Head of IT Governance & Risk Management
Commercial Bank International
Total years of experience :23 years, 10 Months
Drive the IT Governance, IT Risk Management and IT Compliance agendas through the IT Steering Committee and the Information Security Steering Committee. Establish longer-term strategies/ roadmaps to closely align IT initiatives, projects and activities with business priorities and to enable IT driven business innovation through timely adoption of new technologies and IT capabilities.
Role further involves:
- Establishing, and articulating IT and information security goals and objectives;
- Establishing, formulating, and maintaining IT and information security strategy and roadmap;
- Establish and embed IT and information security governance, frameworks, policies and processes aligned with leading industry practices such as COBIT, ISO27001, ITIL, PMBOK and ISO22301.
- Planning, budgeting and overseeing the implementation of the IT and information security strategy/ roadmap to achieve the set goals/ objectives;
- Providing leadership for successful project/ product delivery;
- Providing leadership and coordinate IT audits and information security reviews/ assessments;
- Providing leadership for legal, regulatory and industry standard compliance: FCA, DPA, PCI-DSS, ISO27001, etc.
- Providing leadership to and establishing processes and practices for transferring knowledge and embedding leading processes and practices.
Drive the information security agenda through the Group IT Steering Committee and the Group Operational Risk Committee
Role further involves:
- Articulating security objectives and formulating/ maintaining information security governance and strategy;
- Planning, budgeting and operationalizing the information security strategy/ roadmap;
- Providing leadership for successful project/ product delivery across the group;
- Providing leadership to security monitoring, security reviews/ assessments, Security Operations Centre, brand protection, data leakage prevention and vulnerability management;
- Providing leadership for legal, regulatory and industry standard compliance: FCA, DPA, PCI-DSS, ISO27001, etc.
- Cascading information security awareness at different levels, across departments and across the group.
Formed strong relationships and trust with subsidiary/ JV teams and between departments across multiple levels; becoming a go-to person for getting-things done across the group.
Responsible for IT and information security audit and operational risk coordination; trusted and relied upon for review and assistance in discussing audit observations with internal audit and external auditors.
I have developed the IT Security Function to a higher level of performance and following are key examples demonstrating this:
- Information security contribution recognized leading to doubling both the headcount and annual information security budget for 2016;
- Increased engagement in all IT projects as well as IT initiatives;
- viewed as an ally to help identify suitable risk mitigation strategies as well practical solutions for challenges;
- Recognized to play an advisory role across IT governance and IT service management initiatives;
- Engaged in identifying improvements to IT governance and IT service management practices
Headed the Technology and Security Risk Services practice providing IT Consulting, IT Assurance, Information Security and Business Continuity/ Disaster Recovery advisory services.
Led the Technology and Security Risk Services practice, providing IT Consulting, IT Assurance, Information Security and Business Continuity/ Disaster Recovery services.
Headed the Information & Communication Technology consulting division, providing consulting services on IT Governance, Information Security, Software Development.