Sr. IT Governance Specialist
Qatar Foundation
مجموع سنوات الخبرة :18 years, 10 أشهر
Accomplishments:
• Proffered visionary leadership to drive world-class intelligence-driven security in the face of a constantly evolving set of potential threats. Established cyber security strategy and roadmap plan for 3 years.
• Acted as a Trusted Advisor to Senior Leaders on IT governance matters.
• Bestowed with Thanaa Awards thrice for the excellent service delivery, teamwork and process improvement.
• IT Representative for Data Management and Data Protection initiatives of the Corporate Compliance Department
• SPOC for IT Service continuity and Business continuity and Crisis Management.
• IT Security Mentor and Trainer, spearheaded awareness programs that resulted in decrease of security events.
• Currently serving as delegate of Director of IT Governance and Security for next 4 months. And previously delegate of Manager of IT Governance for almost 18 months.
Responsibilities:
• Commanding development of the IT and IS governance, risk, compliance-related standards for eliminating security blind spots and accelerating innovation, transformation and growth.
• Driving enhancements / IT controls for providing a 360-degree view of organization’s security ecosystem, that would contribute to reducing issues and mitigating risks.
• Instituted an effective IT governance framework based on COBIT 2019, including policies/guidelines and providing programs/processes/practices and measures to promote transparency, accuracy, consistency across the Organization.
• Establishing Information Security Management Framework based on ISO 27001 and ISO 27017. Developing customized IT and information security policies and processes based on ISO 27001, ISO 20000, COBIT and other relevant standards.
• Contributing to a strong risk management culture by developing IT and OT Risk Management Framework based on ISO 27001, ISO 31000 and NIST. Managing and mitigating cybersecurity risk based on existing best practices.
• Developing SOW, evaluating proposals and overseeing outsourcing of Security Operations Centre (SOC)operations including SIEM, Vulnerability Management, Threat Intelligence, Digital footprint, EUBA, Digital Forensics and Incident management.
• Subject Matter Expert successfully led the implementation of
- Cloud Security Broker (MCAS)
- Azure Cloud Information Protection and Data Leakage Prevention
- IT GRC solution (RSA Archer) for Policy, Risk, Control, Vulnerability, Audit and Issue use cases or modules.
- Identity and Access Management solution
- Mobile Device Management and Mobile Application Management using Microsoft Intune.
• Owning security technology vision, and leading development of Secure Development Life cycle management process following a hybrid model of the waterfall and agile methodologies.
• Conducting Privacy Impact Assessment on new IT solutions based on Qatar Privacy Law. And ensuring compliance to Cybersecurity Framework 2022 for Qatar to align with the security requirements for World cup.
• Guarantying a robust event, incident and problem management is in place for information security incidents.
• Administering establishment of comprehensive life cycle asset management process for all types of assets, thus facilitating effective asset investment decision-making and achieving sustainable results in business performance.
• Leading world class teams in delivering planetary scale security & assurance solutions.
Accomplishments:
• Hand-selected to manage key clientDoha Bank, served as "Centre of Excellence" for IT Governance, Risk and Compliance. Reviewed and modified all ISMS and IT policies and procedures for Doha Bank.
• Played a key role in maintaining PCI compliant status, successfully led Payment Card Industry Data Security Standard (PCI DSS) implementation, thus developing a secure PCI environment across Doha Bank.
• Recognized for excellent project management, technology leadership, and strong advocacy to continually evolve through a culture of continuous improvement.
Responsibilities:
• Leveraged deep domain and industry expertise to provide end-to-end security solutions. Managed security strategy, planned, designed and maintained organizational risk management structure/ framework.
• Designed and delivered a technology strategy roadmap to improve process efficiency. Enabled intelligent process automation to accelerate transformation and breakthrough performance at lower costs.
• Owner of the IT security risk assessment processes. Performed assessment/ analyzed risks/issues raised internally (management, compliance, internal audit) and externally (regulatory, external audit observations), as well as completed corrective actions before formal validation/closure.
• Performed gap assessment for ISO 27001 control implementation, prepared a roadmap plan; revised all relevant policies and procedures.Migrated ISO 20000 to 2013 version
• Conducted gap analysis and reported on the IT process against IT standards, frameworks &practices.
• Propelled ITSM provision through introduction of policies, procedures and KPIs based on international standards/best practices. Reviewed/updated Operational Level Agreements (OLAs) within IT & SLAs for IT.
• ITSM process Internal Auditor, planned, conducted and reported audits in accordance to ISO 20000. Prepared Audit MIS, updated it periodically based on NC stats and reported to IT management periodically.
Accomplishments:
• Dexterously managed high-end projects for the key client: American Express LAC Region
• Appreciated by Business (American Express Technologies) for best practices adopted in the Team. Superintended the dynamic team to develop and implement best practices to avoid major incidents, reduce change mgmt. rejections, problem management issues & improve customer satisfaction. Mexico business took notice of best practices, shared with American Express VP, appreciated team & recommended other teams to implement the same.
• Bestowed with Best Team Award intwo consequent years 2009 and 2010 by TCS, for dedicated work, demand management projects, process improvements and for proactive measures taken to satisfy customers’ expectations.
Responsibilities:
• Spearheadedend-to-end management of projects, planned, executedand established project strategy, budget, and policies. Tracked project progress; monitored the smooth implementation of the project at client location and provided offshore support.
• Designed and delivered a technology strategy roadmap to improve process efficiency & cost-effectiveness.
• Benchmarked service standards/guidelines as per Global standards and in adherence with Service Level Agreements; analyzed data for continuous improvement in delivery and improving customer satisfaction based on the data.
• Ownership of managing the entire incident response lifecycle; restored normal service ASAP based on customer perspective and within defined SLA; detected, logged, categorized and prioritized incidents.
• Guaranteed availability, reliability, efficiency and performance continuity against established metrics and Service Level Agreements (SLAs).
• Built, managed, coached & mentored a high-energy, high-impact team, capable of delivering transformational results.
Previous Professional Experiences:
• Dec 2004- May 2005: Computer Science Lecturer, National Institute of Technology
Bachelor of Technology (Computer Science and Engineering), Cochin University of Science and Technology, 2004
لقد تم حذف الرابط بسبب انتهاكه لسياسة الموقع. يرجى التواصل مع قسم الدعم لمزيد من المعلومات.