IT Security Competency Compliance Manager
IBM
Total years of experience :28 years, 4 Months
Acting as Team leader, lead Senior project manager and Security technical advisory for Enterprise Security projects and activities. Furthermore leading & managing daily operational security and compliance activities for both customers and IBM internally. The role requires close customer relationship, elaboration of executive management reporting, profound team leadership, technical oversight, profound and detail understanding of processes/procedures/policies/standards (ITIL, ISO, PCI-DSS, CIS) and audit/review management.
IT Security Manager, Responsible for
- Establishment of IT security services based on ISO standards and market best practices e.g. privileged access process, continued business need, security patch management, user revalidation process, data classification and data/system ownership, disaster recovery/business continuity, identity management, compliance management etc.
- ITIL alignment process management, e.g. security incident management, security risk management, change/problem management
- Audit readiness activities, e.g. self assessment analysis
- Assisting and managing both internal and external audit activities, e.g. scope definition, resource allocation, collection of data etc.
- Project management.
- Security policy elaboration
- Elaboration of security/hardening Implementation appendices for variety of systems, e.g. Unix, Windows, Oracle, SQL, SAP, network devices (wired and wireless) etc.
- Staff education
-T op management reporting
- Customer negotiation upon new services and solutions
- Infrastructure design, e.g. Intrusion Prevention System (IPS), malwares protection (anti virus, spam filtering, URL filtering) etc.
- Managing vulnerability scanning and penetration testing
- Establishing and managing Public Key Infrastructure(PKI)
- Forensic investigation
In this period customer within Transport sector (Maersk Line, P.O.Nedloyd and several airliners, e.g. Lufthansa), Retail and distribution sector (Carlsberg, Danish Supermarket group, Maersk Oil & Gas), government sector (ministry of education and ministry of foreign affairs) and financial institutes have been supported.
-Elaboration of corporate policies, strategic plan for management and working procedures and processes
-Assisting in Implementing of datacenters and off-site locations
-Conducting business risk analysis to determine assets value to the companies and deciding the proper countermeasure upon the calculated risk.
In this position, customers within industrial sector (Hempel), government sector (Danish Parliament and Ministry of Internal affairs) and public sector (Danish Broadcasting/TV) have been supported.
- Responsible for security administration for decentralized systems
- Responsible for IT Security architecture and infrastructure
- Responsible for logical and physical access
- Responsible for log review and analysis for both logical and physical controls
- Elaboration and implementation of security procedures
In this period all security related bank businesses with both national banking companies and international credit companies (VISA/MasterCard/American Express/Diners) and vendors were supported.
- Responsible for auditing access controls for decentralized systems and platforms
- Responsible for auditing network infrastructures
- Responsible for physical environments review and inspection
- Developed Excellence in Sales training course.
As auditor both public and private sectors entities and companies were supported according to audit laws in Denmark.