Direct security for all-digital business of Webjet Group, including Webjet OTA B2C, Webbeds B2B, GoSee B2C, and Trip Ninja.
Driving end-to-end information security strategy, compliance, data governance, risk management, and auditing. Provided thought leadership, identifying gaps in security infrastructure, and developing balanced scorecards and appropriate technical solutions. Optimized security capabilities by enabling granular security controls to reduce overall security risk levels and executing cyber remediation programs to mitigate risk. Enabled risk management, third-party risk management, IDAM, and security audit functions, partnering with DevOps and other internal stakeholders to champion secure cloud development practices and integrate DevSecOps principles into all aspects of security engineering. Strategized and led planning and execution of IDAM, Awareness programs, Compliance, Data Governance, Security Audits, Incident Response, Vulnerability Management, Application Security, Threat Intel, and Cloud Security Engineering initiatives. Led multiple security projects and multi-cloud integrations.
• Playing a key role in achieving security compliance with ISO27001 and PCI-DSS certifications.
• Defined, developed, and refined code of practice, balanced scorecards, cloud security reference architecture, target operating model, KPI, roadmaps, processes, frameworks, and controls based on business strategies and regulatory requirements.
• Designed and implemented cloud-based security technologies, including data governance, data protection, IDAM, PAM, SSO and DLP, Cloud Access Security Broker (CASB), Secure Access Service Edge (SASE), and Cloud Security Posture Management (CSPM).
• Led process improvements, implementing security governance, IDAM, and CSPM and automating audits for Azure and AWS.
• Manage third-party MSSP and SOC teams.
• Reduced overall security budget by optimizing security technology capabilities in AWS, Azure P2, and O365 E5.
• Oversee and perform periodic audits, security risk assessments, and privacy impact assessments (PIA) to identify current and future security vulnerabilities, determine levels of acceptable risk, and identify solutions to attain acceptable risk levels.
• Monitor security trends and provide regular reporting of balanced scorecards, KRI, risk register, data processing activities, and the current status of the information security program to the enterprise risk management team and senior business leaders.
• Coordinating with the legal team to ensure security and privacy controls are vetted in third-party contracts and provide responses to data subject requests as required.
• Automated compliance reporting from various data sources to BI and data analytics tools.
• Provide strategic risk guidance and consultation for corporate IT projects, including evaluating and recommending technical standards and controls.
• Managed and reduced overall security budget by optimizing security technology capabilities,
• Maintain an enterprise-wide information security awareness, data literacy, protection education, and compliance training program.
• Developed target operating model and robust security team.
- Company industry:
- Hospitality & Accomodation
- Job role:
-
Information Technology
Personal Website