Assistant Manager – Information Security Team
Standard Chartered Bank (Scope International) : July 2004 onwards
Total years of experience :32 years, 1 Months
• To comply with security policy & control procedures & ensure that security policy and control procedures are followed by staff under supervision.
• Review security-related access rights practices, directives and guidelines.
• Ensure compliance of suppliers of DP services, to access rights policy and guidelines.
• Define, implement, administer and maintain the security administration to control access to the Bank’s databases and application systems.
• Undertake periodical review and other exercises in relation with application security for compliance to current procedures/processes and implement enhancements to address non-compliance and security requirements.
• Participate and recommend user security administration approach / requirements at the development stages of new application systems to ensure the group policies including IT Policies and Group standards are being complied.
• Ensure all requests and changes are conducted in accordance with agreed service standards \[SLA\], agreed procedure and approved security matrix.
• Ensure privileged passwords/other documents are controlled as per process.
• The administration of user accounts and access rights, across Application within the enterprise
• To administer and institute application systems’ security and controls in ensuring integrity and confidentiality of the Bank databases and transactions processing systems against unauthorized access and deliver a quick and quality service to all end-users.
• Serve as a corporate focal point on matters of Application Security
• Recommend corporate access rights policies, and establish access rights objectives and goals for SCB, in support of overall corporate security policies, objectives and directives
Perform risk assessment and prioritize high, medium and low risk areas to form the basis for annual audit plans
Participate in the development of the annual IT audit plan and the mechanism to track and report progress against the plan on a regular basis.
Implement the strategic audit plan by leading, performing or supporting, as appropriate, the planning, fieldwork, and reporting of internal audit engagements to deliver agreed assurance objectives to established policies, procedures and IIA standards in the capacity of a team leader.
Identify areas of improvement and communicate non-compliance to key stakeholders
Write “Audit Reports” and debrief senior management on key risk issues
Provide assistance and support to business auditors in the IT aspects of business audit assignments
Perform special audit assignments or investigations as mandated by regulatory authority
Team management roles, such as recruitment of junior auditors, conduct regular performance reviews and mentor/coach team members at all stages of an audit.
Promote and enhance risk culture in the bank by acting as a “Change Leader”
Establish and develop effective working relationships with various stakeholders.
Performed ISMS Audits based on the Information Security Policy and applicable elements of ISO\IEC 27001.
Conducted verification of client Contracts/MSAs for all Internal Projects/support groups as part of Verification of Corporate ISMS Policy Compliance.
Participated in external audits and independent audits by the clients.
Tracking audit findings; verifying & closing the remediation measures taken.
Performed gap analysis of various legacy applications of the bank with IRM baseline controls and operations security guidelines to ensure compliance.
Planned, coordinated, conducted, and directed audit engagements that were predominantly IT in nature. Types of audits included Infrastructure audits, ITGC reviews, application control reviews, and network security assessments.
Prepared and reviewed audit work papers prepared by other internal audit staff.
Identified the gaps and communicated with senior management and obtained their agreement on the non-compliance and action plan to mitigate the risk along with a due date.
Prepared audit reports and disseminated the reports at appropriate level.
• To comply with security policy & control procedures & ensure that security policy and control procedures are followed by staff under supervision.
• Responsibilities include implementation and control a centralized IT Security Operations
• Ensuring quality services as per pre define service level agreement and constantly improving service standards
• Managing centralized IT Security operations of over 15000 users spread across many countries like U.S.A., U.K., UAE, SriLanka, India & Africa.
• To manage the team resources to optimize effectiveness and performance levels, recommending training, development, and reward as appropriate.
• Prepare security MIS and ensure the service delivery as per the pre-defined SLA
• Analyze the security problems, Identify the risk involve and mitigate the risk to the acceptable limit
• Responsibilities include implementation and control a centralized IT Security Operations
• Handling day to day security related problems
• Custodian of high privilege ids
• Ensuring quality services as per pre define service level agreement and constantly improving service standards.
• Ensure the compliance of security policies, procedures and standards define by the group and identify control weaknesses and minimize risk.
• Hold thorough knowledge of Operating System and Application exploits and vulnerabilities
• Research damage control measures to minimize downtime after security violations within the network
• Was responsible for all supervisory functions supporting all the critical business processes in the operations department & front office desk.
• Handled all front office functions like Customer Services, liaise with couriers & other correspondence banks & outsource vendors etc.
• Responsible for day to day centralized operations controls and process & liaise with the other branches of the banks, cheques collections Processing.
• Participated in Users Acceptance Test & Operators Acceptance Test in relations to Application Software Cashin Used by Cash Management Services.
• Monitoring of day to day data center operations like start of day / end of day operations and taking data backup and liaising with software and hardware vendors for fixing problem fixing and to ensure maximum system availability.
• To supervise the operation of the message system and to ensure the expeditious handling of message traffic by the staff.
• To comply with all administrative & control procedures & ensure that administrative and control procedures are followed by staff under supervision.
• To manage the connectivity between the Bank and SWIFT
• To make recommendations for improvement of auto-routing, utilization of SWIFT, reduction in telex usage, and other work practices.
• To authorize and verify for release messages created or amended in Message center.
• To ensure business continuity plan (BCP), disaster recovery plan & SWIFT lines connectivity fallback plans are up to date and tested regularly.
• Primarily responsible for System Administration / Maintenance of PC-LAN and standalone system & Data Center Operations.
• Responsible for Processing of Data on daily, weekly & monthly basis, Start of day / End of day procedures, and Data/System Backup functions,
• Performed a comprehensive systems and EDP supervisory role. Co-ordinate with 100-150 branch level users and liased with software and hardware vendors to provide day to day system support for the branch.
Certified in Risk and Information Systems Control (CRISC) (June, 2012).
Certified Information Security Manager
Project Management
BS7799 implementation
ITIL Foundation
Certified Information System Auditor
Certified Associates of Indian Institures of Bankers
Bachelor of Commerce