Shomayle Ahmad Faruqi Cyber Security IOT Security Artificial Intelligence GRC Data Privacy OT security

Director Cybersecurity

AKW Consultants

Location: United Arab Emirates - Dubai
Education: Bachelor's degree, Computer Science
Experience: 14 years, 2 Months

Work Experience

Total years of experience :14 years, 2 Months

Director Cybersecurity at AKW Consultants

United Arab Emirates - Dubai
My current job since May 2023

 Acting CIO for AKW and prestigious client in UAE
 Strategizing security with business goals
 Providing security managed services
 Building IT & cloud infrastructure from scratch for clients in UAE
 Managing development team to build secure compliance software.
 Providing consultancy for technology requirements with cyber security at its core
 Assessing the vendor applications for secure architecture
 Security testing for vendor applications
 Providing Consultancy for UAE data protection law, DIFC data privacy law, healthcare data protection law
 Heading Vulnerability Management & Data Privacy Program

Clients handled in 1 year:

1. Delivered successful Cyber & IT security services.
2. Development IT & Cybersecurity framework along providing Cybersecurity & Infra Management for two gold & precious metals refineries.
3. IT/Cyber Security & Data protection Services for Global Real Estate & Insurance organizations.
4. Aligned Business, AML Compliance & Cybersecurity Frameworks.

Senior Security Solution Architect & Program Manager at Genesys

India - Hyderabad
September 2022 to April 2023

 Senior Security Solution Architect & Program Manager
 Architecting and Reviewing Cloud Security applications
 Handling Data Privacy Requirements (GDPR)
 Managing team across globe for Data Privacy and security tasks
 Conducting vulnerability assessment and penetration testing

Security Architect - Embedded Systems at OTIS elevators

India - Hyderabad
May 2020 to August 2022

 Cyber Team management
 Architecture cloud software solutions focusing on security and privacy
 Leading Product Cyber Security projects across globe.
 Developing Cyber OT Strategies
 62443 Standard Implementation across Products
 Digital Product Architecture Reviews
 Vulnerability Assessment & Penetration Testing for Network, Applications, Kubernetes Docker APIs & Embedded systems.
 Threat Modelling Tool implementation - IRUISRISK
 Cyber Security Playbook development
 DevSecOps tool implementation - Coverty, Blackduck, Netsparker.
 Product Cyber Security Lab Setup

Cybersecurity Architech at Hewlett Packard Enterprise - India

India - Bengaluru
August 2018 to April 2020

 Leading Cyber team for Global Customers.
 Leading Cyber Security projects across globe.
 Planning, effort costing, managing & delivering Cyber Security Projects in France, Switzerland, Qatar, Saudi Arabia, South Korea & US.
 Presales support for Cyber Security projects.
 Projects Summary:
 Enterprise security assessment based on ISO 27001, PCI DSS, NIST, MTCS, IRAP, APRA & CIS Benchmarking, government regulations.
 Cloud Security Assessments based on Azure, AWS & Cloud Security Alliance.
 Network Security Assessment & roadmap development.
 Assessing & developing secure configuration guidelines for Firewalls, switches, Servers, Active Directory, Azure, AWS & Storage boxes.
 GDPR Assessments for European customers.
 Security Operations Center - Defining, developing and implementing process, procedures & tools.
 Vulnerability Assessments for Applications & Network components.
 Conducting Risk Assessments for entire infra components.
 Developing process & conducting Business Impact Assessments.
 BCP/DR Assessments and improvement roadmap.
 Developing process, policies & procedures across all security domains.
 Developing technical guidelines to secure Applications, Databases, Network & Infrastructure Components
 Developing Cyber Security Framework

Deputy Manager - Technology & RISK Advisory at Deloitte Touche Tohmatsu

India - Bengaluru
February 2017 to August 2018

Client 1 (current): Working in Information Risk Management team for one of the biggest global Oil and Gas Organization. Activities include:

 PCI DSS, PA DSS, ISO 27001, SOC 1/SOC 2, MTCS & GDPR Audits and Architecture designing.
 Working on multiple in-house and externally developed Applications from the design stage to incorporate DevSecOps concepts as per PCI DSS, PA DSS, ISO 27001, SOC 1/SOC 2 & GDPR requirements.
 Conducting Risk Assessment for Servers, network devices & applications.
 Threat and Vulnerability Assessment - Network and Application level.
 Conducting third Party Information Sharing Risk Assessment.
 Working closely with Legal and Privacy team for right contracts for applications and service providers.
 GDPR program for 80+ existing applications (External and internal).
 Threat modeling for programs.
 Assessing applications in 4 phases- Security requirements at Project Initiation, Design, Code/Testing, release.
 Review Security Architecture High Level Design for programs.
 SOX readiness Audits.
 Managing stakeholders across different geography. (Houston, New York, London, Netherlands, Hague, Turkey, China, Australia, Manila)
 Conducting Business Impact and Legal/Regulatory assessments for applications.
 Working with the development team to close the open vulnerabilities.
 Mapping controls with Third Party provided assurance reports.

Other Clients: Banking and Manufacturing

 Handling a team of 3 professionals.
 ITGC Audit
 Network Security Audit
 PCI DSS readiness Audit
 SOC 1 and SOC 2 Audit

Senior Consultant - Technology & Risk Advisory at KPMG Global Services

India - Bengaluru
November 2015 to February 2017

Handling multiple clients across US geography for:-

 Leading a team for IT Audit & Attestation
 Security Architecture Reviews - Network and Application
 Vendor Risk Assessment
 IT General Control Audit
 IT Application Control Audit
 Network Audit
 PCI DSS Audit
 SOC 1 and SOC 2 Audit/Reporting
 BCP and DR Audit
 Delivering training for PCI DSS, ITGC and ITAC controls
 Quality Assurance - Perform Quality assessment of the audit tests performed on critical controls, Review and report out periodic assessments
 Client walkthrough on the process gaps and critical findings.
 Development of audit/testing procedures based on Client walkthroughs

IT Security Lead at Pine Labs Pvt. Ltd

India - Noida
October 2013 to October 2015

 PCI DSS Implementation & Audit.
 PA DSS Internal Audit.
 Visa PIN Security Implementation & Audit.
 IT Internal Audits.
 IT General Control Audit.
 Network Design as per PCI DSS requirements.
 Firewall Rule Set Reviews.
 Working knowledge and flow of Payment Application.
 Implementation of security controls in PAYMENT GATEWAY Application as per PCI DSS.
 BCP/Disaster Recovery Site set up.
 Risk Management.
 Hardware Security Module (HSM) Key Manager. (Encryption & Decryption Keys)
 Handling Bank Security Audits. (Visa, Discover, Master Card, Citi Bank, HDFC, ICICI, SBI etc)
 Handling Customer Security Audits.
 Business evaluation for security tools, technologies and processes.
 Managing Vendors related to security requirements.
 Organization Level implementation of security process frameworks, compliance and risk requirements and regulations, with particular regard to data privacy and protection.
 Vulnerability Assessment and Penetration Testing using tools like IBM App Scan, BurpSuite, Kali Linux & Qualys including manual testing.
 Assisting with IT risk & security awareness training programs.
 Plan and execute assessment of key IT controls and ensure detailed remediation plans are developed to address these issues.
 Designing Business Continuity Planning.
 Reviewing Business Continuity Plan Test Report.
 Incident Management.
 Web Application Firewall Implementation.

Information Secuirity Senior Executive at Hcl Technologies

India - Noida
February 2012 to October 2013

 Implementation of security process frameworks, compliance and risk requirements and regulations, with particular regard to data privacy and protection.
 Conducting Security Audits for 9 Facilities of HCL Technologies (STPI facilities & SEZ facilities)
 Security Incident Management
 Vulnerability Assessment and Penetration Testing
 ISO 27001:2005 Internal Audits
 SSAE 16 / SAS 70 Audits
 PCI DSS Audits
 Critical Parameter Audits
 Managing Client Audits
 Handing External Audits
 Data Center Audits
 Conducting Monthly Reviews
 Assisting with IT risk & security awareness training programs
 Manages risk and vulnerability assessments of systems.
 Conducting Asset Evaluation
 Plan and execute assessment of key IT controls and ensure detailed remediation plans are developed to address these issues.
 Designing Business Continuity Planning for Engagements based on ISO 22301
 Conducting Business Continuity Plan Test
 Reviewing Business Continuity Plan Test Report

Executive - Quality Control & Security at Motherson Sumi Infotech and Designs Limited

India - Noida
February 2011 to January 2012

 Ensure work practices are conducted in accordance with all compliance requirements.
 ISO 9001:2008 Audits
 ISO 27001:2005 Audits
 Vulnerability Assessment & Penetration Testing
 Risk Assessment
 Business Continuity Plan (Implementation & Testing).
 CMMi L5 Processes implementation.
 Conducting peer reviews/ one on one review and tracking the review findings to closure.
 Responsible for ensuring sufficient QA facilitation is available to the project.
 Participating in defect prevention meetings & process reengineering.
 Participating in Internal Audit / Monthly QA audits / Release Audits on a defined frequency for process compliance and also ensuring the timely closure of the findings.
 Participating in the deployment of other performance improvement methodologies.
 Utilizing exposure of Application software- MS office, MINITAB
 Delivering training to establish Process Performance Model & Process Performance Baselines
 Data Analysis and Data collection for projects.
 Formation Of Process Performance Models for projects estimations.
 Formation Of Process Performance Baselines.
 Facilitation of documentation of projects for CMMi L5 Processes
 Establishing and improving processes.
 Documentation and Release of IT processes like Anti-Virus Management, Patch Management, Application Hosting, Asset Management.
 Conducting ISMS and initiating improvements in the processes.
 Handling organization level CSAT (Customer Satisfaction). Planning, Monitoring, Tracking and Ensuring the implementation of action plan to fulfill the identified Gaps at project and engagement level.
 Responsible for collection of metrics for the projects.

Associate - Quality Assurance & Security at Hcl Infosystems

India - Jaipur
April 2010 to January 2011

 ISO 9001:2008 Audits
 ISO 27001:2005 Audits
 Data Center Audit
 CMMi L5 Processes implementation.
 Conducting peer reviews/ one on one review and tracking the review findings to closure.
 Responsible for ensuring sufficient QA facilitation is available to the project.
 Participating in defect prevention meetings & process reengineering.
 Participating in Internal Audit / Monthly QA audits / Release Audits on a defined frequency for process compliance and also ensuring the timely closure of the findings.
 Participating in the deployment of other performance improvement methodologies.
 Utilizing exposure of Application software- MS office, MINITAB
 Delivering training to establish Process Performance Model & Process Performance Baselines
 Data Analysis and Data collection for projects.
 Facilitation of documentation of projects for CMMi L5 Processes
 Formation of Process Performance Models for projects estimations.
 Formation of Process Performance Baselines.

Education

Bachelor's degree, Computer Science

at Amity University
June 2009

Specialties & Skills

Operational Systems

+Endorse 0

Artificial Intelligence

+Endorse 0

CISA

+Endorse 0

CISSP

+Endorse 0

Cyber Security

+Endorse 0

Cybersecurity

+Endorse 0

CISSP

+Endorse 0

Products By Bayt.com

Use Our Mobile App

Shomayle Ahmad Faruqi Cyber Security IOT Security Artificial Intelligence GRC Data Privacy OT security

Work Experience

Director Cybersecurity at AKW Consultants

Senior Security Solution Architect & Program Manager at Genesys

Security Architect - Embedded Systems at OTIS elevators

Cybersecurity Architech at Hewlett Packard Enterprise - India

Deputy Manager - Technology & RISK Advisory at Deloitte Touche Tohmatsu

Senior Consultant - Technology & Risk Advisory at KPMG Global Services

IT Security Lead at Pine Labs Pvt. Ltd

Information Secuirity Senior Executive at Hcl Technologies

Executive - Quality Control & Security at Motherson Sumi Infotech and Designs Limited

Associate - Quality Assurance & Security at Hcl Infosystems

Education

Bachelor's degree, Computer Science

Specialties & Skills

Training and Certifications

CISSP (Certificate)

Products By Bayt.com

Shomayle Ahmad Faruqi Cyber Security IOT Security Artificial Intelligence GRC Data Privacy OT security

Share My Profile

Block User

Work Experience

Director Cybersecurity at AKW Consultants

Senior Security Solution Architect & Program Manager at Genesys

Security Architect - Embedded Systems at OTIS elevators

Cybersecurity Architech at Hewlett Packard Enterprise - India

Deputy Manager - Technology & RISK Advisory at Deloitte Touche Tohmatsu

Senior Consultant - Technology & Risk Advisory at KPMG Global Services

IT Security Lead at Pine Labs Pvt. Ltd

Information Secuirity Senior Executive at Hcl Technologies

Executive - Quality Control & Security at Motherson Sumi Infotech and Designs Limited

Associate - Quality Assurance & Security at Hcl Infosystems

Education

Bachelor's degree, Computer Science

Specialties & Skills

Training and Certifications

CISSP (Certificate)