Senior Risk Partner
Lloyds Banking Group
Total years of experience :5 years, 4 Months
My key responsibilities include:
• Providing robust advice, challenge, and partnership to identify and mitigate fundamental change, regulatory compliance, operational, and resilience risks across technology programs, including generative AI initiatives.
• Minimising non-financial risks, customer harm, and adverse impacts across the business and operations through proactive collaboration, ensuring consistent risk measurement, control, and timely reporting across the change portfolio.
• Critically evaluating and inputting into new agile approaches adopted by LBG, including risk reviews to maintain alignment with the Group's risk appetite.
• Leading risk reviews, offering insightful analysis, and proposing risk mitigation actions in compliance with the Group Risk Management Framework requirements.
• Spearheading initiatives to enhance risk governance and awareness culture within the Bank. Leading efforts in technology resilience, including disaster recovery, business continuity management, crisis management, and emergency response while working with the new initiative and transformational Backup and Recovery Programme.
• Supporting activities around rigorous compliance with the specific regulatory needs of individual legal entities, reinforcing a comprehensive and proactive approach to risk management across all facets of the Group.
I have achieved the followings:
• Through the identification, qualification, and proposition process, I have utilised my exceptional business development skills to close a deal of £2.5M in a major transformation project.
• Design and implement a DevOps risk control framework to help mitigate key risk areas, working with 1LoD and 2LoD
• Defined a functional model that articulated the position of enterprise Technology Risk across the lines of defence
• Revised the operating model, business engagement model, and core capabilities of tech Risk and Control functions
• Strategised Data Protection technologies and solutions, such as DLP, Data Discovery & Classification, Encryptions
• Designed and implementation of risk and control processes in a DevOps ecosystem
• Defined and embedded a holistic cloud governance model and cloud control framework for a UK bank
• Assessed the technology and risk management activities of a Post Incident Response
Position Hold:
Senior Manager, Financial Services Firm (April 2022-March 2023): The UK and Global Financial Service
Clients required support in several transformation projects to manage security and technology risks. The projects included cloud migration, DevOps risk, change management, DevSecOps, and application migration to microservices.
• I worked with the 2LoD to design an application risk assessment to analyse the strength of the control environment and the adequacy of the related internal control framework.
• I developed workshop sessions for senior management teams to provide a baseline understanding of technology risk management for a healthy digital spine in a cloud migration project.
• He worked with the 1LoD and 2LoD to design a DevOps risk control and security framework to help mitigate key risk areas and specific actions that can be taken to ensure that potential risks are mitigated.
I had global accountability for defining the strategic direction of the firm's Secure Development practice and authoritative contribution to wider DevOps and Technology strategies and roadmaps. My work involved the development of a compelling commercial business case and innovative DevSecOps solution for rapid engagement and delivery. My role involved:
• Set and led priority initiatives to enable effective shift-left security in partnership with various development, engineering, and technology teams, including:
o the continued adoption of automated/semi-automated/self-service security tools;
o an enhanced data-led license-to-operate model, and;
o minimum requirements for key roles (e.g., training), amongst others.
• Designed and implemented a standardised, organisation-wide IT and technology control framework aligned to industry standards and the documentation of underlying control activities aligned to the standardised framework across all organization divisions in a major UK bank.
• Advised the Technical Risk Committee of a major insurance company to make informed risk decisions
• Coaching and managing a team of 40+ consultants
• Designed a technology risk target operating model and service catalogue across 1 and 2 LOD, including a resource profile to support establishing the enterprise-wide 1.5 LOD IT control testing team under the direction of the Head of IT Governance.
• Designed a standardised controls testing approach, testing artefacts, and a risk and control self-assessment (RCSA) process.
• Delivered quality-checking activities on risks, controls, and issues produced by divisions.
• Leading an Asset Management, Asset Discovery, and Asset Inventory project as part of the ISO 27001 audit process for a large UK financial services company
• Developed and coordinated training sessions for stakeholders
• Led the definition, implementation, continuous maintenance, and oversight of secure development practice
• Set and lead priority initiatives to enable adequate shift-left security working with development, engineering, and technology teams
• Represent technology risk function in SMTs and regulatory exams
• Support the development and maintenance of the pre-deployment security assurance control in the clients' risk taxonomy and control library, including its control design, detailed operating instructions, and key control indicators, to ensure it remains effective against an evolving threat and technology landscape.
I led the proposition, winning, and implementation of a hybrid, multiplatform Cloud migration in the £50 million joint project. I also led the consultative client engagement from pilot to GCP public cloud domain production. My achievements through my roles in Wipro included:
• Closely engaged and managed C-level stakeholders.
• Initiated green field business operations by building partnerships with key suppliers, distributors, and contractors in multiple geographies.
• Advised on a core application integration project and help the clients to transform their current software and application security practices to support continuous delivery and improvement, focusing on solid partnerships with application development, operations, and business teams.
• Managed a major £5M digital transformation GRC project in a large banking sector in the UK that included multiplatform, hybrid cloud migration. Reza worked with several internal and external stakeholders and the senior executive team to provide advice and expert opinion in planning, building, implementing, and monitoring a successful digital transformation strategy and control framework and writing policy and guidelines. In addition, he set up a DevSecOps team to ensure security by design in the SDLC process, risk-based DevOps activities, threat assessment, security control testing, and security audit.
• Provided risk analysis and assessment reports to the board of directors and the Technical Risk Committee (TRC) members to ensure that executive management leads cyber efforts and supports cyber security as a business issue.
• Developed strategy, design, organisation, and implementation of modern technology control framework
• Provided comprehensive information and cybersecurity advice, strategies, and recommendations, ensuring alignment with industry standards (Scope: ISO 27001) through conducting in-depth security surveys and inspections in a significant digital transformation project.
• Delivered a significant risk management project that included:
o Collected and reviewed the information, including existing documentation of internal & external business and IT environments
o Identified potential threats and vulnerabilities to enable IT risk analysis
o Developed a comprehensive set of IT risk scenarios to determine the potential impact on business objectives and operations
o Advised on compliance risk concerning GDPR, PCI DSS, and CBEST requirements
o Prepared all documentation and steps required by the ISO 27001 implementation process/ISMS
• Designed vulnerability assessment to identify vulnerabilities and remediation management by process optimisation, tools rationalisation, and forming a team structure for real-time collaboration by adopting speed-enabling practices.
• Security consulting and risk advisory services for technology projects enabling European institutional and international banking.
• Provided advice on cyber risks within enterprise risk management while building a long-lasting relationship with the business; developed the correct KPIs and KRIs thresholds based on the organization's importance and management concerns to measure performance and mitigate risk.
"A Risk-Driven Investment Model for Analysing Human Factors in Information Security" (PhD Thesis)
Information security and Computer forensics