Download PDF

Summary

Responsible for providing strategic consultation in risk management, enterprise security governance, security operations management, incident response and ERP security.Managed information security program that ensured security became en-grained in planned and ongoing IT and processes.

Primary Responsibilities

  • Managing information security projects, including planning and deployment of new processes and technologies in areas of intrusion detection and response, deployment and management of enterprise wide vulnerability risk assessment and remediation practices.
  • Conducting security audits, and implemented improved controls and processes.
  • Development of innovation centre  advancing use cases for collaborative network environments in support of rapid solution evaluation
  • Managing the Vendor Due Diligence program which ensured all clients (PI) personal information stored by vendor's is secured/encrypted while being backed up and transferred over the internet
  • Implementing security awareness programs and instituted compliance metrics to decrease enterprise risks.
  • Partnering with the Business Continuity Team to ensure that the Business Resumption Plans for Information Security were current and addressed disaster recovery risks
  • Establishment of system safeguards by directing disaster preparedness development; conducting preparedness tests.
  • Conducting ISMS audit and develop and maintain audit checklist and documents
  • Travel to various job sites and offices as needed to perform risk assessment for projects to meet business and information security requirements
  • Assessment and audit for the preparation for ISO 27001. Develop and maintain audit checklist and documents. Ensuring that security policies are aligned to global standards, ISO 27001 requirements and customer contractual terms

Recent Milestones

  • Implementation of the strategic IT security projects for Data Leakage Prevention (DLP), Data Classification.
  • Enterprise-wide deployment including ICS networks of Vulnerability Risk Management System.
  • Development and implementation of cybersecurity vulnerabilities and compliance program for ERP systems.
  • Development of Cloud risk assessment framework for hybrid cloud implementation
  • Audit certification for various offices across the globe and various business functions based on ISO 27001, 14001 and 18001 requirements
  • Leading security incident investigations and regularly reporting the security posture status to the management via relevant KPIs
  • Implemented Security Awareness and phishing Campaigns for the organization with

Work History

Sep 2004Present

Information Security Consultant

Bechtel Corporation

Information Security Consultant

2002Aug 2004

Senior executive - IT

IBM Global Process Services

Senior IT Consultant

Education

20092011

Master of Business Administration (M.B.A.)

20002002

Bachelor of Information Technology

May 2009Present

Diploma in Cyber Law

Certifications

Jan 2018Present

GPEN: GIAC Penetration Tester

Global Information Assurance Certification (GIAC
Apr 2016Present

OSSTMM Professional Security Expert (OPSE)

ISECOM
Apr 2015Present

GCIH: GIAC Certified Incident Handler

Global Information Assurance Certification (GIAC)
Oct 2014Present

ISO/IEC 27001:2013 Lead Auditor

British Standards Institution (BSI)
Mar 2011Present

CISA: Certified Information Systems Auditor

Information Systems Audit and Control Association (ISACA)
2010Present

Six Sigma/Lean

Bechtel Corporation
Dec 2010Present

CCSK: Certificate of Cloud Security Knowledge

Cloud Security Alliance (CSA)