Head Information Security (TSPC)
Hamad Medical Corporation
Total years of experience :31 years, 10 Months
* Developing Information Security Strategy and Plans
* Developing Information security Policies, standards and Procedures
* developing risk assessment methodology, and risk assessment program
* Information security awareness
* Budgeting for Information Security Program
* Provide Information Security advice to IT Architecture team
* Support DR/ BCP activities
* Implementing and Managing Information Security Management System
Led complete implementation of ISO 27001 and ISO 20000 involving:
* End-to-end implementation of ISMS and ISO 27001 Certification.
* Development of Information Security Policy, standards and procedures.
* Risk methodology definition and risk assessment.
Gap analysis.
* Selection of appropriate control system and coordinate their implementation.
* Developing required policies, processes and procedures for ISO 20000; coordinating its implementation, and assist the organization to achieve certification by effectively utilizing company’s own resources.
* BCP and DR
*Led development of new audit programs based on various regulation applicable for various projects.
* Managed various project (Information Security) audits.
* Pivotal in auditing internal ISMS implementation group.
* Conducted FISAP (Financial Institution Shared Assessment Programs) audit.
* Worked as a Consultant for US client’s Content Mapping project that involved:
* Understanding of regulations standards and best practices like PCI-DSS, HIPPA, FERC NERC, and COBIT etc.
* Development of technical controls for new technologies.
* Standards created by client.
*Mapping client standards with various regulations and with controls in various Technology platform
* Analysis of:
- Gaps between regulations and Client Standards
- Gaps between technology controls and standards.
- Led some of the key internal assignments including:
* Conduct /coordinate internal audit for new requirements and existing technologies.
* Reviewing monitoring process.
* Participate in ISO 27001 certification process.
* Risk assessment for new technologies and review existing technologies.
* Process definition and gap analysis for ISO2000.
* Network Access request analysis and approval
* Led a team of Engineers located across multiple locations.
* Facilitated:
* Planning, designing and Implementation of new network infrastructure.
* Participation in roadmap discussion for enhancing network infrastructure based on business needs.
* Management of day-to-day network activities.
* Implementation of CMC’s indigenous Firewalls, coordinating with development team for product improvement.
* Coordination with vendors for maintenance of EPABX, which is part of VOIP network, and new network requirements.
* Coordination with other Engineers for problems related to Novell GroupWise and HP UNIX servers.
* Development of network standards based on BS 7799.
Growth Path:
Dec’94 - July’98 Customer Engineer (CMS Bangalore)
Aug’98 - Mar’o2 Customer Engineer (Vanol Gulf-CMS Dubai)
April’02 -Jan’ 03 Sr. Service Engineer (E-Flex LLC Dubai)
Mar’03 to Sep’04 Senior Customer Engineer (CMS Bangalore)
Joined CMS computers Bangalore in Dec’94 and worked till Jul’98.
* Got transferred to Dubai Branch (Vanol Gulf); during Apr’02 when CMS was merged with another local company and formed E-FLEX, LLC.
* In 2003 returned to CMS Computers Bangalore and worked till Sep’04.
* Led a team of Tech Support Engineers, who in turn support Engineers in Karnataka region.
* Designed and implemented Network, CISCO routers, PIX and Check Point Firewall, ISA proxy. etc.
* Mapped new customer requirements and develop matching skill set.
* Coordinated technical trainings, both internal and vendor provided.
Supporting PCs, Printers Novell Netware, Coaxial Cabling.
Administration of Novell Netware servers.