Lead Consultant - ISMS
ADNOC (CNS MiddleEast)
Total years of experience :20 years, 3 Months
Strategic Management | Information Security Governance | Risk & Compliance | ISO 27001 Implementation | ISMS Maintenance | UAE NESA Information Security Compliance | ISO 20000 Implementation | Information Security Awareness | Patch & Vulnerability Management | Access Review | IT Program Management | Risk Management | Audit Management
Oversaw information security strategies organization-wide, with a focus on maintaining the confidentiality, integrity, and availability of data.
Implemented ISO 27001:2013, conducted internal audits, managed third-party certification processes & conducted surveillance audits.
Similarly, managed ISO 9001:2015 implementation, conducted internal audits, ensured maintenance of the Quality Management System (QMS), oversaw certification processes, and conducted surveillance audits.
Managed the IS governance steering committee, which included tasks such as establishing the committee, aligning its strategic objectives, conducting regular meetings, and identifying actionable items.
Maintained the Information Security Management System (ISMS) by developing and updating policies, standards, guidelines, and best practices. This also involved actively seeking continuous feedback to improve the ISMS, as well as regularly reporting the current status to executive management.
Oversaw risk management activities, which included conducting risk identification workshops, performing risk analysis and assessment, assigning risk ownership, actively managing risks, and periodically reporting on the status of risks.
Organized annual mock exercises for business continuity and disaster recovery to assess preparedness.
Facilitated the annual penetration testing exercise and collaborating to address any findings.
Conducted risk-based audits of management systems (including QMS and ISMS) and engaging in IT governance activities.
• Providing training for various information security certifications (CISA, CISM, CEGIT, CRISC)
• Training on Statistics, Six Sigma
• Project Management and Agile Project Management trainings
• Information Security Awareness & Training
• Information Security Risk Management
• Information Security Audits
• Information Security Incident Management
• Information Security Project Management
• Coordination with vendors for vulnerability management and penetration testing
• ISO 27001:2013 Control Implementation
• CMMI Implementation for Norwich Union, UK
• Process Improvement (Six Sigma) training to employees in Norwich Union, UK
• Process documentation for IT Service Management based on ITIL and ISO 20000
• ISO 9001:2008 implementation and sustenance
• ISO 27001:2005 support and internal audit
• Data analysis for process improvement
• Providing training on six sigma tools like Minitab, JMP, statistical analysis using Microsoft Excel
• Ensuring process adherence for the huge IT engagement for a prestigious banking client
• Performing various process audits and assisting in closure of audit findings
• Conducting process training
• Conducting induction training & orientation to new employees in Accenture
• Responsible for few CMMI process areas for documentation, training, implementation and auditing
• CMMI Level 5 implementation for the Hyderabad center (training, change management, process implementation, process auditing & metrics management)
• Successful completion of ISO 9001:2000 certification & surveillance audits for the vertical
• Providing training on CMMI processes, participating in SEPG activities
• Providing six sigma training and performing process improvement projects
• Periodically coordinating review of processes and updating the process assets
• Performing various audits (startup audit, configuration audit, phase-end audit, delivery audit, delivery management audit etc.)
• ISO 9001:1994 implementation for the development center in Chennai
• Maintenance of Quality Management System (QMS)
• CMM implementation
• Quality awareness training
• Process documentation, Process training, Process implementation
• Process measurement and metrics
• Process audits
Master Degree in Statistics - M.Sc (Statistics)
Bachelor Degree in Mathematics - B.Sc (Mathematics)