
  • Led the development and implementation of compliance policies, reducing risk exposure through strategic use of Microsoft Sentinel and Tenable. Drove a proactive compliance culture across the organisation.

VCISO

Security Brigade
05.2018 - 03.2021
  • Managed a Security Operations Centre (SOC), overseeing threat hunting and incident response. Utilised Microsoft Sentinel, LogRhythm, Defender for Endpoint and Tenable for vulnerability scanning, reducing risk exposure substantially. Delivered detailed reports to executives using Pivot Tables, ensuring compliance with Essential 8 and fostering a proactive security culture across the organisation.
  • Oversaw endpoint security using Defender for Endpoint, CrowdStrike and Cylance, achieving reduction in malware incidents. Utilised PowerShell for automation of security processes, improving efficiency. Produced comprehensive security reports for stakeholders, maintaining transparency and achieving substantial improvement in incident response times across the organisation’s IT environment.
  • Led the development and implementation of compliance policies, reducing risk exposure through strategic use of Microsoft Sentinel and Tenable. Drove a proactive compliance culture across the organisation.

SECURITY OPERATIONS LEAD • Full-time

Entersoft
03.2011 - 04.2018
  • Successfully developed and implemented comprehensive security strategies, including conducting security risk assessments and managing incident response planning
  • Led security architecture design to align with compliance frameworks such as ISO 27001 and Essential 8, ensuring robust protection against threats and vulnerabilities
  • Managed a Security Operations Centre (SOC), overseeing threat hunting and vulnerability assessments
  • Utilised tools like Qualys and Nmap for vulnerability scanning and Fortinet FortiGate for firewall management
  • Coordinated security audits and compliance reviews to ensure adherence to regulatory requirements
  • Managed a security team, coordinating incident response, overseeing security operations, and monitoring security events using tools like LogRhythm
  • Analysed security data to identify patterns and potential threats, ensuring timely responses and effective risk mitigation
  • Conducted threat-hunting and intelligence activities to proactively detect and neutralise potential threats
  • Utilised tools such as Cylance for endpoint protection and ADAudit Plus for user activity monitoring
  • Managed security tools, including Azure AD for identity management and Tenable for vulnerability assessments
  • Lead staffing and training initiatives, coaching new employees in audit practices, configuration management, and service management protocols
  • Foster a culture of continuous improvement by reviewing team outputs, ensuring adherence to department standards, and enhancing skills in problem management and data security processes
  • Designed comprehensive security architectures, evaluating various security technologies to determine their effectiveness in protecting critical systems and ensuring compliance with frameworks like NIST CSF, NIST 800-53, and ISO 27001
  • Utilised tools such as Azure Security Centre and Darktrace to maintain a robust security posture
  • Led incident response efforts, including investigation and analysis of security incidents, with a focus on minimising impact and identifying root causes
  • Implemented robust monitoring of security operations using Azure Security Centre to detect vulnerabilities
  • Conducted regular penetration testing with Kali Linux and Metasploit to identify and mitigate risks
  • Engage with senior and executive management to present audit findings, offering strategic recommendations on operational efficiency and internal controls
  • Participate in regional risk committees, using event monitoring and analytical insights to adapt audit plans to evolving business needs and new technologies like Kubernetes
  • Oversee budgeting and execution of audit projects, integrating continuous monitoring and vendor management to optimise resource allocation
  • Apply knowledge of regulations and web services to deliver reports that meet organisational standards, ensuring robust oversight of cybersecurity and resilience strategies
  • Partner with external auditors and regional teams to align audit methodologies with financial services requirements, focusing on application security and data security
  • Utilise organisational structure insights to target high-risk areas, driving improvements in service management and business continuity through structured engagement and feedback loops
  • Designed and implemented security architecture for cloud-based environments
  • Configured and maintained security systems in Azure and AWS environments, including firewalls, SIEMs, and network security devices
  • Led incident response and investigation efforts, utilising Splunk for log analysis and forensics
  • Conducted vulnerability assessments and penetration testing using tools like Nmap, OpenVAS, and Burp Suite
  • Used Bash scripting to automate risk analysis, boosting assurance process efficiency notably

Education

BACHELOR OF INFORMATION TECHNOLOGY -

Central Queensland University

DIPLOMA IN INFORMATION TECHNOLOGY BUSINESS ANALYSIS - undefined

Australian International College Of Business

Skills

  • AWS
  • Azure
  • Regulatory Compliance
  • Risk management
  • SOC Management
  • COBIT
  • ISO 27001
  • ITIL
  • NIST 800-53
  • NIST CIS
  • PCI DSS
  • ADAudit Plus
  • Cylance
  • Fortinet FortiGate
  • KnowBe4
  • LogRhythm
  • Nessus
  • Qualys
  • Splunk
  • JavaScript
  • Python
  • SQL

Incident response management

undefined

Websites

Certification

CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) - ISC2

Publications

From ROI to Ransomware: Navigating the Dual Challenges of Business and Security, 05/01/24, Performed secure code reviews and application security testing using SonarQube and Veracode.

Interests

  • Yoga
  • Table Tennis
  • Cyber Security

Timeline

SENIOR SECURITY ENGINEER

Peter MacCallum Cancer Centre
04.2024 - 12.2024

INFORMATION SECURITY MANAGER

PointsBet
02.2022 - 03.2024

HEAD OF INFORMATION SECURITY

Victorian Institute of Forensic Medicines (VIFM)
08.2021 - 02.2022

SOC MANAGER

460degrees
05.2021 - 07.2021

VCISO

Security Brigade
05.2018 - 03.2021

SECURITY OPERATIONS LEAD • Full-time

Entersoft
03.2011 - 04.2018

DIPLOMA IN INFORMATION TECHNOLOGY BUSINESS ANALYSIS - undefined

Australian International College Of Business

BACHELOR OF INFORMATION TECHNOLOGY -

Central Queensland University

Similar Profiles

CREATE PROFILE
TARUN JAINSenior IT Audit Manager