Manager Information Security and Risk
Baker Tilly International
Total years of experience :15 years, 1 Months
• Managing Information Security for multiple companies at a time (as vCISO) i.e. Arcapita, Bahrain Dev Bank, Osool, Albaraka, and Khaleeji Commercial Bank.
• Heading a team of over 50 consultants and secondees, deputed with multiple clients in the Middle East Region.
• Achieved less than 3% failure rate within 8 months for anti-phishing campaigns using a self-designed testing framework.
• Lead and achieved remarkable satisfaction and appreciations for successful and timely closure of several projects as well as maintaining quality service delivery.
• Multiple Digital Transformation projects with different Banks regarding security matters.
• Representing clients for relevant regulatory bodies, boards and auditors.
• Oversee, lead, plan, design and implement the functioning of the cyber security and readiness measures in the client organizations by analyzing the control effectiveness and Key Risk Indicators (KRIs).
• Designing necessary procedures related to cyber security, risk management, accreditation, certification, etc.
• Implementation and Certification of ISMS ISO 27001 in 2 companies (a wealth Management Company and a Government Authority/Ministry).
• Internal and External information security audits for multiple clients.
• Implementation of Cyber Security Framework by Saudi Arabian Monetary Agency in 2 Insurance companies and a bank in KSA.
• Review and development of Information Security Policies and Procedures.
• Create and deliver Information Security Awareness Programs, such as computer-based training courses, lectures, newsletters, and security tips.
• Designed and implemented Incident Management, Business Continuity, Disaster Recovery and Resilience Plans for several organizations.
• Established efficient measures to assess the efficiency of IS frameworks using Key Performance Indicators (KPIs).
• Enterprise Cyber Security Risk Management.
• Information Security Documentation Framework.
• Formulation of Disaster Recovery Plans.
• Information Security Awareness.
Performing risk assessments and testing of data processing systems
Training staff on network and information security procedures
Develop Information security strategy/Plan
Develop an in-depth framework of Information Security Policies, Procedures and guidelines
Day to day management of enterprise wide information security issues
Conduct risk assessment and risk mitigation exercise to
Define policies and procedures and other related ISMS documents
Conduct regular audits in compliance with all ISMS policies and procedures
Development of a formalized Business Continuity/Disaster Recovery Plan
Responsible to keep policies, procedures and guidelines current
Responsible to maintain central repository of all ISMS documentation
Ensure Compliance with company policies including all security policies.
Responsible to present information security incidents to Management
Remediating audit objections by enforcing policies
Trillium Information Security Systems is a Pakistan’s leading security solution provider and vendor that is providing consultancy to a number of multi-national, public and private sector organizations. My job duties as a Governance, Risk and Compliance Analyst (GRC Analyst) were to lead my team for carrying out the following domains:
Conducting Risk assessment and providing a framework of Risk Management to Certain Organizations
ISO 27001 Implementation and Audit; Certified one Commercial Bank and a public organization.
Engagement with technical process owners from respective organizations to understand technical process steps, identify risks, and drive towards a completed documentation that aligns with the IT Governance and Risk Management programs
Designing Business Continuity Plans for the desired clients
Designing Disaster Recovery Plans for the desired clients
Providing Information Security Awareness to certain clients
Design and conduct proof-of-concept tests to replicate third-party findings and propose solutions to resolve discovered security issues
Prepare detailed reports on findings and relate findings to real-world risks and provide specific, actionable recommendations for resolution
Perform research activities to investigate vulnerabilities and technologies which may impact the product suite, and present findings at industry conferences and tradeshows
Proactively develop threat models to assess how attackers may attack the Information System
Assess and recommend additional tools and technologies as needed
Internal Information Security Audits
Information Security related policies drafting, formulation and implementation
Configuration and maintenance of network services, equipment and devices
Member of Information Security Awareness Team in the Bank
Planning and supporting Security infrastructure
Analysis of security risks to servers, and workstations
Management of user accounts, permissions, email, anti-virus, anti-spam
Networks
Internee
Telecommunication
Research and Development
18 Years of Education, Vulnerability Assessment, ISMS, Network/Wireless Security, Digital Forensics, Cryptography.
16 Years of Education