Security
مجموع سنوات الخبرة :17 years, 11 أشهر
Perform reviewing and updating of the all the ISMS documents, on client requirement basis
based on criterion /parameters set by the client management, as per ISO 27001:2013
requirements.
• Prepare and conduct
Data Security and Privacy Practice
Data Security Projects:
• Executed and Led ISMS/Cybersecurity Compliance Assessment Program for a Leading client in
the IT/ITES sector. The engagement involves creating policies and procedures, carrying out risk assessments, conducting application risk assessments, data security reviews for multiple domains.
• Executed project on application security for a Global Leader in Product Development. The
Program involved integrating information security requirements, specifically ISO with existing
technology and developed products such as end user facing applications and network and
security devices and also involved development of toolkits to help projects/ departments within
the company in preparing data inventories, performing data classification, identifying applicable security controls and ensuring compliance to company’s data protection framework.
• Executed and led multiple ISMS framework development, implementation support and
certification assistance engagements for global companies in the Banking, Financial and IT/ITES
sector.
• Development of Implementation roadmap, internal audits and ISO 27001 certification assistance
(Phase 1 &2).
• Executed an Information Security Risk assessment and strategy planning for a national telecom
development Entity provider in the Telecom Sector for Saudi Arabia. The engagement involved
an risk based assessment of their Information Security and Data protection practices against
industry standards including ISO27001:2013, CIS benchmarks and NIST 800-53r4 and
developing a roadmap highlighting key security initiatives for the Organization. Also,
implementation of ISMS framework for all the metropolitan locations.
• Assisted team in developing cyber security framework based on CRF-CITC, SAMA and NCA’s
ECC standards.
• Developed KPIs for ME based clients on cyber security standards such as ECC and SAMA in
order to measure cyber security resilience within the organization.
• Part of Business Continuity Management team for leading French based Banking and Financial
Institutions. The scope included:
• Perform the impact analysis and validate the scope and the participants of the ITDR exercise
• Update with management on preparation of ITDR exercise
• Coordinate with various BCM Regional Point of contacts to achieve BCP readiness
• Testing the effectiveness of the Business continuity plans and Disaster recovery plan
• Consolidate and report to management on BCM overall summary activities of global region.
• Conducted risk assessment of third-party service providers on the basis of material business
information shared with the
• Vendors as part of the agreement and implemented security controls as applicable to protect the
CIA of the information from misuse/leakage.
Data Privacy Projects:
• Led a GDPR implementation project for a large construction company situated in Dubai. One of
the key activities within the engagement involved supporting the IT senior management in
conducting vendor/ technology evaluations for key areas.
• Executed and Led PDPL Compliance Assessment Program for a Leading bank in Bahrain. The
engagement involves supporting the group company in conducting data flow mapping,
developing Article 30 registers, carrying out data privacy risk assessments, conducting
application risk assessments, data security reviews for multiple domains including infrastructure
security, network security, data protection, security monitoring etc.
• Currently executing a data privacy implementation program for a government organization based
in Saudi Arabia, specializing in multiple sectors including property management, user risk
profiling and credit score analysis.
Project Details-
Corporate Risk & Compliance
• Understand business and business imperatives for tier 1 and 2 projects.
• Understand project / engagement scope and boundaries to design security requirements which
need to be implemented prior to project Go-Live.
• Review Master Service Agreements (MSA) for applicability (R&C sections).
• Conduct Information Security Risk Assessment for the Tier 1 and 2 projects to track all the open
risks carried from pre-Go-Live stage to Steady State.
• Drive Enhance Compliance Assessments
• Conduct Physical Security Audit (ODC/OMC) for the projects to comply with contractual
obligations, it there are any.
• Participate in internal/external audits performed by clients or by third party to share the current
posture of the project and risk profile.
• Drive / Assist Closure on audit non-conformities identified during internal /external audits.
• Participate in Client Visit/ Due Diligence
• Conduct training and awareness program for the project resources to meet contractual
requirements and track the records for evidence purposes.
• Drive HCL e-learning completion
• Perform verification and validation of Project Risks closed by the project or transition team.
• Identifies potential areas of compliance vulnerability and risk
• Provide reports on Quarterly Reports-R&C areas
• Managing day- today- compliance operation of the organizations
• Monitors the performance of the Compliance Program
• Review existing InfoSec maturity and posture
• Co-ordinate with GIT/HR/Admin and Other Stakeholders Etc.
• Collaborate with Delivery Compliance Partner
• Collaborate with Cyber Security team in Investigation procedure
• Collaborate with Internal R&C teams
• Assist RFP / RFI validation
Project Details-
1. Indo-Japanese Automobile
From June 2006 to March 2009
Worked in Domestic & Global Security Operation Center as a Level 1 and Level 2 engineer managing and monitoring customer's infrastructure.
From August 2011 to July 2014
Worked for Singapore Exchange project as GRC consultant, taking care off all cybersecurity related activities such as:
goverining the Cybersecurity approval for the IT and technology projects, change approvals
Compliance Assessment for applicable standards and regulations
Conducting annual and adhoc risk management activities for the business units.
From 2014- 2016
Heading the migration and implementation activities of infrastructure assets based on the controls of ISO
27001 and client agreed requirements.
• IT Policies Compliance review: Identified and evaluated risks during review and analysis of
System Development Life Cycle (SDLC), including design, testing/QA, and implementation of
systems and upgrades. Prepared audit scopes, reported findings, and presented recommendations
for improving data integrity and operations.
• Compliance Management: Internal Audit for the build phase of the DNB environment to check
if BOM requested details and needs are met. Identify IT related risks throughout development
phases. Areas include networks, operating systems, security, and disaster recovery.
• Risk Assessment: Also performing risk assessment for the asset of the infrastructure.
Conducting bi-annual risk assessment of the infrastructure and share the same to the CRO (Chief
Risk Officer) for discussion and improvement if requires.
• Governance: Perform general controls oversight and review to verify compliance with
professional standards. Accesses patch management and vulnerability assessment. Preparing
monthly, bi- annual reports for the same.
• Information System Audit: Assist in ISAE 3402 type 1 and type 2 audits conducted for the
project. Ensure audit tasks are completed accurately and within established timeframes.
Coordinated with various departments to create remediation plans for deficiencies found during
audit. Liaise between in-house managers/IT department and external operational auditors.
• Information Security Management: Head the information security team which was
responsible to track down any security breach occurs in the infrastructure. Finding the RCA for
the security breach and share the report to client with the implemented controls for the security
breach and participate in meetings around the security breach with client for further
implementation of controls if required any.
courses: Checkpoint Certified Security Administrator R70 (156-215.70) in the year