ICT Security Manager
FLOW
Total years of experience :10 years, 3 Months
• Spearheaded the integration of contractual obligations & cybersecurity requirements, significantly enhancing operational efficiency and the effectiveness of cyber risk management protocols.
• Strategically contributed to the formulation and execution of IT strategic plans, policies, and programs, aligning them with corporate objectives and driving organizational growth.
• Architected and sustained cybersecurity policies, procedures, and guidelines grounded in ISO 27001 standards, addressing dynamic organizational needs, and ensuring compliance.
• Championed the establishment and maintenance of FLOW's security vision, strategy, and program, collaborating with senior management to secure critical information assets.
• Pioneered the development and implementation of comprehensive IT Security Policies and Procedures, leading to a substantial reduction in organizational information asset risks.
• Directed the deployment, delivery, and support of technical security policies and procedures through a strategic partnership with FLOW's technical managed services provider.
• Enforced rigorous compliance with IT Security Policies and Procedures, ensuring consistent organizational adherence and mitigating security risks.
• Conducted in-depth risk assessments and vulnerability scans for IT systems and services, proactively identifying and mitigating potential threats.
• Executed robust IT security controls derived from IT Security and Risk Treatment Plans, safeguarding the integrity and security of systems and services.
• Devised and implemented comprehensive Security Testing and Evaluation (ST&E) plans for high and moderate category services/systems, validating the efficacy of security controls.
• Provided authoritative certification of results for high and moderate category systems/services, offering accreditation recommendations to authorize operations.
• Delivered specialized, targeted technical training on information security, and spearheaded IT security communications tailored to FLOW's organizational requirements.
• Instituted rigorous measures to assess and enhance operational capabilities, ensuring compliance with IT Security Policy and Standards.
• Conducted thorough evaluations of emerging threats and vulnerabilities, analyzing their impact on the company's infrastructure and systems to inform strategic responses.
• Compiled and delivered detailed reports to the Head of IT, highlighting the progress and effectiveness of FLOW's IT Security Program and demonstrating its strategic impact and value
• Implemented NCA compliance and GUARD strategy organization-wide, developing and enforcing standards, processes, and guidelines to meet regulatory requirements.
• Designed and maintained a Cybersecurity Governance framework, leveraging Channels standards and best practices to ensure robust cybersecurity protocols.
• Collaborated with cross-functional teams to define and execute a Cybersecurity Strategy, addressing governance risk, regulatory requirements, and compliance through strategic planning and implementation.
• Prepared comprehensive evidence for NCA & GUARD Assessments, ensuring readiness and compliance for regulatory evaluations.
• Validated and assisted in implementing recommended cybersecurity controls, addressing, and mitigating open cybersecurity risks for the Channels team.
• Enhanced daily operations and knowledge sharing by contributing to routine activities and building team capabilities through knowledge transfer and expertise.
• Managed continuous compliance and the Security Compliance Framework, developing, and maintaining control frameworks for cybersecurity health checks, ensuring adherence to security policies and directives.
• Led efforts to implement a Cyber Security Management System (CSMS), enhancing efficiency and effectiveness of cyber risk, governance, processes, and operations.
• Assisted in establishing a Cyber Security Compliance strategy and supported team members during compliance assessment initiatives, including KPI development and measurement.
• Collaborated with cross-functional teams and business leaders to provide a Cybersecurity vision and define the Cybersecurity Strategy, planning and implementing solutions to address governance risk, regulatory requirements, and compliance.
• Supported the implementation of NCA Compliance across the organization, developing standards, processes, and guidelines as required.
• Oversaw and assisted the team in preparing for the NCA ECC Assessment.
• Spearheaded activities related to RCA Management, steering actions until closure.
• Directed Information Security Audits and supervised service delivery teams.
• Evaluated new information feeds and threat actor activities, developing executive reports
• Reported high-severity incidents to management with progress updates, followed up on actionable items with different teams until closure, and managed dashboard preparation, enhancing existing reporting structures (daily, weekly, and monthly).
• Maintained the Security Compliance Framework according to policy and directives and developed a control framework for health checks monitoring.
Extended security advisory services with a focus on the regional management through effective strategic planning and project management
Collaborated with Customer Security Officers and communicated security knowledge and security activities
Recognized for leading global teams and reported KPIs to Security and Compliance Executive; proactively contributed to the IBM Regional Security Plan; directed information security audits and supervised the service delivery teams
cyber law , It act
software development, database, front end backend connectivity
accountancy honors