Senior Manager Information Security & Privacy
SS&C | Primatics Financial
Total des années d'expérience :12 years, 4 Mois
Total Employees: 22, 600+
Who We Are:
SS&C EVOLV is a comprehensive, cloud-based, end-to-end accounting solution for financial institutions that integrate and automate all risk and finance processes relating to a loan portfolio, from data capture to back-end reporting and analytics. EVOLV streamlines loan accounting, increases efficiency, assures data integrity, strengthens compliance, and frees managers to focus on making better-informed decisions.
Duties & Job Responsibilities:
- Responsible to coordinate with Business executives and cross functions to deliver successful Information security operations by managing a business-wide security team.
- Responsible to oversee, manage, maintain, and improving business unit Information Security Policies, procedures, and controls.
- Responsible for delivering an integrated Governance, Risk, and Compliance (GRC) Program for group-wide GRC requirements.
- Responsible for managing routine security operations, SOC 1 Type II, SOC 2 Type II audits, IT Risk Management Program, Vulnerability Management Program, and Third-party Vendor Risk Management Program for business unit operations.
- Responsible to drive business-wide Information Security initiatives, new implementations, and upcoming projects.
- Responsible to oversee Information Security Training & Awareness activities and Business Continuity/Disaster recovery plan.
Key Achievements:
- Initiated, tested, implemented, and rolled out Enterprise-grade Application for managing Third Party Open-Source code analysis and licensing management.
- Developed and implemented workflow-based automated mechanism for policies, procedures, programs, and processes annual review and final sign-off.
- Proposed, assessed, acquired, and implemented pre-populated Shared Assessments SRA SIG and Cloud Security Alliance CAIQ questionnaire bundled with tearsheets for clients' periodic security due diligence requests as the first line of response.
- Migrated AICPA SOC 2 Control sheet to TSP 2017 Criteria to align business reports with the latest market available standard.
Key Achievements:
- Managed and delivered successful on-site client technology audits.
- Initiated and developed a risk management program and periodic risk assessment process for companywide verticals.
- Initiated and developed a separate internal audit management team, which is responsible for all internal and external audits including onsite client audit requests and periodic internal audits.
- Developed and rolled out a process and team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.
Key Achievements:
- Closely worked with the Senior Management in the development of the Vulnerability management program. Managed and delivered semi-annual internal and external vulnerability assessments.
- Initiated and developed a due diligence Vendor management program, processes, questionnaires, risk assessment guide, and reporting templates for critical vendors and service providers.
- Managed and delivered successful SSAE 16 SOC I Type 2 service Audit.
- Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) plans for corporate offices in Karachi, Pakistan, and Mclean VA, USA.
- Initiated and developed a highly effective Information Asset register upgrade procedure to enable the latest information in risk assessment activity.
Key Achievements:
- Assisted clients with architecting and implementing security solutions.
- Coordinated with parties to ascertain the requirements and execution of penetration testings, vulnerability assessments, and configuration audits.
- Carried out pre-project presentations and performed successful PoCs and technical demos of Rapid7 NeXpose, Rapid7 Metasploit, and CA Identity Minder with several banks and institutions in Pakistan.
- Led professional training team to deliver several successful EC-Council official training for clients.