Lead Information Security
The Bank of Punjab
Total years of experience :14 years, 4 Months
Establish and manage security monitoring and response mechanism.
• Update the Network design for emerging threats to ensure cyber security.
• Coordinate with IT for Incident Response and handling Manage risk Assessment and vulnerability scanning of Infrastructure (OS, Systems, Sever, and Networks etc.)
• Risk Assessment of new IT and business initiatives,
• Gap Analysis on the Incident Response Process compared to best practices, Participate on the Incident Response mechanism and the development of new use cases.
• Execute strategy for dealing with an increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI-DSS, NIST, ISO etc.
• Establish security operations and manage via implementation and effective use of required tools (SIEM, CMS etc.)
• Monitor and investigate security events, metrics that impacts organization’s posture and collaborate with SOC and vendors on the technicalities on security issues and latest trends.
• Subject Matter Expert (SME) for cyber security, level 3 triage or troubleshooting, Incident Response, and all other aspects of Security Operations.
• Contribute to Information Security SOPs/Guidelines development and maintenance.
• Manage logical and physical access controls reviews & prepare reports for higher management.
• Design and conduct targeted Information Security Awareness Trainings.
• Design and ensure the implementation of ACL and Security Baseline.
• Security Reviews for network and IT infrastructure.
• Coordinate and perform Vulnerability scanning and penetration testing of network/systems.
• Incident logging, reporting /management.
• Ensuring the security in design and implementation of IT infrastructure and review IT infrastructure components including mail server, active directory server, DMZ, OS, webservers etc.
• Ensure system policy/baseline compliance through tools (end point security).
• Monitor and review the Antivirus /end point security solution and coordinate corrective actions for vulnerabilities.
• Security solution validation testing and recommendations for security requirements.
• To assist in establishing security incident, event management (SIEM) and documentation.
• Incident logging and reporting for Networks & IT infrastructure.
• Compliance of Information Security Policy and its supporting artifacts at Systems, DC & Network.
• To ensure compliance of ACL's and other security baselines for the OS and Networks.
• Coordinate Information Security review at Branches/ATMs, DR & PR sites.
• Threat Management for IT infrastructure including malware and spam mails etc. & coordinate with ITD for corrective actions.
• In collaboration with multiple teams representing the various technology domains within the corporation, lead the research, development, implementation, and maintenance of security controls for the corporate Information Technology infrastructure (hardware, operating systems, databases, network operating systems and software).
• Provide security guidance, technical advice and recommendations to Management and Vendors to meet Security Directives for new project initiatives, as well as the design of enhancements and architecture of technology solutions.
Manages the Information Technology (IT) infrastructure within an organization, including the physical network (e.g., LANs/WANs, servers, terminals) as well as server applications and software.
• Configures, installs, maintains and upgrades server applications and hardware.
• Evaluates, tests, recommends, develops, coordinates, monitors & maintains information systems.
• (IS) and cyber security policies, procedures, and systems, including access management for hardware, firmware and software.
• Respond to security incidents, & perform analysis using security tools Drive Cyber Security projects
• Manage and supervise IS and cyber security architecture/designs, plans, controls, processes, standards, policies, & procedures are aligned with IS standards and overall IS and cyber security.
• Support junior staff to Identify security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security.
• Lead the team to Develop techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation. and resolution of security incidents.
• Implements IS & cyber security policies, takes measures against intrusion, frauds, attacks, or leaks.
• Maintains in-depth knowledge in own discipline and basic knowledge of related disciplines.
• Solves complex problems; takes a new perspective on existing solutions.
• Works independently; receives minimal guidance.
• Leads projects or project steps within a broader project or have accountability for ongoing activities or objectives.
• Acts as a resource for colleagues with less experience, support Department Head with coaching and training junior staff.
• Ensure distribution of knowledge within the team, contribute to technical robustness of the team.
• Contributes to process improvements, typically resolves problems using existing solutions.
• As needed, leads the work of small project teams.
Manage the Footprints helpdesk ticketing system and ensure that ticket SLA’s are maintained.
• Managing 500+ devices in entire region through AirWatch Mobile Device Management (MDM), Designing and Architecting policies, restrictions and GPS tracking of all the devices.
• Part of migration and Implementation of O365 team for 250+ users.
• Attend to all the technical issues in the company and escalate if necessary.
• Provide investigation, diagnosis, resolution and recovery for Hardware/Software problems.
• Offer remote support using tools like TeamViewer, VNC and remote desktop to regional offices in UAE, Kuwait, Qatar, Oman, Lebanon & Jordan.
• Managing of Active Directory users, Groups, and Computers.
• Following up ITIL process (Change Management, Problem Management, Incident Management)
• Active directory account/ID creation & deletion, folder share and security permission.
• Based on the Internal Team request, giving the Users folder permissions.
VPN configuration and ID creation and ensure that users can always use VPN to work from home.
• Understand in-depth operations of all the research software’s & troubleshoots accordingly.
• Replace the End-of-Life machines and provide new machines with the least downtime.
• Manage ownership of entire CAPI fleets in the region including (Laptops, desktops, tablets, PDA’s.
• Create new hardware & software upgrades budget reports for higher management.
Install & configure VoIP hardware, systems, & software’s Asterisks servers, VoIP switches & VPN, ICS Internet connection sharing.
• Identifies diagnoses, resolves and documents network problems Create and maintain comprehensive documentation for all implemented networks utilizing MS Word, MS Project, MS Excel and Visio.
• Installing and configuring, troubleshooting Windows PC system, diagnosing and solving VoIP hardware/software faults.
• Providing technical support by phone, email & remote access as well as Live Help chat.
• Designing/implementing secure solutions within the company's VoIP networks.
• Acts as a focal point for large account network problem resolution.
• Perform trunk traffic analysis and system utilization reporting, Provide effective and timely resolution of a range of customer inquiries.
• Act as Network lead in researching, identifying, analyzing, resolving problems, and implementing solutions and/or enhancements. Make recommendations based on problem research and analysis. Interface frequently with cross discipline support.
• Configuration of VPN’s L2tp, pptp, & VoIP switches, and Asterisk servers in regulated & non-regulated, markets, ICS Internet connection sharing, Configure VoIP hardware, Linksys SPA 8000, Gigaset & Grand Stream devices
CEH SCNS CCNA MCSA (Microsoft Certified)