• Developing a framework for IT Governance, studying the business goals & aligning it with IT, planning and securing IT investments and facilitating decision making process for project sponsors
• Project management for internal security projects, risk assessments, facing external audits and assisting audit department to close the observations, and formulation of security policy, procedures, baselines and guidelines based on ISO27001 and ISR
• Setting up the ISMS framework and security policies compliant with industry standards such as ISO 27001 and ISR
• Leading efforts in performing general controls oversight, reviewing compliance with internal audit controls and professional standards, liaising between in-house managers/IT department and external operational auditors, performing risk assessment and determining business critical processes, data security designation/classification studies and providing internal audit services for data classification of information assets
• Completing IT Security Risk based Control Self Assessment by mapping inherent risks, assessing controls and defining action plans for identified issues to support overall risk and control agenda for the firm
• Offering support during various internal & external audits and regulatory inspections
• Supporting no. of risk management programs to enhance risk posture of business by protecting information assets, satisfying regulatory obligations and minimizing potential legal and liability exposure
• Testing business continuity as per the plan annually and organizing Risk and Controls awareness sessions as per RAMP (Risk & Audit Mitigation Program)
• Reducing overall recovery time by automating and simplifying recovery processes from multiple single recovery exercises to fewer enterprise wide recovery exercises
• Preparing and providing standing and recurring Operational Risk deliverables such as business unit operational risk profiles, operational risk incident summaries and results of scenario analysis to business partners
• Resourceful in devising and effectuating risk policies & implementing effective mechanisms to mitigate the same
Current Engagement: Information Security Consultancy
Industry Segment: Government
Role: Sr. Security Consultant
Responsibilities:
• Providing strategic level support to the IT security section of the client
• Involved in providing project management for internal security projects, risk assessments, facing external audits and assisting audit department to close the observations, and formulation of security policy, procedures, baselines and guidelines based on ISO27001 and ISR
• Playing a leadership role and manage the overall information security program across the organization including all internal projects and the security team
Highlights:
• Diligently defined IT security strategy in line with the organizational strategy, vision and mission; a roadmap for the next 3 years prioritizing projects based on global trends and threats
• Developed and maintained all kinds of ISMS documentation and conducted internal audits and coordinated external audits
• Work closely with the operations and other teams on Security Incident Management
• Established security framework compliant with ISO27001 & ISR
Title: Business Continuity Planning (BS25999)
Client: First Gulf Bank, Abu Dhabi
Period: 12 months
Role: Senior Security Consultant
Responsibilities:
• Managed key tracks of engagement including gap assessment of the existing DR setup and detailed Business Impact Analysis covering all the core business functions responsible to account various services offered by the bank
• Led efforts to drive the engagement with close interaction with client executives to develop Business Continuity Plans based on the BIA reports, conduct simulation tests and present reports to upper management
- مجال الشركة:
- خدمات الاستشارات التجارية
- الدور الوظيفي:
-
الإدارة
