Manager Information Security
Ebryx
Total years of experience :8 years, 4 Months
● The design, development, and implementation road and maps for different information security standard compliance and GRC programs, like ISO, PCI DSS, SOC-2, GDPR, NIST, CIS, IEC 62443
● Manages and proactively leads the team to deliver policy and process documentation, system security plans, and associated artifacts. Implements and complies with information security best practices and frameworks.
● Understand and apply the enterprise policies, standards, and framework for governance, risk & compliance.
● Validate the key ITGC controls with the stakeholders periodically to provide an early warning to management for timely correction and remediation action.
● Develop and present recommendations to management based on risk and compliance impact for multiple risk and compliance initiatives.
● Manages information security GRC and special project service delivery from scratch till final.
Enterprise Cybersecurity Risk, Compliance and Governance, Cybersecurity risk management framework, ISO 27001, ISO 27002, IEC 62443, ISO 27701, PCI DSS, GDPR, SOC 2, NIST implementation, Information Security Audit, Data Governance, Security Architecture Review
● Proactively leads the Implementation of necessary information security policies, standards, procedures, and guidelines in coordination and alignment with standards like ISO, GDPR, SOC-2, and CIS. It also includes any client-specific policies enforced on projects requiring increased security.
● Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance with internal security policies, Addo's customer policies, or other applicable laws and regulations.
● Proactively conducts periodic security risk assessments and determines appropriate actions to address identified risks, developing Information Security Policies, Procedures, Guidelines, and strategies.
● Coordinates, execute, and implements activities relating to contingency planning, business continuity management, and IT disaster recovery in conjunction with relevant functions and third parties.
● Conduct internal Information Security Audit to identify potential noncompliance.
● Responsible for preventing IT security risks and issues and developing and delivering suitable information security awareness, training, and educational activities to the associates, managers, and others as needed.
● Periodically Conduct Security Vulnerability assessment and penetration testing of the whole organizational IT infrastructure.
Enterprise Cybersecurity Risk, Compliance and Governance, Cybersecurity risk management framework, ISO 27001, ISO 27701, PCI DSS, GDPR, SOC 2, NIST implementation, Information Security Audit, Network security, and IT/IS infrastructure management.
● Management of IT and security infrastructure of SEC across the SAARC (South Asian Association for Regional Cooperation) member states.
● Maintain essential IT operations, including operating systems, security tools, applications, servers, email systems, laptops, desktops, software, and hardware.
● Analyse department needs, identify vulnerabilities and boost productivity, efficiency, and accuracy to support business decisions. Develop and execute disaster procedures and maintain data backups.
● Handle business-critical IT tasks and systems administration
● Prepare cost benefits analysis reports when upgrades are necessary, continuously analyzing vendors to ensure they offer the best possible service and value for company needs.
Management of Vulnerability Assessment, Potential Security Risk, Information Security Governance, Network Security, IT/IS Infrastructure
● Responsible for security program design, Implementation, Security Operations, Monitoring, and Assessment
● Developing Information Security Policies and Procedures and managing Security Operation Centre.
● Align and develop workflows and processes according to Compliance requirements ISMS, PCI DSS, and other local Compliance.
● Highlight critical assets concerning Confidentiality, Integrity, Privacy, Availability, and Business Impact view.
● Develop Incident Response Plan and make a strategy to kill the security spillovers.
● Perform Risk Assessment, design, and develop a Risk treatment/mitigation plan with the Information Security team to remediate potential security risks to Bank Alfalah.
● Identify gaps between existing Information Security infrastructure and security compliance.
● Design and develop good Information Security practices for the enterprise and Maintain effective Information Security Governance plans.
● Actively maintain compliance with globally best information Security practices and standards.
● Design and develop in-house strategies for External audits.
● Periodically conduct vulnerability assessments and identify potential security threats from internal and external environments.
200+ branches, SIEM, SOC, Firewalls, IDS/IPS, ISO 27001, PCI DSS, Penetration Testing, LAN/WAN, DLP, Endpoint Security, H IDS, Encryption, Enterprise Risk Assessment, Patch management, Operating System Security hardening, Server hardening
3G/4G Upgradation of Telecom sector