Vice President - Security
ISYX Technologies LLC
مجموع سنوات الخبرة :27 years, 11 أشهر
• Responsible for managing USD 8m Information Security business within Middleast, Africa and India.
• Responsible for pre-sales, aligning service offerings with market trend, upselling, cross selling and collection, own complete P&L for the practice.
• Manage Sales, Presales and Delivery team within the practice. Liaise with Strategic account management team to drive large multi-BU deals
• Direct consulting delivery of programs running within Middleast. Manage team of 30+ consultants.
• Client / CxO relationship management. Established as trusted advisory to multiple accounts within Middleast.
• Managing solution and thought leadership for varied industry - O&G, BFSI, Government, Retail, Telecom, Enterprises.
• Established strategic partnership with EMC and MetricStream for the IT GRC solution. Establishing MetricStream Development center in India GDC.
• Developing ICS Security offerings for Utility and O&G Sectors
• Established strategic partnership with Sailpoint IAM and establishing Sailpoint training and COE Center in India.
Added portfolio of Digital Transformation and Enterprise Applications
• Responsible for managing IT governance, digital transformation, enterprise applications, information security, risk management, business continuity management, IT Strategy and planning, project management office, and auditing.
• Managing strategic initiatives on Digital Transformation, SmartCity and IT Sustainability
• Responsible for formulating Smart City security and IoT security framework
• Member of IT Steering Committee, Sustainability Committee, CAB, Information Security Steering Committee.
• Established 3 year IT strategy and operating plan aligned to organization objectives. Restructured and transformed IT department from ‘function focused’ to ‘service focused’ to enhance customer service and achieve operational excellence.
• Evaluated SAP ERP and currently implementing S4 HANA Cloud solutions (Finance, HR, Successfactors, procurement, C4C)
• Directing implementation of enterprise solutions like Maximo, Primavera, Salesforce CRM, corporate website, DMS
• Directed development of Real Estate solution on Salesforce, Directed development of brokers portal
• Achieved ISO 27001 certification within 3 months of joining. Implemented Dubai ISR requirements across the organization. Aligned the ISR and ISMS requirements with COBIT 5 to establish a unified compliance framework.
• Established security operations framework to manage day-to-day operational activities and continuous monitoring
• Established an IT project management office and Directed implementation of Service Desk and ISO 20000 processes
• Directing document management system implementation
• Directing enterprise mobility solution development for customers and internal users.
• Established technology roadmap and Digital transformation roadmap as part of larger SmartCity program.
• Responsible for managing USD 4+ mn revenue Security and GRC consulting practice within Gulf region. Also responsible for pre-sales, aligning service offerings with market trend, upselling, cross selling and collection.
• Direct consulting delivery of programs running within Middleast. Manage team of 50+ delivery consultants.
• Client / CxO relationship management. Established as trusted advisory to multiple accounts within Middleast.
• Achieved 70% of the revenue targets from the existing customer and brought 5 new logos during the tenure.
• Demonstrated sequential growth and over achieved the operating margins through optimal utilization of resources.
• Developed new service offerings like Data privacy, third party security framework, Implementation of Information Security Regulations (Dubai) and NCEMA 7000 (UAE) business continuity standards.
• Developed and implemented security strategies, implementation roadmap, policies and governance framework.
• Directed implementation of Information security management system in line with ISO 27001 standards for telecom and banking clients. Project involved current state assessment, security policies and procedures, roles and responsibilities, asset registry, data classification, risk assessment and mitigation, security awareness and pre-audit assessment.
• Directed implementation of service resilience program aligned to ISO 22301 standards for telecom and banking. Designed and developed BCMS framework, conducted BIA, developed business continuity and disaster recovery strategies, plan and procedures. Developed crisis management plans, BC drills and test plans and full simulation and table top exercises.
• Managed PCI-DSS consulting engagement involving gap assessment, mitigation of gaps, project management for technical control implementation and carrying out internal assessment
• Designed and developed IT risk management framework aligned to RCSA methodologies. Aligned it to enterprise risk management and operational risk management framework in line with COSO.
• Project managed application and infrastructure assessment involving threat profiling of applications, source code review, vulnerability assessment and penetration testing, establishing secured application development lifecycle framework.
• Implemented Unified compliance framework for an O&G company in KSA. Identified various legal and regulatory requirements, analyze impact of these requirements, referenced the applicability, mapped various laws to IT functions, designed unified framework, built compliance universe and developed dashboard and reporting matrix.
• Directed implementation of Archer eGRC SmartSuite tool for clients within telecom, banking and O&G
• Provided advisory services on implementation of ADSIC requirements for Abu Dhabi government organizations.
• Project managed assessment for banking on cyber security against the requirements of SAMA security controls.
• Established and implemented security operations (SOC) processes and security incident response (SIRT) processes.
• Carried out organization wide information security awareness campaigns which involved preparation of contents for different delivery channels and carrying out class room awareness sessions for more than 1000 employees.
• Manage IT Infrastructure, operations and security function of the organization with 12 member team.
• Provide strategic direction and advise CIO on latest trends, evaluate technologies and controlling and manage annual Infrastructure OPEX budget of QR 12m and CAPEX budget of QR 10m
• Designed and Implemented IT Security governance model based on ISO27001 standard.
• Developed Risk Assessment procedure and carried out enterprise wide IT risk management. Conducted Vulnerability assessment and external and internal penetration testing for critical IT components.
• Implemented service resilience in line with BCMS standards. Conducted business impact analysis and risk assessment.
• Developed IT Business continuity Plans, Recovery procedures and crisis management plan.
• Implemented Disaster recovery site and built redundancy for key IT services.
• Developed and implemented IT Governance processes based on CobiT framework. Conducted assessment of current state, mapped the controls with the identified gaps, evaluated and prioritized controls to be implemented.
• Developed IT infrastructure roadmap and Operational plan for 2 years.
• Established and implemented Project Management Office for centralized management and delivery of IT initiatives. Automated project management process through implementation of MS Project Server and MS SharePoint Server
• Defined and established Change management process and IT Change Management Committee
• Aligned the process model to ITIL framework and led the ISO 20000 implementation. Developed ITSM policies, processes and performance metrics. Implemented tools like InfraDesk service desk management, Nagios network monitoring.
• Implemented Virtualization technology. Reduced hardware and maintenance cost by QR 450, 000 for the first year.
• Improved IT Service availability and consistently maintained 99.99% availability for Core IT Services (ERP, Mail and Intranet) and 98.00% for non-core IT services. Consistently achieved service levels.
• Negotiated and managed outsourcing contracts for network and systems support, security and user support ensuring the required service level targets are achieved. Renegotiated contracts with different vendors to save QR 375, 000 yearly.
• Managed upgrade of Oracle e-business suite from 12.0.4 to 12.0.6. Set up high availability through read-only and standby Oracle database. Conducted Oracle e-business suite application and infrastructure performance evaluation.
• Direct the information technology function of the organization with 22 member team, 5 direct reportees.
• Provide IT strategic direction in line with business objectives and valued member of senior management team.
• Controlling and managing annual OPEX budget of USD 6m and CAPEX budget of USD 3.5m.
• Mapped enterprise strategy and balanced scorecard with IT vision. Developed IT balanced scorecard in accordance with the business strategies with performance metrics. Conducted reporting and presentations to executive committee
• Developed 3 year IT strategic and operational plan aligned to business strategies.
• Implemented IT security governance model based on PCI-DSS and ISO 27001 security standards.
• Carried out organization wide Information classification, IT risk identification and risk assessment activities. Developed the risk mitigation plans. Defined IT security metrics and process for monitoring and evaluating the metrics.
• Developed IT Security policies as per the standard requirements. Implemented IT security tools like TippingPoint IPS, NetContinuum Web Application firewall, RSA Envision SIEM, SolidCore File Integrity Monitoring system.
• Developed IT Business continuity plan. Conducted BIA for key IT services, developed IT Recovery procedures and crisis management plan. Implemented a partial Disaster recovery site and built redundancy for key IT services.
• Implemented ITIL best practices based on ISO20000 for service support and service delivery processes. Saved operations costs by 14% in first year through this implementation.
• Improved IT services availability and consistently maintained it above 99.900% through implementation of ITIL service delivery processes such as Availability & Capacity management and building necessary redundancy on critical services
• Implemented tools like CA Unicenter Service Desk Management System and CA Spectrum Network Management System.
• Saved $ 90, 000 per year on staff overheads by restructuring IT department
• Reduced Leased lines cost by 11% yearly through establishing VPN connections and eliminating P2P connectivity.
• Saved $ 85, 000 by enforcing desktop and printer re-usability policy and plan.
• Re-negotiated SLAs with different vendors to save $185, 000 yearly.
• Improved IT inventory accuracy to 99.90% by enforcing organization wide asset management plan.
• Reduced total cost of ownership by IT inventory standardization and consolidation techniques.
• Led the BlackBerry Enterprise solution rollout project & reduced the mobile telephony costs by 25%.
• Program managed server consolidation by implementing VMware based virtualization technology.
Responsibilities
• Direct the information technology function of the organization with 14 member team.
• Responsible for setting up IT function for the startup through development of processes, implementation of technology and bolstering the function by resourcing. Reporting into General Manager.
• Controlling and managing annual OPEX budget of QR 9m and CAPEX budget of QR 3m
Key Achievements
• Bolstered information security function through implementation of controls from ISO 27001 standards.
• Implemented service support and Service delivery framework based on ITIL framework. Established Service Desk with 2 service desk technicians to support more than 250 users spread across different locations.
• Transformed a stagnant IT department into a highly functional and performing team by reorganizing the structure, developing and implementing effective motivational and incentive programs.
• Reduced employee overheads by 23% with introduction of incentive scheme and elimination of overtime scheme
• Architected infrastructure consolidation through VMware based virtualization solution reducing hardware costs by 55%.
• Developed in-house application integration enabling cost saving of more than QR 200, 000.
• Conducted IT audits on suppliers and selected customers to meet company standards on IT security.
• Projects Managed implementation of Warehouse Management system with RF technology (STP from ATMS, UK), Orion ERP (Finance, Payroll and HR, Operations) and Business Process Management System (Ever-Suite, France), GPRS based Vehicle Tracking system (Trace), Xroadz CRM and Freight Forwarding System (Flotilla)
Responsibilities
• Accountable for information systems of the group with 3 member team. Reporting into group CIO.
• Provide IT setup support for new companies within the group. Responsible for consolidating and integrating technology for centralized IT function.
• Controlled annual CAPEX and project budgets of $ 4.5m.
Key Achievements
• Handled IT Infrastructure of 3 individual companies under the Group (Cosco Logistics, Cosraco LLC, and Trident Logistics).
• Established security function at group IT level. Developed group security policies, procedures, established risk management framework. Implemented controls of security standards like ISO 27001.
• Saved cost and optimized resource by implementing help desk support management system to serve over 100 users.
• Architected designing the LAN / WAN infrastructure and its implementation for 3 group companies entailing cost estimation, designing the server configuration, structured cabling, security and telecommunication requirements.
• Capably performed process modeling for logistics and shipping business for group companies which helped in optimizing the business process resulting in operational efficiency and reduced costs
• Conducted IT audit of the operations with the quality department team ensuring proper compliance of standards.
• Projects Managed Implementation of e-business Shipping Application (IRIS2), Warehouse Management System (DCNet), Server migration from MS Windows NT to MS Windows Server 2003. Migrated 50+ servers, Enterprise wide desktop migration from Windows 98 to Windows XP. Migrated more than 1000+ desktops.
Key Achievements
• Rendered security support of over 250 users while efficiently handling support team of 3.
• Provided project management and security product evaluation consultancy to multiple clients
• Conducted quality control and security audits on business application as a part of consultancy to the customer.
• Established security function with defined policies, procedures, roles and responsibilities, processes for healthcare organization.
• Grown security services from AED 400, 000 to AED 1.2m within 3 quarters by introducing new security offerings.
• Project Managed Multiple LAN/WAN networking projects which included structured cabling and configuring network components, Migration of enterprise wide desktops from Windows 98 to Windows XP, IT Security projects including implementation of firewall and VPN, transition of McAfee to Symantec Norton Antivirus.
Key Achievements
• Designed and developed Insurance, Billing, ADT, OT Modules and laboratory equipment interfacing with HIMS
• Managed support with limited resources during post implementation support and maintenance contract for various customers.
• Got an appreciation letter from customer for closing Zulekha Hospital project on time with great customer satisfaction
• Managed the project for HIMS product new features development.
• Implemented design procedures that increased efficiency, accelerated customer satisfaction and slashed error rate.
• Successfully reduced the number of software bugs by code standardization and streamlining the software development process.
• Projects Managed Implementation of HIMS at Zulekha Hospital, Welcare Hospital and Emirates International Hospital, Laboratory Equipment interfacing with HIMS at Emirates International Hospital, Al Ain
• Joined the organization as a Sr. Programmer and was promoted to Systems Analyst within the span of six months.
• Developed Pre consultation, Consultation and Time Limit Module single-handed for the Town Planning Application.
• Developed the Security module for the Town Planning Application.
• Engaged in integrated testing of the application.
• Providing post implementation support to the customer. Maintaining single handed support for more than 70 users
• Actively involved in co ordination with client during system study along with the Project Manager.
• After Promotion, was totally involved in customer co ordination during the implementation and designing the system.
• Joined the company as Trainee Programmer and was promoted to Programmer and then to Sr. Programmer within 18 months time.
• Was involved in Inventory system development as programmer
• Developed the screen prototype for client approval and developed the modules.
• Engaged in unit testing of the modules.
• Engaged in the Financial Accounting system development.
• Participated in implementation of Financial Accounting System.
• Involved in post implementation support and training