Information Security and GRC Manager
Alpha Data
مجموع سنوات الخبرة :38 years, 8 أشهر
• Developing strategic plans, governance structures, budgeting processes, and implementing robust security solutions to safeguard the organizations information assets
• Developed strategic roadmap that aligns information security initiatives with the organizations risk tolerance, taking into account the organizations priorities and the identified threat landscape.
• Achieve alignment between business and information security strategies, maximizing the value derived from security investments to safeguard enterprise assets. Establish strategic governance practices to prioritize information security investments effectively.
• Developing and implementing information security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.
• Deployed technological platforms to secure organizational assets by gaining a deep understanding of the threat landscape, continuously monitoring cyber threats, and ensuring effective compliance through integrated risk management programs.
• Selection and Implementation of Security and Privacy Controls and Assessment/Audit of Security and Privacy Controls
• Developed Information security awareness strategy and training program to build a culture of security within the organization by providing regular security awareness and training programs. Educate employees on the importance of security practices, social engineering risks, phishing attacks, password hygiene, , safe online behavior etc.
• Implementation of continuous monitoring platform tools and techniques to detect and respond to security incidents promptly.
• Performing periodic vulnerability assessments and penetration tests, and perform security audits to ensure ongoing compliance and effectiveness of the implemented security controls.
• Periodic review and update the security program to address emerging threats, technological advancements, regulatory changes, and lessons learned from security incidents.
Key Result Areas:
• Develop and monitor a strategic, comprehensive enterprise information/cybersecurity risk management program, incorporating strategy, policies, standards, processes, and guidelines to safeguard digital and data assets.
• Create, maintain, and publish up-to-date information security policies, standards, and guidelines, ensuring efective communication across the organization.
• Lead the strategy for managing and reporting security incidents, overseeing investigations of reported security breaches.
• Identify, manage, and minimize information security risks, providing relevant and timely reports to drive business decisions.
• Ensure appropriate administrative, physical, and technical safeguards are in place to protect information assets from internal and external threats.
• Introduce and implement procedures to regularly test technical safeguards, overseeing the development and implementation of controls to mitigate identified threats and risks.
• Align security and enterprise architectures, embedding security requirements in these architectures.
• Manage daily operations for InfoSec architecture, engineering, operations center, secure development lifecycle, and governance functions across on-premises, hybrid cloud, and cloud capabilities.
• Report regularly on the current status of the information security program, staying informed about the latest cybersecurity technologies and innovations.
• Create and manage a targeted information security awareness training program.
• Manage InfoSec vendor relationships, optimizing value from these relationships.
• Research, investigate, and implement measures addressing data security risks and potential losses.
• Monitor and maintain application user access across the IT portfolio, ensuring on-time onboarding and ofboarding for identified IT environments.
• Follow up on detected security issues, implementing solutions to mitigate risks.
• Oversee threat monitoring activities, taking preventive actions, and advising relevant stakeholders on appropriate courses of action and responses to threats.
• Own the cybersecurity incident and vulnerability management processes from design to implementation.
• Oversee incident response planning, lead the investigation of security breaches, and assist with disciplinary and legal matters.
Key Result Areas:
• Managed the strategic direction, development, and implementation of security operations monitoring strategies and information security technology solutions.
• Analysed business requirements and developed solutions for IT needs, ensuring alignment with IT Strategy, Governance, Risk and Compliance.
• I steered eforts in executing information security and risk management of all IT systems and applications.
• Collaborated with key organisational stakeholders for strategic planning and integrating security considerations into tech initiatives.
• Oversaw security monitoring and fortified digital defences, ensuring security controls were adequate and aligned with the strategic vision.
• Continuously monitored and assessed current and emerging threats, orchestrating rapid responses to security incidents.
• Led enhancing the organisations cyber detection, response, and defence capabilities.
• Established and upheld standards and requirements for security operations, threat detection, intelligence, and incident response.
• Proposed comprehensive risk management strategies and advocated for security advancements in organisational leadership.
• Spearheaded the evolution and execution of the Cyber Security Governance framework, including information security strategies, policies, and standards.
• Provided security awareness guidance and training to staf and conducted risk, business impact, and vulnerability assessments.
• Demonstrated proficiency in conducting cyber threat intelligence, securing public cloud environments, and enterprise security monitoring.
• Possessed technical expertise in application security, penetration testing, vulnerability management, forensic analysis, and standard security controls.
• Utilized SIEM for use-case building and operation with in-depth technical and hands-on knowledge.
• Ensuring technical implementation and business processes are aligned and signifying measures to improve IT-related procedures, operations, processes, and systems
• Executing IT technologies, strategies, and policies to safeguard customer’s information assets by managing risk
• Heading the design, implementation, maintenance of Security Management Systems, Datacenter Projects & providing infrastructure services
• Establishing and running Data Centre infrastructure including sizing, configuration, bandwidth estimation, network management, load balancing, etc.; supervising the provisioning, installation, and maintenance of new servers and network infrastructure
• Providing information security assurance to customers and clients based on policies, processes, procedures as per the ISMS framework
• Authoring IT policies procedures, and guidelines, developing risk-based review strategies for the IT infrastructure, and making use of the best practices and processes
• Steering responsibilities for various Information security operations tasks like configuration and execution of changes on security controls & technologies
• Steering the diverse responsibilities in maintaining site-to-site IP Sec VPNs; ACLs on corporate and site firewalls; Installation and administration of multi-vendor Network Infrastructure across the customer premises (Cisco/HP/Fortinet)
• Planning data center facilities as per customer requirement, including security, space, power, and cooling requirements of the datacenter
• Minimizing and streamlining overhead expenses, improving margins, controlling penalties by improving SLAs.
• Ensuring best practice and usage of ITIL Process and effective usage of Helpdesk Management System, assist in restoring normal service as soon as possible based on customer perspective and within defined SLA
• Steered efforts in executing information security and risk management of all IT Systems and Applications, IT Strategy, Governance, Risk and Compliance, IT Infrastructure, and IT Operations Management
• Established and maintained the corporate-wide information security management program
• Monitored trends, developed, and provided monthly metrics and performance/status reports to ensure visibility of status to the wider organization
• Examined performance of current IT Security systems and documented resolutions to enhance the quality of service and to prevent future problems
• Worked with business stakeholders to develop and establish a Data Privacy Framework & Data Leakage Prevention Program
• Managed Information security compliance according to information security standards aligned to the business statement
• Provided ongoing career development, support, coaching and identify need-based training requirements for the team and direct reports
• Conducted information and cybersecurity awareness programs for all employees, contractors, and all IT system users of the organization
• Executed periodic business users and privilege users access reviews, application system reviews as per IS policy requirements
• Skilled in Information Security, computer security incident handling, security policies audit/review using industry-standard best practices
• Developed and published organization-wide information security policies, standards, and guidelines
• Provided strategic risk guidance for IT projects which includes the evaluation and recommendation of technical controls
• Coordinated with Software Vendors, Developers & Operations Teams to ensure alignment between the security, infrastructure, and application architectures
• Designed, installed, and configured LAN/WAN infrastructure architecture as per organizational requirements
• Developed, coordinated, and maintained comprehensive data center recovery plans and a testing program, to ensure the ability to recover in the event of an unforeseen disruption to facilities, technology systems, or applications
• Developed Business Continuity Planning documentation and trained all employees to understand the Disaster Recovery / Business Continuity Planning processes
Key Result Areas:
• Design, implementation and maintenance of Information Security Management Systems, Datacenter Projects & Infrastructure services
• Understand the business objectives and current policies, processes, security objectives, and security strategy / Conduct detailed gap assessment and identify the overall maturity of the SOC environment as per ISO 27000 / NIST framework.
• Implemented NIST Incident Management Framework such as - Incident management and Recovery Procedures/ Testing and Drills or Incident Procedures / Incident Investigation / Review Procedure / Lessons Learnt and Improvement
• Support organisation in the Information Security Assurance program in authoring/drafting IT policies, procedures, and guidelines, developing risk-based review strategies for the IT infrastructure and using the best practices and processes aligned with the ISMS framework.
• Support organisation to Minimize the impact of compromised information assets, reduce data misuse, and increase confidentiality by leading end-to-end development/implementation of the companys enterprise information security policies.
• Lead the Information security / Cyber security defensive strategy/solutions for clients by ensuring technical implementation and business processes are aligned and signifying measures to improve IT-related procedures, operations, processes, and systems.
• Accountable for designing Information Security programs to maintain and protect the confidentiality, integrity, and availability (CIA) of the Information systems by evaluating people, processes, tools, and technologies.
• Identified, evaluated, and provided IT, cyber security, regulatory and legislative KPIs while aligning operations with established security standards to accomplish business objectives.
• Administration and Management of End Point Security Management, Security Incident and Investigation, Endpoint Detection and Response/Mobile Device Management, Privilege Access Management and Data Loss Prevention Solutions
• Install and administer servers and network devices across corporate networks, ensuring compliance with IT security, business continuity, and disaster recovery standards, including proficiency in virtualized server administration for ERP and databases.
• Provide comprehensive oversight of network-related systems, covering design, planning, development, implementation, and security.
• Ensure network scalability and uptime, aligning with business growth and regulatory demands.
• Implement and maintain company networking and server infrastructure, enforcing corporate information security policies.
• Troubleshoot networking issues, manage email administration, and oversee VPNs, firewalls, and other security measures.
• Oversee IT assets, implement security controls, and manage processes for internal and external audits.
• Provided functional IT support & IT consultations for SITA’s airlines and airports customers
• Provisioned Internet Leased Lines and MPLS links to airlines and airport customers
• Coordinated with Telcos regarding the provisioning and commissioning of Leased Line/MPLS links for Network Operating Center
• Administration and Management of Network Operating Center ( Nortel passport/ high-end switching equipment/Routers/Firewalls)
• Implemented:
o Airport CUTE passenger handling Project at Cochin International Airport
o SITA AIRCOM Project for airlines communications at Cochin International Airport
•
• Coordinated with Telcos regarding the provisioning and commissioning of Leased Line/MPLS links for Network Operating Center
•