MANISH B.

DESAI CAREER PROFILE Results driven IT executive with notable success directing a broad range of corp orate and start up IT initiatives. Highly productive "go-to" person; excellent m otivator and team player who thrive on challenges and constantly acquiring new k nowledge/skills Sets strategic direction for technology based security solutions that have direct impact on the risk mitigation for the firm. My hands on entre preneurial experience and my professional certifications in IT Audit and informa tion security, operational risk management and business continuity management al low me to be a well-rounded resource. I have managed global teams for a large ou tsourcing service provider, infrastructure and networking teams of a medium size d firm. My broad background in both business and technology, in conjunction with my hard work and dedication to the companies I work for and with, has resulted in my successful rise from a customer service engineer to a senior IT manager. CORE IT COMPETENCIES (not a complete list) IT Strategy & Execution Program & Project Management Regulatory Adherence (SOX, HIPAA) IT Audit Writing IT Policies Information Security Outsourcing & Vendor Management Remote & Mobile Access Business Continuity Management and Disaster Recovery Planning Crisis Management and Pandemic Preparedness IT and Operational Risk Assessments Business Impact Analysis IT TECHNOLOGIES (not a complete list) MS Windows Server MS XP, Vista MS Exchange 2003 Lotus Notes ISS Real Secure Site Protector Host and Network IDS and IPS Netcontinuum and Appshield (web based application firewall) WatchFire Appscan Forescout Wormscout (Anti-worm solution) Arcsight SEM Cisco (PIX Firewall, VPN concentrator, Secure ACS on TACACS+) BlackBerry BES McAfee Entercept EXPERIENCE BCM HEAD - AMERICAS, UBS GLOBAL ASSET MANAGEMENT, NY, SEPTEMBER 2006 - PRESENT Provide specialized skills in business continuity planning and disaster recovery , crisis management, project and change management, IT/BCM audits, operational r isk management and development of resiliency programs for UBS Global Asset manag ement with approximately $583 billion in assets under management. Key Responsibilities: Implementation of the Business Continuity (BC) framework in the Americas. Imp lemented the BC program in the Americas. Working to implement the group based BC framework using the propriety business continuity application (BCA) within Glob al Asset Management. Conduct Business readiness assessment and Business impact analysis for all UBS Global AM businesses in the Americas. Liaison with Business/Line Manager in co nducting location readiness assessment and business impact analysis, documenting RTO/RPO, developing department and system recovery plans. Crisis Management. Responsible for creating crisis management team and develop ing crisis management plans. Conduct crisis simulations/exercise for crisis mana

gement teams. Developed incident response wallet cards. Implement the Crisis Man agement program (CEAS and WPS) for crisis management teams. Responsible for impl ementing the UBS's Pandemic Preparedness Protocol in Global Asset Management in the Americas. IT and Operational Risk Management. As member of IT Operation Risk department r esponsible for ensuring information security and compliance as per UBS's proprie tary OREX (Operational risk excellence) framework. Conduct /Facilitate Business Impact/ Operational Risk Analysis to determine the business function's risk leve ls and assist them in mitigation of these risks. Plan and processes. The firm lacked several formal BCM and IT security policies , plan or processes governing the control and usage of firm technological resour ces so it was my responsibility to document them and socialize it with key stake holders for their approval and acceptance to implement them. Audit and Compliance. Ensure that UBS Global AM is in compliance with interna l (General Internal Audit), external client due-diligence and operational risk r eviews and external regulatory bodies (FINRA, SEC, Federal Reserve of New York e tc)'s Business Continuity Management and Information security program, policies and standards. Key Results: Implemented and Aligned Global Asset Management BC framework in the Americas wi th Global framework. Conducted Business impact analysis and Business readiness a ssessment for business function and location in the Americas. Developed standard business recovery plans for business functional units and department. Implemented Crisis Management. Introduce the crisis management team concepts fo r all locations and developed crisis management plans. Implemented crisis and em ergency management tools e.g Dialogic's Escalation and Notification (NES), Gover nment's Wireless Priority Services (WPS) and NY's Corporate Emergency Access Sys tem (CEAS). Implemented Pandemic Preparedness Protocol. Successfully rolled out the Pandemi c Preparedness protocol across Global Asset Management division by identifying a nd training key Pandemic Welfare staff, ordering and distribution of protective pandemic kits for all staff, undertaking vaccination and education campaigns, pr oviding travel advisory and regular updates to business heads and implementing m easures and strategies (social distancing plans, cleanliness campaigns) to mitig ate and break out of Swine Flu (H1NI) within all locations. Audit. Closed out all Internal General audit items for Global Asset Management. Successfully addressed and satisfied Business Continuity Management audit and r egulatory requirements for FINRA, SEC. Successfully passed several Clients due diligence, audits and operational risk reviews of Global Asset Management's BCM/ DR program, policies and processes. IT and Operation Risk Assessment. By implementing several measures including t he concept of dedicated recovery site, introduction of business continuity and d isaster recovery of technology and infrastructure in Project Life Cycle (PLC) ab le to minimize the operational risk and impact to acceptable risk levels. Designed and implemented new BC/DR environments. Since the IT and infrastructu re teams only had an aging platform that was also used for BCM/DR testing, it fr equently caused issues having to recover environments. Improved BC/DR resiliency and posture. Conducted several Business Continuity (U ser and process relocation) and Disaster Recovery (IT) exercises successfully fo r all key locations and data centers. Achieved sufficient clarity and reasonable assurance in our recovery capabilities to meet any eventuality. Significantly i mproved Global Asset Management's BCM readiness and risk monitoring (RAG) status over the years.

Assistant Director Information Security (Acting), HEALTH INSURANCE PLAN OF NY (H IP), NEW YORK, NY AUGUST 2004 - SEPTEMBER 2006

I was responsible for managing Information Security department in an informal ro le as Asst Director Information Security foreseeing both technical and manageria l aspects. Responsible for conceiving a Security vision, strategy and planning f or the department on an enterprise level across all security domains. Responsibl e for overseeing implementation of new projects and budgets related to Informati on Security. Work closely with the Development, Audit & Compliance and Business teams to ensure we are all in sync with both corporate and government regulation s such as HIPAA and SOX. Key Responsibilities: Over see Information Security department and IS support teams. Ensure teams h ave the right priorities, and project work is planned according to resources and business priorities. Ensure that right security tools and processes are implem ented to manage firm's network, infrastructure and application security. Primary point of contact for team or client escalation issues. Coordinate with the development, network engineering and business users to allo w for properly communicated and accurate delivery of information security projec ts Manage information security key vulnerabilities and incidents and planned mitig ation. I ran the information Security and key infrastructure incidents / probl em management processes and outages to ensure the security of systems were not c ompromised and vulnerabilities were mitigated in timely manner. Key Results: Work with the Software Architecture and Network Engineering teams for proper in formation Security system design to meet the firms' security requirements. On an as needed basis I would engage Software Architecture and Network Engineering t eams for implementing new information security systems design, additional perfor mance troubleshooting or while reviewing a system refresh. IT Security and Risk Assessment. Conducted IT and Security Risk Assessment (RA) by periodic network vulnerability and penetration and social engineering testin g. Performed analyses to document operational impacts of natural and man made in cidents and implemented mitigation strategies. Typical analyses may include iden tifying critical business process interdependencies, defining reliance on data c enters /critical applications /geographic sites and aggregating financial impact s across the organization. Incident Management. Implementation and coordination of Incident Management Tea m and other Emergency Teams. Outsourced vendor selection. Responsible for selecting the firm's Information Security tools and vendors Policy and procedures. Since this was a startup department they did not have a ny policies or procedures governing the use of firm technological resources so i t was my responsibility to write them. SOX and HIPAA Compliance. Working with the firm's business and development te am to ensure the firm is SOX and HIPAA compliant. MIS MANAGER - NORTH AMERICA, COGNIZANT TECHNOLOGY SOLUTIONS TEANECK, NJ, FEBUARY 2000 - JULY 2004 As a Senior IT Manager I was responsible for infrastructure/Network Operations, Information security, Infrastructure /System project Management and Technology. I was responsible for setting the strategy for our end user platform, Americas I T support, servers and storage on a global basis. Responsible for key initiative s critical in running business in an efficient and cost effective way. Work clo sely with the business client and internal IT Risk offshore teams to ensure we a re all in sync with both corporate and government regulations such as SOX. Key Responsibilities: Manage day to day North America Operations. Manage an IT team and oversee the H elp desk services. Provide strategic/ tactical direction to the team in day to d

ay operational and project related activities. Ensure teams have the right prior ities, and project work is planned according to resources and business prioritie s. Primary point of contact for all team or client escalation issues. Coordinate with the COO and CIO to allow for properly communicated and accurate delivery of projects. Vendor Management and relationship in supporting Cognizant's various infrastruc ture needs. Information Security Compliance and Awareness. I was responsible for developmen t of Information security compliance and security awareness programs. Work with the Security and Network Engineering teams for proper system design t o meet the business requirements. Engage the Architecture and Network engineerin g teams for implementing new information systems and security design, additional performance troubleshooting or while reviewing a system refresh. Key Results: Performed information security and network security gap analysis. Evaluated the risk inherent in the technological infrastructure vertically from basic network s (including LANs and VPNs) and operating systems to applications and applicatio n development standards to ensure that Cognizant was secured and was SOX complia nt Implementation of secure, highly available and redundant infrastructure. Design ed, managed and implemented projects involving VPN, RAS, Security and network sy stem involving Microsoft, Cisco. Nortel, T1/E1, Frame relay, ISS- real secure ID S to ensure highly scalable and redundant infrastructure Review and development of Information security compliance and awareness program s. Assisted in BS1799 and SAS 70 compliance audits. Provided consistent policy i nterpretation to business units. Promoted awareness of security policies and sta ndards, revisions and developments. Developed technology security framework of t he organization and devise plan for implementation. Researched, developed and wr ote policies and standards for various technological platforms Wrote the formal IT change management and security policy document. There was a lack of control and procedure for many aspects that require procedures at such a firm. Researched, developed and wrote policies and standards for various tech nological platforms Developing and managing relationship with Vendor. Implemented several cost effi cient and effective infrastructure solution and technologies in North America wh ich aimed at lowering the cost of operations with equivalent savings equivalent to $500K - 1M annually. Participate in the budgeting process and cost-recovery m echanisms, and produce regular management reports. MIS reporting to COO and CIO. Participated in the budgeting, and produce regula r management information reports (Network/Bandwidth utilization, VOIP channel ut ilization, Help desk/Call reports, Compliance and information security reports) SENIOR CONSULANT, NOVASOFT INFORMATION TECHNOLOGY CORP, PRINCETON, NEW JERSEY, M ARCH 1999 - FEBRUARY 2000 HEAD OF OPERATIONS, PRT GROUP NEW YORK, NY, HARTFORD, CONNECTICUT AND BARBADOS AUGUST 1997- FEBRUARY 1999 ASSOCIATE SUPPORT MANAGER, MICROLAND BOMBAY, INDIA, MAY 1995-AUGUST 1997 SUPPORT ENGINEER, PACC, KUWAIT DECEMBER 1993- MARCH 1995 SUPPORT ENGINEER, CMS COMPUTERS BOMBAY, INDIA AUGUST 1990 - DECEMBER 1993 EDUCATION Bombay University, Bombay, India Bachelor of Science (Physics) - 1986 Bachelor of Science (Technology) Electronics - 1990 PROFESSIONAL CERTIFICATION Certified Business Continuity Professional (CBCP) - DRII

Certified Information System Security Professional (CISSP) with specialization i n Information System Security Management Professional (CISSP- ISSMP) - ISC2 Certified Information System Manager (CISM) and Certified Information System Aud itor (CISA) - ISACA