Director - Head of Information Security (CISO)
ADS Securities
مجموع سنوات الخبرة :29 years, 1 أشهر
Highlights/Achievements
Lead the company to be ISO 27001 certified
Marched the firm towards PCI-DSS Compliance
Designed, Developed, Implemented most of the IT Security controls including, Data Leakage Prevention solution, Centralized Logging and Monitoring (SIEM), Change Audit solution, Privilege access management solution, and Mobile Device Management Solution etc.
Established a secure, fool-proof multi-level protected complicated web portal setup, including online transaction oriented functionalities
Carried out risk assessment and designed/developed and implement relevant process, people and technologic controls, wherever applicable
Developed and implemented relevant security controls and assurance mechanisms to ensure continual security of highly sensitive and exposed financial platforms and investment banking applications.
Carried out thorough internal and external penetration testing, vulnerability assessment and security code review
Designed, Developed and Implemented IT Service Management for the organization
Carried out a thorough gap assessment and developed a strategic approach to mitigate the risks
Developed a comprehensive Policy Framework in accordance with international standards like ISO 27001
Formulated an effective Information Security Awareness Program, including the development of simple and easy to follow policy mind maps and other materials
Prioritized the Information Security Initiatives in accordance with criticality to the business and successfully implemented many of them.
Built robust security framework for highly critical business services, including financial trading platforms.
Conducted GAP assessments on various international frameworks, including ISO 27001, Singapore Monetary Agency, ISO 22301 etc.
Interacted/Presented to Board of Directors on Security GAPs, initiatives & Plans etc on a very effective manner
Key Responsibilities
Responsible for the design, development, implementation and management of the internal and external IT Security and Information Security Systems for the business. The role is responsible to develop practical solution in order to improve the risk posture of the organization and its customers to resist cyber threats and strengthen overall organization’s cyber space. The key responsibility is to ensure that the risk of attack (cyber-attack and internal attack) is mitigated for the information technology systems for the business (including platform technology). Responsibility will also be for the creation and implantation of policies and procedures relating to the protection of information from internal and external threats
Overall responsibility to lead, manage & implement all IT Security, Information Security & Business Continuity Management Projects
Responsible for timely identification, collection, correlation and dissemination of Cyber Threat Intelligence.
Responsible to provide oversight for the assessment and tracking of internal and external threats and vulnerability to ensure the organization and its subsidiaries is protected across the globe.
Implement a seamless security solution and vulnerability management.
Develop, implement, and monitor management information security policies and controls to ensure data accuracy, security, and legal, and regulatory compliance.
Recommend/develop plans for security systems development/operations, hardware and software purchases.
Coordinate initial and subsequent information security risk assessments
Ensure Information Security Plans are developed and implements for all applicable information systems
Oversee the investigation of security breaches and assist with follow up requirements where necessary.
Identify, test and monitor key security controls
Advise and Present to the MD, CEO, Chairman and Board of Directors
Build and execute Information security strategy and infrastructure
Outstanding Employee of the year for multiple years.
Initiated and developed Business continuity management system (BCMS) in alignment with BS 25999. Member of the Steering Committee and the project manager/BC Manager for the BCMS Implementation and maintenance.
Project Manager & BC Manager and member of the Executive Management BCMS Steering Committee.
Coordinated and Managed the Project initiation, Policy/Procedure/Standard development and communication, Business Impact Analysis, Risk
Assessment, Strategy development, and recovery/resumption plan development in alignment with BCMS Framework and Incident Management structure. Coordinated the implementation of response plans, testing/exercise, and awareness.
Developed and Implemented Information Security & Business Continuity incident management framework and mechanism in an automated model.
As Project Manager, successfully achieved ISO 27001 certification for the organization.
Lead the organization to become one of the first entity for Abu Dhabi Government compliance for information security standard.
Developed and Implemented Asset inventory, classification and Risk Management processes.
Developed the Information security strategy in alignment with business strategy and vision.
Built and developed global information security policy and policy framework for ADX.
Developed required policies, procedures and guidelines with respect to Information Security Management System.
Worked in the role of Project Manager and IT Services Manager for the successful implementation and maintanenace of ITIL based IT Service Management. Acted as Change & IT Service Continuity Manager.
Developed and implemented comprehensive and innovative Business Continuity & Information Security awareness program for technical and non-technical staff and external stakeholders (brokers, investors etc). Overcame the resistance to information security initiatives in an effective manner.
Highlights/Achievements:
Received “Excellent Employee Award” for four years between 2000-2005, (Awarding system started in 2000)
As Project leader developed and implemented Information Security Management System based on ISO 27001 standards and get the organization certified - one of the first in the region.
Developed, implemented and maintained an effective Business Continuity Plan & Disaster Recovery system
Ensure the effectiveness of Key security controls with help of rigorous and regular internal/external auditing, technical assessments (penetration testing/vulnerability assessment/configuration reviews etc)
Streamlined an effective risk management process for deploying cost effective and valid controls.
Deployed a Single Sign On (SSO) process/solution (CA eTRUST) for simplifying & securing the login process
Implementation of cyber Security by effective deployment of Firewalls, Network/Host Based IDS/IPS, URL Scan, eEYe SecureIIS/Retina/IRis, Nessus Vulnerability scanning, Hardening of the systems/devices etc
Deployed fool proof technical solution with SSH and Turbo SFTP, to ensure the security of data transmission
Implementation of Centralized Security and network Monitoring/ Logging System using CA Unicentre TNG, Cisco VMS/Cisco Works, Network Intelligence’s “enVision Logging system” & Cisco IDS & Real Secure ISS
Rolled out Infrastructure for Secure Remote Access with VPN (Nortel Contivity 5000, PIX firewalls, IDS etc.)
Designed and Implementated secure environment for content filtering and threat management through Trend Micro Antivirus, Mail Sweeper Email Content Management, and Blue Coat Web filtering.
Successfully upgraded to Gigabit Network with cutting edge secure technology and infrastructure
Implementation of automated Incident Reporting & Management procedure.
Implementation of Key Performance Indication mechanism for the monitoring of Security Control effectiveness.
Key Responsbilities
Information Security Management, Security strategy, policies and procedures,
Manage Network & Information Security Team
Business Continuity Management & Disaster Recovery (BCP & DRP)
Risk Management for all organization assets. ISO 27001 project management and Certification
IT and Security Auditing, vulnerability scanning and Pen Test. Investigation, Monitoring, and Review
Planning /Designing Network & Security Infrastructure, Systems Security - Windows & UNIX (Sun Solaris)
Develop & Manage Information Security Awareness Program
Security products and solutions - RFP, Evaluation, Project Management, Technical Documentation
Guidance and direction for the design of IT (Network, Security & Systems) Setup for any new projects
Leadership, direction and support to the team in planning and implementing new devices and systems, upgrades and enhancements to existing hardware devices (Cisco Routers, IDS Sensors, PIX Firewalls, Symantec Firewalls, Net Cache, Nortel VPN Concentrators, Servers (HP, IBM, DELL, SUN) and application systems like Anti Virus (Trend Micro), Mail sweeper, Secure IIS, ISS Security suite, Web Washer etc.
Key Responsbilities:
Administer the Network devices and Systems, including Digital Unix and Cisco Devices.
Troubleshoot and Support the PC Users, Conversion of Real Estatate Data to digital format
Developing Shell Scripts for System administration tasks, including Network/System monitoring and alerting.