CISSP, CISM, CRISC, ISO 27001, CPISI
Tyro Payments
Total des années d'expérience :23 years, 11 Mois
Manage the GRC aspect of Information Security, which includes technology risk assessments, including cloud services, APCA, APRA, ASIC, PCI DSS compliance assesments
Advisory role on Information Security matters to all technical/non-technical staff
Raising Information Security Awareness
Develop an Information Security Strategy inline with the bank’s business & IT strategy
Develop and implement an overall Information Security Governance Program for the bank
Lead Information/Cyber Risk based Audits on the information security architecture of the bank and mentor, guide, monitor IT on ensuring a robust security architecture for the bank
Assess bank’s compliance on internal security policies, Central Bank regulatory requirements, PCI-DSS, ISO27001, Data Privacy control objectives and provide, monitor appropriate risk mitigation recommendations
Ensuring an appropriate Security Awareness program for the bank staff
Provide management assurance on information security program by developing metrics and reporting on KPI’s and KRI’s whilst demonstrating control performance
Head of Information Security (for AUB Group of banks across 8 countries in Middle East & UK)
Achievements
Development and presentation of a comprehensive Information Security Strategy with current and future goals with specific timelines to the Board.
PCI DSS (ver. 1.2) & ISO 27001 compliance certification for the Group’s banks in three countries.
Implementation of a centralized security operations unit handling security information and event management, vulnerability and configuration management for AUB Banks across 6 countries.
Development of a security metrics framework for providing real-time dashboard reports on Information security controls and practices in the Group
Implementation of a complete information management (discovery, classification, labeling) process, including effective Data Loss Prevention controls.
Responsibilities
Develop & ensure implementation of a comprehensive Information Security Program for the AUB Group addressing the security coverage in-line with the business functions.
Provide management assurance on information security program by developing metrics and reporting on KPI’s and KRI’s to Senior Management (Audit, Risk, Technology Steering committees)
Ensure alignment of Information Security Strategy with AUB Group’s business & IT strategy.
Information Security Risk Advisory for various Banking applications and Technology Solutions
Information security Governance with Policy, Risk, Threat, Incident, Compliance management
Provide assistance to IT Audit, Group Fraud Office and Business units towards remediation on audit findings, fraud investigations.
Security advisory on Enterprise Change Management
Manage Group’s compliance on internal security policies, Central Bank requirements, PCI-DSS and ISO27001
Manage business continuity for Security Function to ensure availability of critical security services
Ensuring Security Awareness through online tests, trainings, awareness emails for the entire AUB Group
Achievements
Design and implementation of the Information Security Architecture for the Bank.
ISO27001 certification for digital information assets & processing capabilities.
Designated Operational Risk Manager on the ORA system to review and present key risk indicators (KRI) for IT.
Formulation, documentation and implementation of processes & procedures for the Technical Operations unit of the bank based on ITIL framework complying to ISO 27001 control objectives.
Setup of the 24x7 Security Operations Unit in the bank
Responsibilities
Information Security infrastructure lifecycle management
Configuration Management across all platforms
Patch Management across OS, Databases and applications
Information Security Incident Management
Conducting Internal Audits and Risk Assessment across all tech operations unit and ensuring compliance to the bank’s policies and procedures.
Formulating policies and procedures for Business Critical Applications as per ITIL, ISO 27001.
Single point of contact from IT department for Bank’s Internal Audit, ISO, Central Bank and various other external Audit units.
Interacting with Senior Management and steering committees for Risk Assessment reports, new technology implementations, policy derivations and MIS reporting.
Evaluating new products /technologies, providing budget forecasts
Imparting Security Awareness Training.
Achievements
Established the Information Security Management framework for the Bank
Design and Implementation of the Information Security Infrastructure
Key role in setting up EMV compliance
Documentation and implementation of information security policies & procedures
Responsibilities
Develop, maintain, operate and review Bank’s Information Security Framework.
Manage security operations and administration of security infrastructure of the Bank.
Manage relationship with security service providers for remote monitoring and management services.
Facilitate and coordination of information system audits and external vulnerability assessments.
Conduct internal risk & compliance based audits in the IT department.
Evaluate new technologies, recommend and implement security solutions, processes and tools to monitor and ensure that the information security policies are implemented to minimize risk exposure.
Organizing Information Security (IS) Awareness Education and Training programs.