Information Security Officer
Qatar Rail
Total years of experience :0 years, 0 Months
Single resource and complete ownership of Information Security Management System as
Leading IT security strategy & architecture design across all the projects to achieve organizational goals per IT Roadmap, designing
multi-year technology strategies. Managing full scope of projects from inception to post-go-line & sign-off, proposal development,
architecture design, planning, rollout, delivery, training & support. Directing long-term implementation and developing group-wide
IT business. Standardizing risk assessment, risk treatment plans, framework, policies, guidelines & SOPs, business cases for security
initiatives, due diligence through security threat modelling for all IT projects, health checks, audits, training and forensic support.
Administering resources, SLA-based support, training & timely cost-effective delivery without compromising on quality.
Key Highlights:
Monitoring design, implementation & functioning of Information Security Management Systems; establishing and
implementing IS best practices, delivering Information Security Program while periodically running awareness campaigns
Collaborating with the stakeholders to identify and assess IT / related business risks, including associated strategies, risk
assessments, response plans, checklists, action cards and policies, so on
Executing policy compliance assessments and leading awareness session in business units to promote the policy framework,
aligning with Awareness Team on set-up of general awareness campaigns
Working with stakeholders (Viz. Cloud Security, Privacy Team, HR, VMS, Risk, TPRM, IAM) and running the ISO 27001
certification being pursued by CISO Department
Devising & implementing policies, procedures and practices (viz. Vulnerability and Malware management, Mobile Computing
Standard, Teleworking Standard, Cloud Security Standard) to ensure compliance with Philips Privacy Code, privacy-legal
requirements, and contractual obligations, in conjunction with Privacy Compliance Office
Managing Privacy Impact Assessments on Healthcare systems or processes that process personal data, per Privacy Compliance
Office PIA process, including mitigation plans and risk reporting; working closely with IT Security Team
Participating in designing, implementing and maintaining security measures to support the information security needs
Collaborating with and supporting IT colleagues to monitor, assess and test security solutions; guiding, & evaluating on
institutional audit responses
Leading security maintenance of network/internet systems and implementation of information security policies, standards &
procedures; ensuring support compliance with external requirements
Enhancing Security Team, planning delivery of solutions, resolving technical & procedural issues; improving processes &
mentoring team members
Maintaining security by monitoring and ensuring compliance to standards, policies, & procedures; conducting incident
response analyses, developing and conducting training programs
Monitoring changes in local, state, and federal regulations and accreditation standards affecting information security;
recommending to Chief Information Security Officer and leaders on the need for policy changes
Key Project:
Title: Managed the complete ISO 27001 certification process for the CISO team
Role: Collaborated between different teams in the security, IT, HR, Finance, Physical security, etc. domain within India and
Europe
Recommended strategic plans & reviews, prepared action plans, implemented
production, productivity, quality, & customer-service standards; resolved
problems, completed audits, and system improvement requirements
Protected information assets by development of security strategies; directed
system control development, access management, control, and evaluation
Maintained existing process of analysis and resolution of requests to create new
firewall rules which allow or deny traffic to/from certain applications in the
Company’s corporate network
Reviewed and analyzed the requests to determine the level of risk associated
to each request and any implications on existing firewall rules; identified
potential risks and compliance issues with firewall changes
Scaled up the organizational business by supporting business agility, transforming
struggling departments into successful, revenue generating operations through IT-
enabled business processing
Recognized as high-valued IT evangelist & business partner, defined enterprise
IT strategies and solutions to reduce costs, improve efficiencies, support goals and
maximize productivity
NIA & Qatar Cybersecurity
Framework 2020
Information Security Strategy
Secure Application Development
Governance Risk Compliance
Risk Assessment & Assurance
Internal and External Audits
IS Governance, ITSM, PCI-DSS
ISMS and ISO 27001 Deployment
Career Timeline
Accenture Services,
Bengaluru as IT Security
Team Lead/Architect
Neovia, , Bengaluru as
Information Security
Led end-to-end creation & implementation of Information Security framework, policy & standards; formulated, documented,
reviewed and published domain specific standards within organizational security framework
Implemented ISO 27001:2013, Service Organization Controls; designed, implemented and maintained security measures to
support the information security needs
Performed risk assessments and worked closely with Project & Technical teams for the implementation of the solutions
Coordinated institutional responses to security incidents, provide timely reports on the incident and response, as well as
proposed solutions to prevent or mitigate future incidents
Introduced an incident reporting and response system to address security incidents, respond to alleged policy violations or
complaints from external parties
Provided & maintained User System Access in compliance with the applicable policies and procedures; analyzed security
requirements by evaluation of business strategies and requirements
Enforced compliance to standards, policies, & procedures; identified security gaps, conducted incident response analyses,
developed and conducted training programs, and upgrade security systems
Developed security awareness, directed development of orientation & training programs; initiated, facilitated, and promoted
activities to create information security awareness throughout organization
Monitored and routinely audits compliance to all information security procedures and policies, and ensures consistency of
internal controls across departments
Accenture Services, Bengaluru as IT Security Team Lead/Architect Nov’14-Aug’15
Highlights:
Communicate the Global IT Audit program upon agreement with the company
Reviewed the terms of reference for all global it audits to ensure scope of work is properly defined and that key personnel
were engaged in the audit process
Obtained all approvals & documentation related to any exception against the mandatory policies and standards
Reviewed exceptions with company designated representative and provided impact assessment to aid in the final decision
regarding the exception
Tracked & identified high-security issues and resolved issues for Project Team; conducted assessment activities for the
following events:
o Introduction of a new Company office or asset (temporary or permanent)
o New computer application or service
o 3rd party access to company premises, company System or other information processing systems
o Upgrades to an In-scope Application or existing MS service
o internal or 3rd party software application development activities
IBM India, Bengaluru as
, Bengaluru as
Information
Managed day-to-day IT operations relating to network devices and servers for existing and new projects as well as coordinated with
other related teams like Server, Network operations,
Acted as In-house support on Data and Systems for HR as a part of the Human Resource Management team in DELL HR as Employee
Resource Centre Specialist. Handled all employee queries on HR policies \{i.e. Leave policy, Internal Movement policy, Payroll policies,
etc.\} and HR systems \{HR Direct, Learning Direct, Payroll Databases including FBP allocation, etc.\}