Chief Information Security Officer / Vice President II
Export Import Bank of Malaysi
Total years of experience :22 years, 4 Months
(2 Years Contract)
1. Develop and implement a strategic comprehensive information security and IT risk management program such as Security Operation Maturity Assessment, Cyber Crisis Simulation, Security Awareness.
2. Work with IT Department and Other Departments to facilitate risk assessment and risk management processes such as outsourcing risk assessment and cloud risk assessment submitted to Bank Negara of Malaysia. 3. Develop, review, and improvise Technology Risk Management framework, Information Security Policy and Procedures and Cyber Incident Response Plan.
4. Review, revise, and develop current IT Security Architecture to meet requirements for Risk Management in Technology and Business Continuity Management from Bank Negara.
5. Monitor and review cyber security events reported by Security Operation Center or other third parties to ensure necessary action for prevention and remediation were undertaken properly.
6. Lead, coach and guide the staff in technical expertise, management, and soft skills to enhance the capabilities and knowledge.
7. Perform and conduct cyber security awareness to all Banks staff and Board of Directors
8. Present and provide advice to the Board and Management Team on Information Security aspects including technical and governance.
Achievements:
• Successfully conducted Cyber Security Awareness to all staff.
• Successfully conducted Phishing simulation attack.
• Successfully conducted cyber crisis simulation attack.
• Successfully conducted security posture assessment and swift assessment
• Successfully implemented Security Operation Center assessment
1. Supervised the Cyber Security Team consist of 2 Security Analyst and 1 Pentester to provide Managed Security Services to Westports Holding Berhad
2. Formulated IT Security strategy plan for Westports to ensure IT environment is fully secured and resilience to cyber threats.
3. Assisted and responded to other Managed Services Tower such as IT Infra Team, Service Operation Team and Network Team in security related matters such as hardening and vulnerability remediation.
4. Developed cyber security project design and specification to ensure the project could be delivered within timeline and minimize the risk of project failure.
5. Developed standard operating procedure and playbook cyber security incident handling for Westports.
6. Re-architect and enhanced the network and security architecture for Westports.
7. Prepared and presented cyber security operation report to Westports such as Antivirus report, Vulnerability report and Hardening assessment report.
Achievements: Successfully implemented Rapid 7 Vulnerability Management.
(2 Years Contract)
1. Coordinated, managed and led security operation section consisting of 3 units which are Security Engineering, ID Management and Security Operation Center.
2. Inspected security design features and installation to ensure compliance and governance is followed and met. 3. Assisted and responded to internal and external auditors during security audit exercise.
4. Reviewed and created policies, standards, guidelines, and processes to control and protect KWSPs information.
5. Collaborated with risk management team, governance team and compliance team in ensuring security operation fully operated with maximum protection and balanced with performance and availability.
6. Monitored and led the security review and analysis performed by threat analyst in Cyber Threat Intelligence daily briefing.
7. Led the security incident investigation by following incident handling and response playbook.
8. Prepared and presented IT Security Operation report on a monthly basis to the Management level.
9. Enhanced and improved Network and IT Security architecture to strengthen data protection, identity and access management and third party risks.
10. Encouraged and guided individuals in creating a professional work environment.
11. Managed vendors and consultants.
Achievements:
• Successfully implemented Cyber Threats Intelligence.
• Successfully implemented Endpoint Detection and Respond for endpoint.
• Successfully resolved issue on email security to cater I-Lestari requirement during movement control order.
• Successfully renewed and upgraded database security monitoring
1. Developed and managed IT Security Team and giving leadership.
2. Assisted and responded to the internal and external auditors for periodic security audits.
3. Periodically reviewed and created policies, standards, guidelines, and processes to control and protect Banks information.
4. Periodically performed security audit and risk assessment and report the findings to the management.
5. Planned and implemented security controls aligned with business requirements and budget to minimize the risk of cyber threats.
6. Conducted IT Security awareness to the Banks staff.
Achievements:
• Successfully managed and conducted Penetration Testing for Banks systems to minimize the risk on vulnerabilities.
• Implemented project Security Operation Center and Security Information Event Management.
• Successfully refreshed the technology for Intrusion Prevention System and implementing Web Application Firewall to protect IT Infrastructure and applications.
• Successfully deployed drive encryption capability to cater information leakage issues.
• Successfully developed Information Security Policy, Information Classification Flow and Technology Risk Management Framework
1. Delivered technical expertise and project leadership for mid to large scale project.
2. Read, interpreted and analyzed business operation processes, procedures and guidelines from Business team and translated it into business requirement specification and functional specification.
3. Led developer on the CIELO development aligned with business requirement and specification.
4. Led quality team on the user acceptance testing script aligned with business requirement and specification.
Achievements:
• Successfully developed CIELO platform as Platform as Services deployed in flexible environment (On-Premise or Cloud).
• Gather requirements and study business process to transform it into application presentation.
• Provide technical specifications and requirements to Programmers for developing building blocks, placeholders, catalogs and user interface for CIELO platform.
• Provide detail process and steps to Quality Team to develop detail test cases for User Acceptance Test and Final Acceptance Test.
• Develop applications from CIELO platform for different Business Team and Customer such as Corrective Action Request and Preventive Action Request for Quality Team and Non Disclosure Agreement Tracker for APPLE project team.
1. Provided expertise in term of technical and consultancy to ensure IT infrastructure is highly secured
2. Created and reviewed policies, standards, guideline and controls to protect and safeguard company information
3. Established Disaster Recovery Center architecture.
4. Managed and maintained security devices and software
5. Performed security audit for Servers, Networks and Applications to ensure all configuration and setting follow best practices
Achievements:
• Strengthen Wireless, Network, Firewall and Intrusion Prevention System policies.
• Develop Information Security Policies consist of Identity Management, Security Monitoring, Security Standard for Servers and Networks.
• Develop plan for Disaster Recovery Center Project.
• Develop plan for Security Information Management System and IT Security monitoring
Achievements:
• Successfully deployed IT Security Infrastructure consist Firewalls, Intrusion Prevention System, Content Filter, Antivirus, Antispam.
• Successfully deployed email system MS-Exchange 2007 and active directory 2008.
• Successfully developed data center including server virtualization, storage, network, electrical system, air conditioning system and environment monitoring system.
• Successfully setup disaster recovery center (DRC).
• Successfully migrated data and networks for IT separation activity due to the demerging exercise between SME Bank and Bank Pembangunan.
• Successfully implemented Security Information Event Management System to monitor cyber threats.
Achievements:
• Reviewed and assessed IT Security architecture for the customers together with IT Security Policy and Procedures and ensure the customer follow IT Security standard and best practices such as GPIS, OSSTMM, others.
• Successfully implemented, managed and maintained IT Security Perimeter Defense which consists of Firewalls, Virtual Private Network, Intrusion Prevention System, Content Filter and Antivirus for Customers.
• Provided IT Security training to the customers including advanced technical training and basic training.