Manager - GRC
Wipro
Total years of experience :26 years, 3 months
• Developing a framework for IT Governance, studying the business goals & aligning it with IT, planning and securing IT investments and facilitating decision making process for project sponsors
• Project management for internal security projects, risk assessments, facing external audits and assisting audit department to close the observations, and formulation of security policy, procedures, baselines and guidelines based on ISO27001 and ISR
• Setting up the ISMS framework and security policies compliant with industry standards such as ISO 27001 and ISR
• Leading efforts in performing general controls oversight, reviewing compliance with internal audit controls and professional standards, liaising between in-house managers/IT department and external operational auditors, performing risk assessment and determining business critical processes, data security designation/classification studies and providing internal audit services for data classification of information assets
• Completing IT Security Risk based Control Self Assessment by mapping inherent risks, assessing controls and defining action plans for identified issues to support overall risk and control agenda for the firm
• Offering support during various internal & external audits and regulatory inspections
• Supporting no. of risk management programs to enhance risk posture of business by protecting information assets, satisfying regulatory obligations and minimizing potential legal and liability exposure
• Testing business continuity as per the plan annually and organizing Risk and Controls awareness sessions as per RAMP (Risk & Audit Mitigation Program)
• Reducing overall recovery time by automating and simplifying recovery processes from multiple single recovery exercises to fewer enterprise wide recovery exercises
• Preparing and providing standing and recurring Operational Risk deliverables such as business unit operational risk profiles, operational risk incident summaries and results of scenario analysis to business partners
• Resourceful in devising and effectuating risk policies & implementing effective mechanisms to mitigate the same
Current Engagement: Information Security Consultancy
Industry Segment: Government
Role: Sr. Security Consultant
Responsibilities:
• Providing strategic level support to the IT security section of the client
• Involved in providing project management for internal security projects, risk assessments, facing external audits and assisting audit department to close the observations, and formulation of security policy, procedures, baselines and guidelines based on ISO27001 and ISR
• Playing a leadership role and manage the overall information security program across the organization including all internal projects and the security team
Highlights:
• Diligently defined IT security strategy in line with the organizational strategy, vision and mission; a roadmap for the next 3 years prioritizing projects based on global trends and threats
• Developed and maintained all kinds of ISMS documentation and conducted internal audits and coordinated external audits
• Work closely with the operations and other teams on Security Incident Management
• Established security framework compliant with ISO27001 & ISR
Title: Business Continuity Planning (BS25999)
Client: First Gulf Bank, Abu Dhabi
Period: 12 months
Role: Senior Security Consultant
Responsibilities:
• Managed key tracks of engagement including gap assessment of the existing DR setup and detailed Business Impact Analysis covering all the core business functions responsible to account various services offered by the bank
• Led efforts to drive the engagement with close interaction with client executives to develop Business Continuity Plans based on the BIA reports, conduct simulation tests and present reports to upper management
Work closely with business to provide high quality, real time on floor technology support leading to high availability of network, systems, and applications.
Develop IT strategy with a wider prospective for maximum value to the business.
Establish internal procedures for technology helpdesk with SLAs and measurements on user satisfaction and turn around time.
Develop & implement processes, procedures & guidelines to ensure effective management of IT infrastructure related documentation.
Develop a suitable Business Continuity Plan and ensure periodic testing.
Oversee operational staff’s execution of regular successful backups of systems and subsequent off-site storage
Oversee the administration and operation of servers and participate in the evaluation, selection, installation, configuration, and upgrade of hardware and software
Control and manage Change Management, Backup Management, IT-Helpdesk Management, Config Management, IT SLA management, Incident/Problem Management
Establish an internal/external escalation matrix for Incident Management
Manage software compliance to standards and baselines by license, version & patch management.
Manage vendor SLAs and perform monthly reviews.
Establish, implement and maintain IT system’s security infrastructure.
Manage and develop enterprise-wide Information Protection policy, procedures and standards.
Lead the team to identify single point of failures and recommend and document corrective actions.
Managed Replication of Critical Business Systems and Network Infrastructure Improvements.
Analyse and devise user roles with Business Process Team
Oversee Anti virus Management and OS patch management.
Propose annual IT budget and managed procurement.
Liaison with HR department for recruitments.
Major Projects & Accomplishments:
Designed, proposed and implemented Networking solution for Twam Hospital with ATM/Gigabit options.
Designed, proposed and implemented Networking including remote connectivity for Adnoc-Fod multi-product Depot, Mussafah, AbuDhabi.
Designed, proposed and implemented Networking including remote connectivity for Adnoc-Fod filling station, Airport Road, AbuDhabi.
Designed, evaluated and implemented Structured cabling system for voice and data for Adnoc-Fod Mussafah Office.
Proposed and implemented Internet solution for Cape-East with Novell Groupwise Mail Server.
Designed & Evaluated Firewall security solution for Abudhabi Muncipality.
Designed, proposed and Implemented LAN & WAN solution for Zameel Steel (Amana).
Evaluated and implemented ISDN solutions for Internet and WAN.
Designed, proposed & implemented structured cabling system for Red Crescent Society of UAE, Al Ain.
Liaison with Etisalat for design of WAN for Darwish bin Ahmed and Sons using Frame Relay.
ISO27001 Lead Auditor Course
Information Technology Infrastructure Library Foundation Course (ITIL)
Certified Information Systems Security Professional (CISSP)
SYSTIMAX SCS Design & Engineering
BE in Computer Science