Seniort Analyst - CyberSecurity Risk Management
Emirates Group
مجموع سنوات الخبرة :20 years, 9 أشهر
Ownership and end to end delivery | sustenance of CyberSecurity risk management framework for the Emirates Group
• Understand various departments, technologies, platforms, applications, processes etc. of the Emirates Group IT to enable effective risk management practices
• Conduct detailed risk sessions with individual risk units (application owners, platform | technology owners | department heads) across the organization to discuss and assess their current risk posture and consolidate them into the Corporate Risk Register
• Discuss and highlight any overdue risks that need attention and focus to respective management leads for various areas and seek their support in closing risks
• Lead risk assessments across technologies | applications | systems to determine the level of risk in cases of noncompliance to security policies and standards
• Prepare detailed reports for business overview of risks and their sign off and propose alternate controls for risk mitigation
• Present monthly KRI dashboard for all areas highlighting the total number of risks, all high | medium and overdue risks, breakdown of risks - response wise, rating wise
• Continuously striving to bring about risk process improvements to enable effective and efficient IT risk management practices across the organization
• Create, review and update IT policies and standards
• Conduct third party risk assessment and govern third party access management
• Manage security exceptions and convene security change board meetings for permanent security changes
• Maintain cybersecurity awareness across Business and IT through various channels like broadcasts, clinics, emails
Own IT Risk management for a Life Insurance company, which requires processes to monitor risks, including adequate information about risks and the decision process supported by risk analysis, identification and evaluation. Provide Information security advice and support to business particularly in relation to IT governance and risk management across India.
• Develop a risk model to help perform risk analysis and provide a measurable output to take business decisions in terms of risk mitigation or acceptance with clearly defined roles and responsibilities
• Perform risk analysis on the existing threats | controls or new projects and provide a business impact assessment report to the business manager so the organization can make appropriate decisions and manage risks appropriately
• Develop and implement policies, standards and procedures
• Monitor risk management processes and mitigation actions to ensure that all identified risks are managed within the organization’s risk appetite
• Present risk reports to the key stakeholders, and invite feedback into the risk processes
• Work with legal & compliance on incidence response and communications with the regulator
• Manage business continuity for IT
• Support implementation of group audit risk based methodology, leading technology audits and participating in integrated business and technology audits
• Drafting audit reports for review by the senior management and validating closure of issues
• To undertake problem analysis for security incidents e.g. root cause, repeat faults, trends to identify opportunities for improvement and initiate investigation and corrective action
Design, implement and manage information security for a government bank. Provide information security advice and support to the bank’s functions and businesses particularly in relation to the development of banking and other financial services products, transactions across India. Manage security services for a private payment bank required to protect the confidentiality, integrity, privacy and authenticity of the information stored in the cloud environment hosting the banking application in accordance with the security policy.
• Review and enforce user identity management processes and privileged access management for business applications
• Perform information security risk assessments and serve as an auditor for managing security assurance
• Manage effective information security services and implement and administer security policies and plans
• Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures as per ISO 27001
• Manage integration of security tools like IDAM, PAM, antivirus, EMS with infrastructure, databases and applications
• Work closely with business and IT teams for closure of security non-compliances
• Manage information security incidents right from RCA to closure and documentation
• Participate in change control board and infrastructure design processes to review and approve any system changes that potentially have information security ramifications
• Deliver Governance, Risk and Compliance management projects including:
Compliance readiness (ISO27001, PCI, banking IT guidelines)
Conduct risk assessment and treatment
Conduct audits & assessments
Map controls and compliance requirements
Preparation and reporting of information security metrics & compliance dashboards
• Review and implement any changes to banks security requirements, in accordance with the security policy. Assist client in defining security requirements based upon business needs
• Conduct and report vulnerability assessments of IT systems with results documented and communicated to IT for identified risk reduction activities
• Support external auditors to conduct periodic audits for ISO 27001 and statutory audits
Troubleshoot network and analyse bandwidth capacity between HO and branch sites. Maintain scheduled server backups and restorations for fault tolerance. Coordinate with vendors for leased line, ISDN, UPS and IT infrastructure. Maintain servers, desktops, mobile and handheld devices. Implement end point security.
Electronics Engineer from Mumbai University