Information security operations manager
Noor Bank
Total years of experience :10 years, 10 Months
1. Led the recertification exercise for ISO 27001 and 9001 and ensures we met the control areas to be complaint
2. Implemented Load balancer and integrated in our services to create active active traffic and session management
3. Managed security monitoring team, entailing investigation and threat monitoring this entailed monitoring through SIEM and alert matrix to manage incidents
4. Managed security operations and security projects across the bank
5. Managed security testing team to conduct vulnerability assessments and penetration testing and ensured closure through liaise with stakeholders
6. Upgraded existing firewalls to Next generation firewalls and in line converting IP based rules to identity based rules for better control segregation and visibility
7. Introduced process structuring for security processes, improved our patch management process, security incident management, device management and change management
8. Implemented Cisco Identity Service Engine to enhance machine security posturing and enable secure wireless BYOD policies to be implemented
9. In progress of implementing an Identity and Access Manager to manage all identities across the bank in a centralized platform to effectively create better access provisioning and deprovisioning processes
10. Managed and implemented Advanced Threat Protection and email gateway protection with sandboxing to protect the bank email communication Managed and implemented data loss prevention system and data classification tool, in line we conducted a unit specific exercise to classify the data
11. Managed and implemented the single sign on across our platforms, using AD azure proxy and PTA authentication
12. Managed the migration of hard token keys to soft token keys for our corporate clients - RSA
Feb
• Redesigned the information security policy and procedural methods for incident management
• Created new network architecture with secure zoning and load balancing for cloud IaaS migration
• Developed an information security strategy and roles with quantifiable SOPS to achieve ISO compliance
• Implemented an open source threat monitoring system with sensors to create a centralized visibility of the threat landscape and a proactive approach to mitigating threats
• Introduced vulnerability assessments for all application in the ecosystem
• Introduced security as a part of design to ensure secure coding and secure application development
• Risk Management- continuously assess all systems and ensure all risks are identified and mitigation controls provided
• Policy Management - designed the information security policy and other security policies e.g acceptable use policy; cryptography policy e.t.c and ensured compliance to them
• Organizing Information Security - designed a security framework based on local and international standards and bank vision
• Asset Protection - ensured there was a comprehensive asset inventory and created a data classification matrix in line with the banks risk matrix
• Human Resource Security - provided a declaration form for staff to comply as part of acceptable use policy, provided criteria for staff monitoring and screening
• Physical and Environment Security- create physical risk sensitive bank processing areas and segregate staff to avoid collusion.
• Communication and Operations Management - ensured continuous data loss prevention, email screening and staff access monitoring to avoid corporate espionage
• Access Control- reviewed all user profiles and ensures acceptability and restriction across the technology landscape
• Information Systems Acquisition, Development and Maintenance - designed a controlled lifecycle that ensures involvement and testing of controls at every stage of the SDLC lifecycle
• Incident Management - put in place a fraud monitoring solution and created a framework for incidence response that includes digital forensic evidence preparation
• Disaster Recovery Management - Ensured there is a sound Disaster Recovery and Business Continuity Plan in place with proper escalation matrices
• Compliance - ensured compliance to local regulatory standards, prudential banking guidelines and international financial and information security standards
• Penetration Testing - conducted white box and black box penetration testing for products of the bank to ensure security and to stress test certain applications for possible attack vectors
• Conducted Gap assessment for financial clients
• Design security frameworks and mitigation strategies
• Designed a PCI/DSS compliance tool for our clients
• Advice clients on security decisions in line with the business strategy
• Implement Honeypot architecture to better understand threat landscapes for clients
• Implementation of SIEM and Identity Management solution
• Design data flow diagrams for top clients
• Design policies and procedures for information security
