Master Security Consultant
Dxc.technology - United Arab Emirates
مجموع سنوات الخبرة :17 years, 4 أشهر
• Principal 'Information Security Officer' role for large Dubai Government Program.
o Full regulatory (PCI DSS, ISR, NIST, ISO27001 & technical security team delivery)
o Security delivery team of 5 across a wider stakeholding group (Architecture, Threat & Vuln. Mgt, Compliance and Security Operations)
• Lead team of 5 to deliver Smart Dubai ISO27001 compliancy for Big Data Platform and supporting Operations
o Risk Assessment, Policy creation, Security Awareness, Audit
• (Presales and delivered) - Security Assessment for leading UAE Banking operations
• Risk and Compliance Practice Lead (Risk, Architecture & Compliance)
• Sales Wins:
o Abu Dhabi based Bank - Risk and Regulatory Controls Assessment - $0.3m
o Large Abu Dhabi FX Financial Transaction Platform and Services - $4.9m (Component of wider deal)
Security Architect for Smart Cities - Government 'Big Data' platform (Hortonworks)
•Security Maturity Assessment for Abu Dhabi based university
•Lead team to deliver Dubai Smart Cities - ISO27k Compliance (Govt. Big Data platform)
•Cyber Maturity Program for large GCC based oil & shipping organisation (comprising of 8 discreet Infrastructure Security Projects)
•Deployment of Security Operations Centre (SOC) for Abu Dhabi based MSSP (developed within ArcSight)
•Strategy and planning (CERT) capabilities for GCC government organisation
•Development of Software Security Assurance Framework for Abu Dhabi based bank. (OWASP, OpenSAMM, SDLC & Fortify)
•Wins:
•University in Abu Dhabi - Security Architecture pull through - $5m
•Large Dubai Government Financial Platform and Services - $4.0m (Security Component of wider deal)
Serving with PCI DSS Practice of Verizon Business. Christian developed PCI DSS capability (auditing and remediation), delivering large ($2m) remediation programme for Pan African Bank and obtaining his PCI DSS Auditor qualification.
•Responsible for Governance & Programme Management for Portfolio of security ME engagements
•Professional Services Engagements Included:
•Pan African Bank, PCI DSS Remediation Programme for large Issuing bank
•Saudi Arabian Government Agency Security Maturity project
•Turkish Telecoms ISO 27001 Compliance Project
•Data Leakage Protection (DLP) Strategy for Oman Government Agency
•Professional Service Engagement Lifecycle improvement monitoring
•Pen Testing, Vulnerability Testing, Code Review, Compliance, Security Roadmap, SIEM Installation/Configuration services, Risk Assessment/Management Services
Developed large scale security programme delivery capabilities leading global Security Programme. Over 5 bank regions, supported by 5 delivery report leads for Global Banking & Markets. (GB&M - a division of HSBC)
•Managing ‘Business Risk Information Officer’ global programme
•Managing and implementing bank standard Operational & Technical Security Controls (to GB&M Business)
•Responsible for developing, managing Enterprise Risk Profile for auditors & senior management
•Oversaw multiple Security projects and initiatives delivered from IT Security to the business.
(DLP (Vontu), Incident Management -RSA Archer, SecureEmail -Voltage & Secure Data Transfer)
Delivered risk reduction & PCI DSS compliancy program for central eCommerce billing platform - Level 1 merchant.
•Managed delivery team of 15 matrix resources, from 5 disparate technical disciplines
•Owned relationship with QSA, Senior management & delivery teams with £1m budgetary control
•Across Network, OS Build, Application, Monitoring, Policy & Process Management
•Design steer authority for technical & operational security gaps
•Significantly reduced technical risk whilst enhancing operational support & control for central billing system
First true Security Consulting Position. Covering many entry level disciplines e.g. Business Continuity, Vulnerability Management, Network Security, Gap Remediation, IDAM, specifically in the UK, City banking sector.
Client: Mizuho Corporate Bank, Role: Business Continuity Consultant
•Updated Banks Business Continuity plans
•Installed & readied new remote Business Continuity off-site ‘office Recovery Suite’
•Managed Televault off-site backup vaulting of all Unix & Wintel estates, from signing contract to being fully operational
•Implemented Qualys & Policies and procedures to provide bank wide Vulnerability Management capabilities
Client: Barclays Bank (GRCB), Project: Global Vulnerability Management Solution Role: Security Consultant
•Commercial fixed price UK Vulnerability Assessment service deployment. (Technology: Qualysguard)
Mountbatten Internship,
Business and technology