Specialist - GRC
Sidra Medical and Research Center
Total years of experience :19 years, 9 Months
• Develop and maintain the Sidra Information Security Management Systems (ISMS);
• Perform Risk Assessments & develop Mitigation Plans;
• Assess implemented security controls vs. Policies and develop Corrective Actions;
• Maintain compliance as per regulatory requirements and industry best practices (ICT Qatar’s NIA, ISO 27001, PCI DSS, SANS and applicable healthcare standards);
• Security users Awareness & Training (develop material, communicate and provide specific awareness sessions);
• Develop IT Asset Register and evaluate assets;
• Access Review and approvals;
• Investigate and follow-up on Information Security Incidents (Incident Management);
• Review Vulnerability Assessment reports and follow-up to ensure mitigation of identified vulnerabilities;
• Security evaluations for Technical proposals (pre-contracting phase);
• Assess vendors’ adherence level to Sidra IT Security policies and mitigate, if required;
• Assessment of newly developed IT systems before they Go live (assessing security configuration controls, access roles, audit controls, etc.);
• Review and follow-up on Patch management process to ensure a safe environment is maintained;
• Point of contact for IT Security Internal & External Audits.
• Successfully executed many Information Security, BCM, IT DR, PCI DSS and IT Strategy projects as Project Manager.
• Successfully completed ISO27001 implementation as Project Manager for Qatar Fuel Additives Company (QAFAC) and Qatar Railways Company (Qatar Rail IT Department). BSI awarded ISO 27001 Certification to both organizations.
• Part of the team which successfully executed Integrated Management System (ISO 27001, ISO 20000, ISO 22301 and ISO 9001) project for Muntajat, Qatar.
• Executed “IT Strategy, Governance and Disaster Recovery, ” project for Barwa Bank, Qatar.
• Worked as Onsite Security Consultant for Qatar General Water & Electricity Corporation (KAHRAMAA), Qatar.
• Worked on “IT Policies & Procedures” project for Ministry of Defense (MoD) IT Department, Riyadh, Saudi Arabia.
• Completed BCM Project (BIA/Risk Assessment/Business and IT strategies/BCM and IT DR Plans) for Bahrain Bourse, Bahrain.
• Completed PCI-DSS Project (Scope Document, Gap Assessment Report with Recommendations / Training / Develop Implementation Plan) for Bank CIMB NIAGA, Jakarta, Indonesia.
• Reviewed and developed Information Security policies for SBI.
• Worked on IT DR project for Broadridge, Hyderabad.
• Performed Data Security Assessment for Praj Industries, Pune.
• Performed Process & IT Audit and Secure Architecture Review for IL&FS Education, Mumbai.
• Performed Information Security Policies and Procedures review for Canara HSBC Life Insurance, Gurgaon.
• Performed Secure Network Architecture review for Axis Bank, Mumbai.
• As Team Leader, managed team of three Network Security Engineers.
• Responsible for designing, implementing & managing security operations for Large Enterprise and SMB customers.
• Well versed with troubleshooting & configuring Juniper and Fortigate Firewalls and Site to Site and Dialup VPN connections.
• Hands-on experience on Installation and Support of: Juniper, Fortigate, Trend Micro, Websense and RSA.
• To prepare and submit Technical and Commercial proposals for Security Consulting Projects - mainly ISO 27001, IT Security & Compliance Audits.
• To perform Proof of Concept (POC) of Security Products such as Safend, SnapGear and WebWasher.
• As part of core security implementation team, responsibilities were comprised of Installing and maintaining various Enterprise Clients’ Network security setups.
• Installed Juniper ISG 2000 and ISG 1000 appliances in HA mode using NSRP for clients like Hutch Telecom and Indian Railways.
• Closely worked with Sales team to understand customers’ IT requirements, design and implement appropriate solution.
• To survey and audit client’s sites for new Networking setups or upgrading the existing ones.
(Key Clients: Asian Paints, Dawnay Day AV Financial Services, MTNL Training Centre and Godrej Industries Ltd)
• To provide Citrix MPS v3 support. (Key Clients: Indus Ind Bank, Birla Sun Life Insurance and State Bank of Hyderabad)
• Delivered many seminars on enterprise level Network & Security solutions
Highest Educational Qualification: • B.E. in Electronics & Telecommunications from College of Engineering. Osmanabad. ( Affiliated to Dr. B.A.M.U. Aurangabad, Maharashtra) Passed in the year 2003 with First Division with Distinction by securing 69.2%.