Manager - Information Security Office
National Bank of Bahrain
Total years of experience :31 years, 1 month
Manager - Information Security Office
National Bank of Bahrain, Bahrain Jan '09 - Till Date
◆ Acts as a central point of ownership and management for enterprise-wide Information Security in the Bank.
◆ Recommend approach and methods for implementing strategic Information Security objectives, initiatives, and directives.
◆ Device a comprehensive Information Security Program in line with the strategy for Bahrain HO and Overseas BUs.
◆ Risk based approach to assess the information and IT assets in developing a comprehensive mitigation strategy through redesigning the setup and improvising the process.
◆ Prime architect in redesigning the entire banks network, security and other IT infrastructure systems.
◆ Advisory services to IT team for adopting new technology and strategic decisions.
◆ Ensure that adequate information security management aspects are taken into account for strategic projects.
◆ Develop and maintain Information Security policies, standards, procedures and guidelines.
◆ Devised Information Security monitoring and reporting system to ensure monitoring of exceptional activities on high privilege accounts and incidents on all critical systems.
◆ Primary evaluator of Risk and Control Self Assessment (RCSA) for IT infrastructure and IT security operational security areas.
◆ Provide assistance to IT Audit, Fraud investigation team and Business units towards remediation on audit finding and fraud investigations.
◆ Facilitate Internal, External Audit and work for compliance with the management.
◆ Ensuring Security Awareness through fliers and awareness emails for the entire bank.
Manager - Information Security
Ahlibank (S.A.O.G) November 2008 - June 2009
◆ Strategic Information Security plan.
◆ Risk Assessment and Management.
◆ IT Control Compliance.
◆ IT and Information Security process development and maintenance.
◆ Development of Security policy, procedures and standards.
◆ Development of DR and BCP plan and related process.
◆ Implementation of information security projects.
◆ Security Infrastructure Management.
◆ User training and awareness about information security.
◆ Planning and implementation of Information Security policy, procedures and standards.
◆ Security monitoring and reporting.
Manager - Information Security Office
BankMuscat (S.A.O.G) July 2004 - September 2008
◆ Develop, review and revise the Information Security Management System (ISMS)
◆ Enabled bank for ISO 27001 certification.
◆ Develop systematic approach and detail methodology for Information Risk Assessment.
◆ Conduct Risk assessment and derive Risk treatment Plan.
◆ Devise Information security policy, guidelines, standards and procedures.
◆ Guide Security Steering committee and business units on IS and Risk.
◆ Integrate security standard requirements to QA process.
◆ Plan and execute awareness program.
◆ Evaluation and recommendation of new Security products or technologies.
◆ Network Security architecture design and implementation.
◆ Manage projects initiated under Information Security Enhancement Program and networking.
◆ Implementing best practices and other recommendations by Statutory and external auditors.
◆ Co-ordinate ISO 27001 surveillance other statutory audits.
Senior Technical Consultant
Ramco Systems Ltd, India September 2000 - June 2004
◆ Develop information security program for the clients.
◆ Develop techniques and procedures for conducting information security risk assessments and compliance audits.
◆ Devise Information security policy, guidelines, standards and procedures in conjunction with the risk assessment results.
◆ Assistance in enforcing information security standards and further audit trials on the compliance level towards BS7799.
◆ Product architecture design and implementation of security solutions.
◆ Technical support to diagnose, analyze, research and resolve complex security administration and operation related problems.
◆ Vulnerability Assessments on network, host and Database.
Facility Management Engg
Nexus Computers, Chennai November 1998 - September 2000
◆ Lead 3-member team for maintaining and administering the network at the client site. Implement new trends and technologies based on client requirements
Customer Support Engineer
Cat Computers December 1996 -September 1998
◆ Design and Implementing Local area Network solutions for clients
Service Engineer
Inscomp Systems and Controls PVT Ltd. July 1993 - September 1996
◆ ModiOlivetty sales and support
◆ IBM Compatible PCs Assembling and card level service.
◆ In House Engineer at APTECH Computer Education, Trichy.
◆ Masters In Business Administration (IS) - (Sikkim Manipal University)
◆ Bachelor In Business Administration - (Madras University, India)
◆ Diploma In Electrical & Electronics Engg - (M I E T Polytechnic, Tiruchirapalli)