Manager - Information Security
Meraas Holding
مجموع سنوات الخبرة :19 years, 2 أشهر
Leading the Information Security Practice at Meraas Holding. Entrusted with streamlining IS processes, risks, setting up and managing the ISMS.
Manage and monitor Information Security for the Enterprise which includes diverse business and functional units ranging from Motors, Retail, Engineering, Travel, Finance and investment.
Reporting to the IT Infrastructure Manager and supervising one resource for enterprise wide IT Security Operations and Management; IS incident Management, Problem Management and RCA
Assessing and mapping security requirements and translating them into feasible and pragmatic security solutions.
Research and Implement solutions based on information security frameworks, conceptualizing information security policies and ensuring compliance with security standards.
Identify and recommend controls in liaison with Bus, IA and develop policies & procedures framework along with enforcement of IT Security policies and standards in line with ISO27001
Assess effectiveness of the controls implemented and compliance against PCI-DSS
Responsible to identify key IT security risks, including design & implementation of regular vulnerability audits/assessments and recommend the appropriate actions.
Functioning as a Project Manager for various Security projects.
Monitor and control a wide range of security solutions ranging from Endpoint-Malware protection to perimeter-IPS, Next Generation Firewalls and Secure Web Gateways
Spearheading efforts to instill a Group-wide awareness of IT Security risks and the Group’s IT Security Policies and Procedures, advise BUs and relevant stakeholders over future regulatory and compliance requirements
Providing input on the function’s budget requirements to the VP IT Service delivery and accordingly control expenses of the Security Function, ensuring compliance to operating budget.
Performing daily team administration routines as well as team development and people management activities including training, Security inductions for employees & skill upgrade
Reported to the IT Infrastructure Manager as individual contributor with the responsibilities of the installation, maintenance and security of all IT Security related servers.
Engaged to resolve any problems to ensure security services fully meets the business requirement of the Group.
Security Incident Management and ensure proactive support to meet the business requirements of the Group.
Responsible for IT Security project activities to meet agreed deadlines, providing regular feedback on project progress along with proactive and long-term fix approach.
Involved in technical support for enhancement of & change to network/server/DB security configuration.
Provided Support Service delivery including incident/problem management related to security incidents along with review of Change management requests across IT.
Spearheaded evaluation of technology and procure necessary hardware/software, based on defined IT Security requirements.
Analyzed and Recommended changes to existing Security policies.
Deftly configured and installed E-mail Security Solutions (Symantec Cloud Security and Microsoft Antigen), Web Security Solutions (ISA, Websense and Surf Control), Intrusion Prevention Systems (IBM IPS), Antivirus Systems (Sophos and Forefront), PKI Solutions (Microsoft PKI), SSL VPN Extranet Services (Juniper) and Active Directory Audit Solutions (Manage Engine and Netpro).
Initiated the activities for implementing ITIL v3 for Service Support i.e. Service Desk Management, Incident Management, Problem Management, Change Management, Release and Configuration Management for IT infrastructure.
Instrumental role in executing POCs of various Security products with successful finalization of over 20 products in production
Conducted a periodic Risk Assessment of the infrastructure environment
Deployed, configured, Monitored and maintained ISA firewall and Websense.
Managed and configured intrusion prevention systems and Antivirus systems
Served as Active Member of the Planning and Execution Team for Datacenter migration which was recognized from the SM and CXOs for excellent Project Management.
Co-ordinated and executed IT security projects for the enterprise
Collaborated with IT management, legal and the asset protection department to manage security vulnerabilities
Proposed and deployed a Secure file transfer solution (Accellion) that addressed transfer of heavy files in a secure manner.
Planned and deployed Symantec Cloud based email security and Cloud based Secure web gateway to reduce the security TCO.
Created, managed and maintained user security awareness
Supporting Endpoint protection and deployment of Anti-Virus Software and ISA Server.
Conducted security related research in keeping abreast of new attack vectors and compensating controls
Provided hardware and software solutions to home and business users specific to Dell Dimension and OptiPlex Systems
End user systems troubleshooting and maintenance
Provided high level technical support for printers, NCs, Scanners and other peripheral devices