Director - IT Security
MetricStream
Total years of experience :22 years, 8 Months
Led ISO27001:2013 implementation, handling operational activities such as Risk assessments, Customer Pre-Sales/ RFP due-diligence assessments & questionnaires, Customer audits, Privacy, Contracts, MSA, DPA reviews, Third Party Vendor/ Supplier assessments, BCP-DR, Security Incidents, Cloud Security, Security Training & Awareness, Vulnerability advisory, Policy exceptions, Access, Security Policies & Procedures, GRC. Handling compliance activities for SOC2, HIPAA, ISO27001, PCI-DSS, EU-US Privacy Shield, HITRUST etc.
Managed IS governance and operational areas like security policies, data leakage protection, identity & access mgmt, privileged access exceptions, security incident mgmt, project and application reviews, end user security awareness for Bangalore & Chennai centers. Review deliverables, security metrics, team performance and operations, reporting to Senior management.
Global COO Risk and Controls Lead to manage the IT risk and control areas for Application development, maintenance and production teams. Manage and work with the application teams on the audit issues, regulatory engagements, information security programs, control activities, business continuity activities and tests etc. Generate periodic reports and appraise senior management with latest status and manage escalations
As a Internal Auditor for Technology Risk Services, I am responsible to
‡ Plan and conduct Focus audits on IT Infrastructure and processes for IT
‡ Plan and conduct Internal Audit for ISO 20000 for IT
‡ Perform Risk Assessments for IT projects and infrastructure
‡ Conduct internal process reviews
‡ Manage Internal Audit and Risk Reporting framework; plan, publish, follow-ups, closure
‡ Liaison for Corporate Audit and ISO for external audits and ISO 27001 compliance
‡ Audit and Risk issues reporting to IT senior management
Performed IT Audits, IT General & Application control reviews, Risk Assessments. Business Continuity & Disaster Recovery planning and reviews. Application, configuration, software licensing, data center and SDLC reviews. Implementation and maintenance of ISO27001 (ISMS). IT policies & procedures, Security metrics, Security awareness program development. Generating audit plans and work programs and reporting the issues to the senior management team. Review of deliverables, client proposals and reporting, project deliverables, performance etc of junior resources.
Internal compliance audits for ISO27001, ISO20000 & ISO9001 for global shared service center.
Milestones:
‡ Have planned and conducted IT audits and application control reviews for around 50-60 clients across the Middle East including large banks in Saudi Arabia and Kuwait, one Islamic bank in Qatar, two Telecom providers, two hotels in Saudi Arabia, one airline in Saudi Arabia and four companies in the Oil & Gas sector in Saudi Arabia and Qatar
‡ Performed internal audits for an insurance group, pharmaceutical group and two financial investment groups in Saudi Arabia
‡ Developed IT Policies and Procedures for a Telecom Distribution company in Saudi Arabia as well as reviewed the same for a Investment Bank in Qatar
‡ Performed an ISO 27001 review for an Investment Bank in Saudi Arabia
‡ Conducted a review of BCP & DR preparedness of a large Industrial Bank in Qatar
‡ Performed a Software Licensing review for government agencies for the IT Regulatory
‡ Performed a Chart of Accounts review of an AutoERP in Saudi Arabia
‡ Developed internal Information Security Policies and Procedures as well as processes for Internal Audits, Security operations and Business Continuity
‡ create business proposals for technology solutions for EY offices across the Middle East
‡ research and feasibility study (make or build) on existing products in the market
‡ interacting with client to understand their business specifications and transferring them to application development team
‡ create estimates of the business application using FP Estimation
‡ SRS (functional specifications), use case development and business reporting for the development and testing teams
‡ User acceptance testing
‡ developing client presentations, user training content and training business users
‡ define the data definition and interface between the EY Global ERP system and the applications
‡ leading and coordinating the business analysis team, interviewing candidates, involved in process definitions and control
‡ coordinating and monitoring the data population tasks and review of office data during application deployment between the office and business support services
Milestones:
‡ Developed the Software requirements for the integration of all revenue accounting systems and applications for a Government Authority in UAE
‡ Designed the specifications for an internal Audit Planning, Reporting and documentation application to be deployed across 18 offices in 9 countries
‡ Designed the specifications for an internal Resource Planning application, integrated with other internal HR, Time, Engagement management applications. Managed the implementation of the solution across 18 offices including end user training, data migration, access management, process transition.
‡ User acceptance tests and functional mapping of different components in the Cordys BCP suite on different configurations & environments
‡ Test processes and control
‡ Product Test coordination, training and recruitments
‡ Project management
‡ Requirement study, reviews, functional tests for solutions based on Baan IV ERP
‡ Design & development of beyond ERP products built over Cordys Business Collaborative Platform integrating Baan IV and other applications
Within the Product Development team, did coding & development of beyond ERP products built over Cordys Business Collaborative Platform integrating Baan IV and other applications. Functional specifications, software processes and controls, Project and Release Management.
Masters in Business Administration (MBA)
Bachelor in Engineering (BE)