Information Security Manager
Accenture
مجموع سنوات الخبرة :26 years, 8 أشهر
My role is to provide security, compliance and risk management services for Accenture clients including, but not limited to, security strategy, identity and access management, disaster recovery, security architecture support, security policy creation and compliance roadmaps/implementation. As part of my job roles I manage the client engagement programs including the security consultants deployed on the project. I am also responsible for mentoring of junior members of security competency in Middle East region.
Central Bank in Middle East (Security Transformation Manager) May 2016 - To date
Key Responsibilities
Enterprise Security Architect:
- Develop an end-to-end Security Architecture Based on SABSA Framework from business requirements (Contextual Business Requirements) till component/control development.
- Responsible for the development a security strategy with a three years detailed roadmap with measured security maturity points.
- Delivering business cases for advisory tasks and measuring their effectiveness as requested by the business.
Security Transformation Manager:
- Responsible for development of Security policy management framework in line with ISO 27001
- Responsible for the risk assessment of the critical application, formulate the recommendations and develops the roadmap for remediation activities, in agreement with business.
- Responsible for the transformation activities for a Cyber Security Transformation project in order to establish a world class Cyber Defence Centre for the bank.
- Guide the security operation team to handle security incidents trough a clear and implementable incident management process.
Bank (Information Classification & Protection Lead) Sep 2015 - Apr 2016
Key Responsibilities:
- Led and managed the DLP discovery, Data classification and email gateway encryption implementation project.
- Worked with business to identify the sensitive data elements to be used for data discovery and data classification.
- Identified the functional, non-functional and technical requirements for data discovery, data classification and email gateway encryption solution.
- Designed and architecture the data discovery, data classification and email gateway encryption solution and manage the implementation (including DLP Integration with data classification tools, Email gateways and other network devices/endpoints).
- Accessed the current policies, processes and procedure for data classification and protection, identify the gaps and develop the roadmap for enterprise wide information protection program.
Petrochemical Company (Security Readiness Lead) May 2014 - Sep 2015
Key Responsibilities:
- Reviewed the current designs for corporate and manufacturing applications to access for appropriate security controls in design.
- Assessed the work delivered by system integrator is in line with security requirements and design.
- Identified the intellectual property in applications and making sure that the appropriate controls are in place.
- Managed the interface development between multiple identity stores for synchronisation of data.
- Worked with business to identify the segregation of duties rule set and making sure that appropriate controls are in place from fraud prevention and compliance point of view.
Petrochemical Company (Identity and Privilege account Management) June 2014 - Dec 2015
Key Responsibilities:
- Identified the scope for identity and privilege account management with client and gather the business and functional requirement
- Developed the RFI (Request for information) document to be submitted to different vendors.
- Developed an objective scoring system for vendor evaluation and scoring vendors based on their response to RFI.
- Developed use cases for identity and privilege management solutions for vendor demos.
- Scored the vendors based on demos and finalise shortlist the vendors for POC.
- Based on POC, finalised the vendor(s) for identity and privilege management solution.
My role is to lead the management of security, compliance and risk management activities for IBM's outsourced customers from banking, insurance and retail sector. This involved all aspects of end to end security and risk management including infrastructure protection (server, middleware and desktops), identity and access management, security incident management, patch management and the provision of security advice to staff of all levels.
IBM (Argos, Debenhams, Barclays Card Loan, Royal Bank of Scotland, Coats) Nov 2010 - July 2013
Key Responsibilities:
- Led the rollout of security policy upgrade with a risk based gap/threat analysis.
- Led the team of three security advisors to ensure compliance and project activities on portfolio of 10 accounts.
- Developed risk management process and led the information security risks assessment/treatment to computing systems. Also involved in risk reporting in an appropriate way for different audiences to both internal and external stakeholders.
- Developed and implemented process to address the security policy violations/exception ensuring proper risk assessments.
- Produced security KPI reports for monthly meetings.
- Worked as a point of contact for security audits and followed up the findings including the root cause analysis.
- Managed vulnerability scanning of computing resources (using ISS VMS) to identify information risks and coordinate the closure of identified risks.
- Responsible for Technical Security Operations across the business making sure that security standards are maintained and that potential security violations/risks are identified/mitigated.
IBM ( QBE ) Aug 2010 - Nov 2010
Key Responsibilities:
- Worked with the technical teams to make sure that the security standards are maintained/implemented and potential security violations/risks are identified/mitigated.
- Reported to monthly Information Security Governance Committee.
- Worked on Bluecoat ProxySG (Management of web white/blacklisting).
- Worked with the technical teams to upgrade McAfee EPolicy Orchestrator (v10 to v11).
- Worked on embedding Compliance & Risk Management initiatives.
- Managed Symantec SIEM (security incident and event monitoring) solution.
IBM (Barclays) Jan 2009 - Aug 2010
Key Responsibilities:
- Customised and rolled out ISO27001 based security policy as per Barclays's security standards and PCI requirements.
- Customised and rolled out technical security specifications for all IT infrastructure systems/technologies.
- Designed and implemented centralised privilege management solution for Unix systems using Power Broker.
- Developed interface manual for security processes (Incident management, patch management).
- Developed/implemented risk management process and led the information security risks assessment/treatment to major computing systems.
- Supported the vulnerability scanning of computing resources (using QualysGuard) to identify information risks and coordinate the closure of identified risks.
- Responsible for Technical Security Operations across the business making sure that security standards are maintained and that potential security violations/risks are identified/mitigated.
- Reported to Barclays's monthly Information Security Governance Committee.
- Worked with third party penetration testing team to define the scope/approach and follow ups on findings.
- Designed Identity and Access Management processes and controls, comprising privileged access review (PAR), quarterly employment verification (QEV) and continuous business need certification (CBN).
- Worked as a focal point for all security audits and followed up the findings including the root cause analysis.
- Led the implementation of HIPS (ISS RealSecure), NIPS (Proeventia) and SIEM (ISS ULA) followed by monitoring, setting up of baseline policies and investigation of any alerts/incidents reported.
Key Responsibilities:
- Worked with the project teams to advise and implement best practices for Oracle from every angle including performance, resilience and recovery. Also worked closely with Test team to ensure that environment is available and fit for purpose.
- Built and maintained production environments according to project requirements.
- Managed already running production databases ensuring minimum downtime and revenue loss.
- Designed and implemented Oracle Dataguard for maximum protection as a disaster recovery solution across two sites.
- Implemented Oracle RAC 10G Release 2 on Linux RedHat 4 Enterprise Edition using NAS storage with NFS.
- Led the project to design and implement RMAN backup/restore solution with Hyepertape as media management software to replace the current hot backups.
- Arranged training session for RMAN and its integration with media management software covering the most likely recovery scenarios and the new features available in 10g.
- Help in implementing change control process and release management process using ITIL.
Key Responsibilities:
- Provided support to customer across the world related to the Veritas product (Netbackup, Veritas Cluster) for Oracle on multiple platforms involving designing and implementing disaster recovery strategy.
- Designed architecture for 4 dataguard configurations and fully tested all failover/switchover scenarios based on physical dataguard.
- Prepared a training session for technical engineers involving Oracle RAC installed on Veritas Storage Foundation integrated with Netbackup to not only increase database performance but also implementing zero downtime backup/recovery options using different techniques like snapshots and offhost backups.
- Installed 9i/RAC 2-node configuration on Solaris and setup RMAN backups using Veritas Netbackup.
- Database administration of Oracle Applications (Oracle Financial, AP modules) including physical administration, performance tuning and end user support.
- Designed and implemented the citizens’ data warehouse keeping in view the Government’s key issues and goals. Activities for this account included gathering of business requirements, study of legacy systems, preparing technical / site architecture, preparing technical & commercial proposal, develop ETL strategy, develop OLAP methodology, suggest suitable DW tools based on the client's business plan / growth, chalk out realistic implementation and roll out plans.
- Managed a team of 5 DBAs involved in administration of 5 TB of data. These were Citizen and Image Archival Solution databases on Oracle 9i/Windows 2000 cluster including data loading and performance tuning.
- Wrote PL/SQL procedures, SQL scripts, and SQL*Loader control files for creating a development database composed of 30% of the production data.
- Designed the logical and physical data structures, wrote triggers and stored procedures in PL/SQL, SQL and shell scripts for the system that provided combined reporting from multiple data sources, requiring complex query logic.
- Oracle Application Administration of Oracle ERP 11i(11.5.9)(Oracle Financial, Payroll and HR module) project. Key achievements were:
o Configuration and installation of database server and application server
o Database Administration of Oracle database on ERP system
o Application Administration of Oracle 11i (11.5.9)
o Implementation of patches of ERP system
o Planning and implementation of data loading strategies
o Installation of ADI and Jinitiator on clients
o TAR raising for any problem on Metalink for support
Hammersmith, London
The role involves:
- Administration of financial application developed in Oracle 9i/Oracle developer and Windows 2000 including performance tuning.
- Responsible for Oracle backups using Veritas NetBackup.
- Giving Oracle, Windows 2000 and network support to all offices in UK & Ireland and assisting the users with query development
- Automating the data loading procedures using shell script, PL/SQL and SQL Loader.
- Improving the query response time by analyzing the indexes and optimised path selection.
- Carried out a comprehensive pilot on the production data used by different Petroleum companies covering all aspects of data warehousing (including data modelling, ETL, data cleansing & consolidation), data mining (customer segmentation), Online Analytical Processing and campaign management.
- Administered 9i Oracle databases containing 3.4 TB of data for managing petroleum data.
- Physical DBA, Oracle server and client installs and upgrades, SQL*net configuration (client and server) server tuning and capacity planning in a Windows 2000 and Sun/Solaris environment.
- Setup and maintain database applications schema, and storage structures
- Worked on database performance tuning (Data distribution, memory and I/O) hence reduced query response time.
- Designed and implemented disaster recovery strategy.
- To ensure data security, reliability and accuracy, designed a table level auditing scheme to record any type of changes in the database tables, made either from the front end or backend.
- Designed and implemented in-house sales application using SQL Server 2000.
- Supported multiple databases, and versions of Oracle 8 and 8i. Specific projects included investigating Oracle Internet Directory for name resolution, planning database migrations, auditing backup procedures, and measuring replication latency.
- General database administration including Oracle Parallel Server on Windows NT, Database backup and recovery and Instance tuning.
- Designed and developed new Financial Management System and a database to house telecommunication test data using Oracle Designer and Forms in Windows NT, and the procedures for producing the output files, modelled the underlying data structures, and documented existing systems.
- Designed and implemented an SQL Server database for reporting enterprise-wide purchasing based on the ethnic and gender classifications of vendors.
- Established a Windows NT based local area network and provided support, both on site and over the telephone, to our different offices.
- Designed and developed data conversion routines for transferring data from FoxPro databases to an Oracle Server. This effort required that I learn SQL, PL/SQL, SQL Loader, Korn shell, and Oracle.