Richard Uh

• Overseeing the Business Information Security spanning 7 locations/regions whilst providing governance of CISO operations.
• Established a holistic information security strategy/framework aligned to business strategy with KPI metrics based on global best practices whilst supporting the organization’s Digital Transformation.
• Revamped the Technology and Cyber Risk management practice (identifying, analyzing, treating and reporting) covering the whole technological and data landscape, to aid business decision-making and flexible enough to address today’s threat landscape including third-party (vendor) risk management, cloud adoptions and cyber due diligence.
• Developed a holistic cybersecurity awareness program to continually improve the Group’s security awareness culture inclusive of security champions’ initiative and pioneered the Cybersecurity Awareness Month (CSAM) campaign.
• Supported the creation of the Group’s Data Privacy framework and aligned privacy-by-design practice as part of organization’s DNA including Data Security Maturity and Lifecycle strategies for protecting “crowned-jewels” in compliance with global data privacy regulations such as EU’s GDPR, Singapore’s PDPA etc.
• Performing Privacy Impact Assessments on new products/services to ensure the compliance with data protection requirements for business functions and high-risk processing.
• Revamped information security policies, procedures, guidelines, and standards as per industry best practices and multi-jurisdictional data privacy regulations/guidelines.
• Overseeing a unified regulatory compliance program for managing all IT and cybersecurity regulatory compliance requirements across all the global regions (UAE, Egypt, London, Saudi Arabia, Singapore, India, Turkey) such as ISO 27001, PCIDSS, NESA, ISR, Dubai Data Law, DFSA’s Cyber Risk Management, MAS TRM, SAMA CSF etc.

• Develop and implement IT security strategies including compliance to relevant Information security standards (ISO 27001, DGISR, PCI DSS, and ADSIC), vulnerability assessment and awareness trainings.
• Manage a portfolio of services to assist clients in strategically aligning, measuring and governing their IT systems including IT Governance, IT Service Management, Business Continuity, Internal Audit of IT Controls and Process Improvements.

o Responsible for Information assurance (security) and risk management Initiatives for clients including Managed Security Services, Implementation of SOC and Vulnerability Assessments.
o Integrating best practice frameworks around ISO 27001, PCI DSS, COBIT, ITIL etc. and assisting organizations in creating roadmaps in achieving the goals of these framework..
o Advisory role on IT Governance, Risk and Compliance strategies and delivering professional services to clients as they develop and evolve their services.

• Responsible for preparing and certifying organizations to the PCI DSS standard.
• Overseeing and conducting IT Service Management using ITIL, ISO 20000 implementation and certification support for organizations.
• Conducting vulnerability assessments, penetration tests, risk assessments, ISO27001 gap analysis & certification support, IS audits, PCIDSS compliance assessments, business continuity planning & IT controls assessment
• Implementing challenging technology solutions to improve clients’ productivity and competitive advantage for Government, Conglomerates & privately held organizations.
• Organizing training/Certification programs across various fields in the IT industry

Accomplishments
• Holds the distinction of serving as:
o Project Team Lead Implementer - PCI DSS (NIBSS PLC - PCI DSS Certification Project- 2012)
o Assistant Coordinator - ISO 20000 (First Bank Nigeria - ISO 20000 Certification Project -2012)
o Assistant Team Lead - ISO27001 Gap Analysis, Risk Assessment, Project Implementation Management & Assurance (Unity Bank PLC - ISO 27001 Certification Project -2011)
o Assistant Team Lead - PCIDSS Diagnostics, PCI Gap Analysis, Project Implementation and Penetration Test (Unity Bank Plc - PCI DSS Gap Analysis and Penetration test project -2011)
o Team Trainer - Training of 250 IT staff of the Central Bank in IT Service Management using the Information Technology Infrastructure Library (ITIL Framework)- Central Bank of Nigeria (2012)
o Head Trainer - CISCO Certified Network Professional Training for 13 members of Network Team-MTN Communications Nigeria (2011)
o Head Trainer - Microsoft Office training for 102 Enterprise Staff Members- NIMC Ltd. (2010)
• Developed process for engaging stakeholders in clients sites throughout the lifecycle of the project & maintained, & Maintaining a daily log, risk register & weekly highlight report to add more distinctive value in delivering the projects coordinated -on time, one time and every time.
Awarded with Best Appearance/Composure Award in 2011

• Organised & conducted training for both corporate & retail clients in Microsoft, Comptia, Cisco and EC-Council Courses, including A+, Network +, Security +, Windows 7, Windows Server 2003/2008, Office, ITIL, CCNA, CCNP & CEH
• Ensured Customer Satisfaction through Continuous Service Improvement in Incident Resolution

Accomplishments
• Pivotal in implementing post-training recommendation for clients in security assurance, vulnerability assessments and network troubleshooting
• Administered activities like content creation for CISCO and Comptia Courses; developed process workflow for post-training support for organizations

Overseeing the operations of the IT department in automating processes used in delivering the transportation and Hospitaly services provided

Troubleshooting Client's remote sites