Chief Information Security Officer
Faysal Bank Limited
Total des années d'expérience :35 years, 0 Mois
The CISO is responsible for establishing and maintaining the enterprise information security vision, strategy and program to ensure information assets and technologies are adequately protected. CISO is also responsible for aligning information security initiatives with enterprise programs and business objective.
Reporting into the Chief Risk Officer (CRO) of the bank, my position demands me for the following:
Lead the development, implementation and monitoring of a strategic, comprehensive enterprise information security and risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the bank. Balance security needs with the bank's strategic business plan, identify risk factors, and determine solutions to both.
Develop, maintain and publish up-to-date information security policies, standards and guidelines, encompassing a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
Manage security incidents and events to protect IT assets, including intellectual property, regulated
data and bank's reputation.
Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
Liaise with external agencies, as necessary, to ensure that the bank maintains a strong security
posture.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the
program, facilitate appropriate resource allocation, and increase the maturity of the security.
Provide regular reporting on the current status of the security program to the Board of Directors, Senior Management, and line management.
Information Technology Advisory (ITA)
My position demanded the following responsibilities and competencies to achieve the agreed targets:
Sector specialist (Financial Institutions) and subject matter expert (IT Governance, BCP, & Information
Security)
Market facing and strategic operations leader for IT Advisory
Portfolio management for the assigned clients
Lead engagements, build and deploy high performing teams, act as a mentor
Operate as leaders in the context of their specialism
Drive exceptional service delivery and create value for clients
I had been successful in achieving my assigned targets each year, for Sales, Revenue and costs. Key
highlights are as follows:
Proposal conversion rate increased from 5% to 15%
Project execution delays reduced to 10% from 25%
New clients acquired: Five (05)
Average new annual sales achieved: PKR 25 million
Average annual revenue generated on a recurring basis: PKR 45 million
I spear-headed the IT organization of the bank, reporting to the President. The job encompassed all
facades of IT including operations, development, network, branch support, IT procurement, and IT Security.
During my tenure with ZTBL, my major achievements were as follows: -
Authored the IT Strategy in line with the vision, plans, and aspirations of the bank.
Page | 2
Developed the charter for a new Information Systems Division, re-organizing and restructuring the
legacy MIS Division comprising IT Operations, IT Security, Systems Development, Help Desk & IT
Procurement, & IT Networks.
Established the IT Steering Committee.
Responsible for a one-time implementation budget of USD 20 million.
Directed the re-modeling and renovation of the IT floors, comprising of a data centre as well.
Authored the IT Security Policy of the bank conforming to the central bank's regulations and leading
standards.
Developed the Core Banking/ERP Application Model for the bank.
Directed the implementation of the Local Area Network at ZTBL Head Office, and Zonal Offices.
Hired consultants: a) for the completion of the business needs & requirements (vis-à-vis the core
banking/ERP application); b) for the preparation of the RFP document for the Core Banking Application
System and other components; c) for the completion of the BPR “As-Is” model for the business
activities in relation to the core banking application; and d) for the provision of the draft prototype future
models to business owners for review, discussion and finalization.
Directed the selection and procurement of Oracle Financials & HRMS for implementation.
Directed the procurement and implementation of ICT infrastructure for ancillary and legacy systems.
I was responsible for the overall direction, planning, and control of all aspects related to Information
Technology (IT) functions - i.e. IT operations, systems development, security & control, network &
communications, and computer and cables operations. I was also responsible for the Business Continuity
Planning, IT expense budgeting, IT compliance, the Annual Technology Plan, and the 3-year IT Strategic
Initiatives.
Major achievements at HSBC Pakistan were as follows: -
Setup the first centralized data centre of the bank in Pakistan in 1994.
Established the centralized online banking services in Pakistan in 1994.
Implemented the Regulatory & Management Information System (REMIND) in 1995.
Implemented the Global ATM Network in the area in 1996.
Coordinated the migration of data centre into Hong Kong office in 1997.
Coordinated the upgrade of the core banking application in 1997 and 2002.
Directed the implementation of the ATM Sharing setup with MCB-MNET in 2002.
Directed the implementation of the staff payroll system in 2003.
Directed the development of Treasury Deal processing system in 2004.
Responsible for Business Recovery/Continuity Planning, IT Compliance and IT budget.
Responsible for preparing Annual Technology Plan and IT Strategic Plan.
In-charge of IT Function)
16 years) with concentration in IT &
16 years) covering Finance, Marketing Economics, MIS etc.
Statistics, Mathematics, and Physics
courses: Advanced Diploma in Computer Science - full length IT curriculum course Page | 3
,
,
In Progress