Global Head of Information & Cloud Security
Webjet Group
Total years of experience :13 years, 0 Months
Direct security for all-digital business of Webjet Group, including Webjet OTA B2C, Webbeds B2B, GoSee B2C, and Trip Ninja.
Driving end-to-end information security strategy, compliance, data governance, risk management, and auditing. Provided thought leadership, identifying gaps in security infrastructure, and developing balanced scorecards and appropriate technical solutions. Optimized security capabilities by enabling granular security controls to reduce overall security risk levels and executing cyber remediation programs to mitigate risk. Enabled risk management, third-party risk management, IDAM, and security audit functions, partnering with DevOps and other internal stakeholders to champion secure cloud development practices and integrate DevSecOps principles into all aspects of security engineering. Strategized and led planning and execution of IDAM, Awareness programs, Compliance, Data Governance, Security Audits, Incident Response, Vulnerability Management, Application Security, Threat Intel, and Cloud Security Engineering initiatives. Led multiple security projects and multi-cloud integrations.
• Playing a key role in achieving security compliance with ISO27001 and PCI-DSS certifications.
• Defined, developed, and refined code of practice, balanced scorecards, cloud security reference architecture, target operating model, KPI, roadmaps, processes, frameworks, and controls based on business strategies and regulatory requirements.
• Designed and implemented cloud-based security technologies, including data governance, data protection, IDAM, PAM, SSO and DLP, Cloud Access Security Broker (CASB), Secure Access Service Edge (SASE), and Cloud Security Posture Management (CSPM).
• Led process improvements, implementing security governance, IDAM, and CSPM and automating audits for Azure and AWS.
• Manage third-party MSSP and SOC teams.
• Reduced overall security budget by optimizing security technology capabilities in AWS, Azure P2, and O365 E5.
• Oversee and perform periodic audits, security risk assessments, and privacy impact assessments (PIA) to identify current and future security vulnerabilities, determine levels of acceptable risk, and identify solutions to attain acceptable risk levels.
• Monitor security trends and provide regular reporting of balanced scorecards, KRI, risk register, data processing activities, and the current status of the information security program to the enterprise risk management team and senior business leaders.
• Coordinating with the legal team to ensure security and privacy controls are vetted in third-party contracts and provide responses to data subject requests as required.
• Automated compliance reporting from various data sources to BI and data analytics tools.
• Provide strategic risk guidance and consultation for corporate IT projects, including evaluating and recommending technical standards and controls.
• Managed and reduced overall security budget by optimizing security technology capabilities,
• Maintain an enterprise-wide information security awareness, data literacy, protection education, and compliance training program.
• Developed target operating model and robust security team.
Developed and implemented cloud/information security and compliance frameworks, processes, and controls for both cloud (Azure) and hybrid environments.
Drove cloud/digital transformation projects from concept through successful deployment of security controls. Conducted current state risk assessments of both cloud and on-premise infrastructures, building strategies and roadmaps for improvement and security strategy enhancement. Oversaw multiple information security programs, PCI DSS, ISO 27001, access reviews, and other IS audits. Liaised with internal stakeholders to ensure effective implementation of regulatory compliance solutions utilized by Mandatory Reliability Standard Compliance Program. Performed application security reviews, cloud onboarding reviews, cloud governance, and RPA reviews.
• Earned Standing Ovation Award for Dubai Holding Security compliance.
• Achieved PCI DSS certification for 25 luxury five-star hotels.
• Enhanced operational security, rolling out multi-factor authentication across 20K users.
• Led multiple cloud and digital transformation projects using Azure, Office 365, Opera PMS, Oracle Fusio, Oracle ERP, CASB.
Developed processes and procedures for implementing and managing information security management system (ISMS) and Security Operations Centre (SOC).
Implemented and managed security applications, liaising with key internal and external stakeholders for all cyber and information security issues. Managed security incident response team, performing periodic incident reviews and reporting alerts and malicious traffic. Conducted daily threat hunting operations, identifying vulnerabilities from various sources and ensuring compliance with government and industry standards and controls. Evaluated security products and projects, working with vendors, service providers, and pre-sales team to ensure adequate security controls were implemented.
• Earned Bravo Award for spearheading transition and build of 24/7 centralised SOC operations across four government entities, streaming security operations within six months.
• Earned appreciation accolades from Abu Dhabi Digital Authority (ADA).
Coordinated roll out of IT security projects, developing and implementing information security policies, procedures, and standards. Monitored and mentored contractor performance, ensuring they met corporate objectives. Collaborated with internal stakeholders to develop information security framework based on ISO 27001, working toward ISO 17799/27001 certification. Conducted periodic asset discovery and IT audits, overseeing gap analysis, regulatory compliance evaluation, and corporate governance management reporting.
• Set up implemented regional information security function from scratch aligned with global group strategy.
• Revamped global information security strategy and policy execution, foreseeing data privacy & GDPR regulatory requirements
URL removed due to policy violation. Please contact support for further information.