Practice Consultant
Intertec Systems
مجموع سنوات الخبرة :16 years, 11 أشهر
Consulting Practice team and supporting the business development, sales
& delivery of IT Advisory services.
* Define, maintain, enhance and recommend client's information security
Policies & Procedures
* End-to-End project planning, Tracking, reporting and Communication to
stake holders, ensuring scope management, adequate and efficient
resource planning, activity sequencing, effort & cost estimation
* Support Sales for managing Pre-Sales activities. Writing proposals,
responding to RFPs and client presentations. Work closely with OEMs
and partners to support the development of winning solutions at
optimum cost
* Development of consultancy portfolio based on the market study,
analysis and requirement identification; Engage in advanced security
discussions with prospective and existing clients
* Managed ISMS implementation support across clients in Middle East
including Banks, Govt. private firms, group-entity organization’s such as:
- ISO 27001:2013
- NESA (Information Assurance standard and NCRMF frameworks)
- Dubai Information Security Regulation (ISR)
- Abu Dhabi Systems and Information Center Information Security
Standard (ADSIC)
* Maintained 100% client retention through consistent high-quality
execution with focus on outcome based delivery resulting into revenue
generation though project extensions.
* Monitoring & Evaluation of projects, Conduct Knowledge transfer
workshop, Participate in Organizational Capacity building and Training
* Designed and conducted training campaigns across organizations
advice clients on
internal processes, process improvements, technological improvements, process
automation as well data/technological security and identify opportunities for new
projects, defining new methodologies and building solutions.
* Was involved in a Leading Retail Company for Governance Risk and
Compliance, Security Awareness for Managed Security Services;
defining and ensuring quality of the deliverables, perform Gap
Assessment based on ISO controls and PCI DSS and populating the
gap assessment report, designing IT governance strategy, guidelines,
procedure and policies. Conduct Information Security & Business
Continuity trainings to Information Security team and IT Operations.
* Assisted a Bank in Qatar and Financial Service Organization in Bahrain
with review, implementation and successfully achieve certification
against the ISO 22301:2013. Also conducted BCMS Awareness
Sessions, Tabletop exercise and Management Review Meeting for
BCMS and provided onsite audit support for ISO 22301.
* Assisted a leading Bank in UAE with review, implementation and
successfully achieve certification against ISO 27001:2013 and ISO
9001:2015. Additionally provided Onsite Surveillance audit support.
* Assisted government organizations with review, implementation and
successfully achieve certification against Abu Dhabi Systems and
Information Center Information Security Standard v2.0 (ADSIC).
* Assisting a Bank in Qatar with review, implementation and successfully
achieve certification against ISO 27001:2013 and PCI DSS v3.2. Also
performed Management review meetings for ISMS & PCI DSS standard.
* Assisted a Bank in Saudi Arabia for PCI DSS Consultancy involving
Scope & Gap Assessment, Implementation Support and lead towards
Final QSA audit and Certification
Consultant for Financial Services Sector in IT Risk Advisory.
* Involved in ISMS audits, ISO 27001 certification, RBI gap assessment
for a leading Public Sector Bank in India, provide consultancy service for
preparation of RFP for the Banks for IT security solutions and services.
* FAIT (Financial Audit IT Integration): Experience in performing and
review of IT general controls such as Change Management, User
access management, Incident Management, Backup management and
Physical security for various banking, financial services, and insurance
clients in India. Also involved in the planning, execution and discussions
pertaining to the audit findings and opportunities for improving the
control environment to the senior management of the client.
* Lead and execute IT Audits covering business process controls testing,
IT assurance and security implementation for major operating systems,
databases, network components and financial applications.
* Responding to RFPs requiring internal audit and ISO 27001. Prepared
engagement budgets and planned review of work papers and reports.
* Coached and mentored new hires on best practices for audit
methodologies related to technology risk.
* Assisted in developing business of 2000+ hours for IT infrastructure
reviews, application systems testing, business continuity management
and virtual audit support / controls testing.
across both Life as well as Non-Life.
* Lead and execute IT Audits covering general computer controls and
business process controls testing
* IT audit / assurance and security implementation for major operating
systems, databases, network components and financial applications.
* Risk based control design, benchmarking, implementation, evaluation,
mitigation and deficiency reporting for controls covering IT and business
process controls.
* Regulatory standards and compliance reviews, Implementation and
audit reviews of ISO27001 and performed awareness training.
* Project plan, project scoping, status checks and management reporting.
Perform information security risk assessments of various products,
processes and technologies across the business unit and identify
potential risks. (In house products of Patni) Recommend and track
remediation of risks identified in the above reviews.
* Ensuring regulatory requirements for Information Security are complied
with Information Security compliances like SOX, COBIT, HIPAA and
Information Security Standards ISO27001 and OWASP.
* Worked in IT Risk & Compliance project as Consultant for METLIFE, US
* Responsible for IT Application Risk Assessments, conducting Business
Impact Analysis (BIA) and Recovery Strategy evaluation
Application Systems Security Review as per regulatory standards set for
. in