Senior Corporate Information Security Officer
Experts International recruitment Services
Total years of experience :14 years, 2 Months
Create CSF (Common Security Framework) based on ISO 27001, HAAD, NESA and ADSIC to manage the Security operation efficiently.
Mapping CSF controls against Security Standards.
Meet Business leaders and do gap assessment to in line with Organization/Business Goal.
Prepare Plan for implementing missing controls and procedures and Policy.
Review periodically ISMS framework.
• Information security compliance tasks.
Involve in Internal and External Audits and Regulatory requirements.
Remediation of Highlighted Audit observation/Noncompliance.
High light the residual RISKs to Management.
Work closely with HR/Legal Team on any non-compliance incidents.
Make Security Assurance documents/Artefacts to make sure employees to read and accept the Information Security Policies.
• Information Security awareness program.
Conduct security awareness training sessions with different business teams.
Track and work on Improvement plan on Security awareness training program.
Prepare security awareness training documents/online materials for new Joiners.
Periodically send communication email to all employees on any Major Cyber Threats and Latest awareness news.
Conduct Security awareness road shows and events.
• Involve in POCs for IT security tool implementation.
Gather Business requirements for security tool/Products.
Setting up success criteria and use cases.
Evaluate Industries Top players’ product for a specific requirement.
Do due diligence and Plan for POC requirements.
Setting up POC.
Report to Management on POC results for recommendation.
• Red Team /Blue Team Exercise.
Set up Red Team and Blue Team with Roles and responsibilities.
Set up LAB for Red Team exercise with open source Tools.
Set up Objectives for Red/Blue Teams to measure the existing Threats and associated RISKs.
Conduct Attack exercise and record response/Resolution time and security controls weakness.
Recommend additional/Modification in security controls to fix the gaps.
Recommend any procedure/Process/Policy improvement.
Implementation and support of WAN network
• Installation and Configuration of Cisco Routers.
• Detect and correct network related problems when they occur.
• Track and anticipate utilization, throughput, and response time.
• Manage and monitor changes to managed devices.
• Customization of HP Open view software as and when required.
• Co-ordinate with team of engineers posted locally as well as at remote location for link related problems.
• Co-ordinate with the service provider for leased line and VSAT related problems.
• Giving Remote solution for field engineers whenever they need and firing ISDN whenever the leased line goes down.
• Check for backup takeover whenever primary links goes down.
Infonet Solution, Chennai