Taimur Ijlal, Head of Cloud Security and DevSecOps

Taimur Ijlal

Head of Cloud Security and DevSecOps

Network International

Location
United Arab Emirates - Dubai
Education
Diploma, Post Graduate Dioloma In Technology and Intellectual Property Law
Experience
21 years, 8 months

Share My Profile

Block User


Work Experience

Total years of experience :21 years, 8 months

Head of Cloud Security and DevSecOps at Network International
  • United Arab Emirates - Dubai
  • My current job since October 2019

Have moved to new role responsible for securing NI Cloud portfolio and implementing DevSecOps initiative across the group
Primary responsibilities are listed below:
 Securing our new Azure cloud infrastructure and ensure risk is mitigated during migrations of our production workloads
 Creating a Cloud Governance framework for the entire group
 Implementation of BitGlass Cloud Security Broker for cloud visibility and data protection
 Cloud security posture assessment for SaaS applications (Office 365, Salesforce, Bitbucket)
 DevSecOps awareness in our agile teams to secure our CI / CD pipeline

Head of Information Security at Network International
  • United Arab Emirates - Dubai
  • October 2012 to October 2019

Currently responsible for one of the largest Information Security portfolios in the Middle East for Network International Group. NI is the largest acquirer of card based transactions and one of the leading payment solution providers in the region. My unit spread out across UAE, Egypt, Jordan and South Africa is responsible for handling all aspects of Cyber-security, Cloud Data Protection, PCI-DSS, ISO 27001, ISAE 3402 Type II audits and compliance with applicable Data Protection laws.

Key Projects / Achievements:
-----------------------------------------
Cyber Security Maturity Assessment: Part of core member team for a group wide Cyber security maturity assessment to benchmark our security processes against industry best practices. This would form the basis of a complete cybersecurity revamp for the next three years

Cloud Security Initiatives: As a member of NI Cloud Working Group, I was responsible for the following projects:

o Implementation of Symantec CASB (Cloud Access Security Broker) on critical cloud services like Salesforce, Office 365 and Drobox

o Risk Assessment of Azure based Payment Gateway which was first cloud based payment gateway in the region

o Controls improvement over Cloud Based services like JIRA and Bitbucket which housed critical NI assets

PCI DSS / ISO 27001 Program milestones: Successfully completed multiple certification cycles for PCI-DSS, PCI PIN SECURITY and ISO 27001 from 2012 to 2019 with the implementation scope and maturity improving every year

DevSecOps implementation: Responsible for enhancing the speed and efficiency of our software pipeline by implementing DevSecOps processes via open source tools and re-engineering of critical security processes. This resulted in a drastic decrease in software security defects post release

 SOC Maturity assessment: Lead a SOC maturity assessment and enhancement project for the organization to first assess and then improve the maturity of our 24/7 incident response and security operations center

Head of Information Security at Dubai Bank PJSC
  • United Arab Emirates - Dubai
  • December 2011 to September 2012

As the Head of Information Security, I am reporting to the Chief Risk Officer and working hand in hand with the IT Group to maintain an Information Security Management System based on the best practices of ISO/IEC 27001:2005 and ISO 9001 Quality Management System. My key role is to provide strategic oversight to the entire Information Security framework of the Bank.

Key Achievements in this role:
---------------------------------------
As a member of the ISO 9001 Process Board, I overhauled and streamlined the entire IT Risk Management methodology which contributed to quicker and more efficient risk assessments across the organization.

Senior Manager - Information Security / CISO at Bank Alfalah Limited (Part of the Abu Dhabi Group)
  • Pakistan - Karachi
  • June 2007 to December 2011

Reporting to the General Manager - Risk Management Division, I performed the function of the Bank’s Chief Information Security Officer (CISO) and spear-headed the entire cyber-security program.

Key Achievements in this role:
--------------------------------------
Established a dedicated Information Security department which oversaw IT Controls over the corporate network and over 400+ Servers/Databases, 7000+ PCs and 100+ business applications in both our local and international locations (Bangladesh, Afghanistan, Bahrain).
Launched an organization wide Information Security awareness campaign to educate staff regarding new online threats and frauds. Rolled out policies pertaining to Web 2.0 security, Social Networking, Mobile Devices, Application Security, Incident Response and Data Center physical security.
Developed key metrics on Information Security activities and risks to facilitate effective management and decision making by the Board Risk Management Committee
Awarded “Risk Management Division - Employee of the Year”

Manager - IT Audit at BANK ALHABIB Limited
  • Pakistan - Karachi
  • March 2006 to May 2007

Achievements:
--------------------
•Played key role in the detection of instances of administrative password leakage of servers by IT staff during branch audits. Also involved in preparation of report on control recommendations to be tabled before the Executive Director and CEO for approval.
•Instrumental in setting up dedicated IT Audit unit in Bank AlHabib's Audit Division. Drafted specialized audit programs and checklists to be used during system audits and conducted system audits across Pakistan.

Job Profile:
------------------
•Conduct IT based control reviews of Branches/Divisions to ensure compliance to Information Security Policies and procedures.
•Involved in information security review of Credit Card operations through specialized IT controls review of the department prior to formal launch of product using PCI standard reference leading to identification of critical control lapses in IT systems which would have compromised customer confidentiality and lead to disclosure of internal information such as PINS, Credit Card numbers.
•Assessment of physical/logical controls of designated disaster recovery site enabling the bank to shift operations in case of disaster. Highlighted several assumptions made by DRP personnel interrupting smooth transition to DRP Site in case of actual contingency.
•Review of IT Media librarian operations and identification of flaws in overall backup process of the Bank and security risks involved in transit of Backup Tapes.

Information Systems Audit and Security Officer at Bank Alfalah Limited
  • Pakistan - Karachi
  • December 2004 to March 2006

Achievements:
-------------------
•Instrumental in identification of a critical security flaw in Bank's internal employee system which would have resulted in disclosure of all employee passwords across the organization.

Job Profile:
--------------
•Dedicated IT Auditor in the Audit Department of the bank involved in conducting periodic IT based Management & Branch audits pertaining to areas of Server, Database, Application and Windows security apart from creation of quarterly IT Audit MIS for the Board Audit Committee of the Bank.
•Creation and periodic updating of internal IT audit programs in alignment with best practices from ISO 17799 and COBIT Standards.
•Conduct detailed control risk assessment of the following products of the bank - Utility Bill Payments through VISA Credit Cards; Mobile and Internet Banking; Phone Banking System; ATM Enhancements.
•Detailed review of the bank’s Information Technology Department leading to identification of critical control lapses with regards to absence of Project Management, segregation of duties and lack of training amongst IT Personnel.

Software Quality and Compliance Analyst at Citibank N.A. Pakistan
  • Pakistan
  • June 2002 to September 2004

Achievements:
--------------------
•Played key role in securing “Satisfactory” rating in the IT Risk Review in 2004 conducted by Citigroup, UK.

Job Profile:
---------------
•Developed web-based Single Sign On (SSO) system for handling user access to in-house developed applications.
•Conduct Software Quality Assurance of all applications and IT documentation to ensure compliance with Citibank internal standards.
•Testing of the Bank’s Business Continuity Plan to ensure uninterrupted operations in case of disaster.



•Perform peer reviews of all code modifications to ensure that no malicious or harmful code has been introduced into production systems.

•Ensure that Business Continuity Plans remain up to date and properly reflect application criticality levels.

Education

Diploma, Post Graduate Dioloma In Technology and Intellectual Property Law
  • at University of Liverpool U.K.
  • June 2013
Bachelor's degree, Bsc ( Hons ) Degree in Computing with Second Upper Division.
  • at APIIT - PAK ( Degree is of Staffordshire University U.K.)
  • June 2002

Specialties & Skills

Cyber Security
ISO 27001
Cloud Computing
PCI DSS
Information Security Policy - Formulation and Compliance
ISO27001
Web Application Security Assesments
IT Risk Assesments
PCI-DSS Reviews
Security Audit
AWS / AZURE
SIEM / SOC
Cloud Security
CyberArk
Identity and Access Management ( IDAM )

Languages

English
Expert
Urdu
Intermediate

Memberships

(ISC)2
  • Member
  • April 2005

Training and Certifications

Azure security (Certificate)
Date Attended:
January 2020
AWS Certified Solutions architect (Certificate)
DevSecOps Training (Training)
Training Institute:
ISC2
Certified SCADA Security architect (Certificate)
ISO 27001 Certified implementer (Certificate)
CISSP (Certificate)
Date Attended:
June 2005
CISA (Certificate)
Date Attended:
June 2004
AWS certified security - specialty (Certificate)
Date Attended:
February 2019
SCADA Security Training (Training)
Training Institute:
IACRB
Date Attended:
April 2011