Download PDF


Responsible for providing strategic consultation in risk management, enterprise security governance, security operations management, incident response and ERP security.Managed information security program that ensured security became en-grained in planned and ongoing IT and processes.

Primary Responsibilities

  • Managing information security projects, including planning and deployment of new processes and technologies in areas of intrusion detection and response, deployment and management of enterprise wide vulnerability risk assessment and remediation practices
  • Internal Control Review - including corporate governance, enterprise risk management, and regulatory compliance

  • Development of innovation centre  advancing use cases for collaborative network environments in support of rapid solution evaluation

  • Managing the Vendor Due Diligence program which ensured all clients (PI) personal information stored by vendor's is secured/encrypted while being backed up and transferred over the internet

  • Conduct IT risk assessments to identify risk and controls gaps and provide sustainable solutions for executing risk mitigation project 
  • Partnering with the Business Continuity Team to ensure that the Business Resumption Plans for Information Security were current and addressed disaster recovery risks
  • Establishment of system safeguards by directing disaster preparedness development; conducting preparedness tests
  • Assessment and audit for the preparation for ISO 27001. Develop and maintain audit checklist and documents. Ensuring that security policies are aligned to global standards, ISO 27001 requirements and customer contractual terms
  • Travel to various job sites and offices as needed to perform risk assessment for projects to meet business and information security requirements and ensuring effective and efficient use of IT
  • Managing security awareness and phishing campaign programs

Recent Milestones

  • Implementation of the strategic IT security projects for Data Leakage Prevention (DLP), Data Classification
  • Enterprise-wide deployment including ICS networks of Vulnerability Risk Management System
  • Development and implementation of cybersecurity vulnerabilities and compliance program for ERP systems
  • Development of Cloud risk assessment framework for hybrid cloud implementation
  • Audit certification for various offices across the globe and various business functions based on ISO 27001, 14001 and 18001 requirements
  • Leading security incident investigations and regularly reporting the security posture status to the management via relevant KPIs
  • Implemented Security Awareness and phishing Campaigns for the organisation
  • Implementation of ICS networks Vulnerability Risk Management System

Work History

Sep 2004Present

Information Security Consultant

Bechtel Corporation

Information Security Consultant

2002Aug 2004

Senior executive - IT

IBM Global Process Services

Senior IT Consultant



Master of Business Administration (M.B.A.)


Bachelor of Information Technology

May 2009Present

Diploma in Cyber Law


Jan 2018Present

GPEN: GIAC Penetration Tester

Global Information Assurance Certification (GIAC
Apr 2016Present

OSSTMM Professional Security Expert (OPSE)

Apr 2015Present

GCIH: GIAC Certified Incident Handler

Global Information Assurance Certification (GIAC)
Oct 2014Present

ISO/IEC 27001:2013 Lead Auditor

British Standards Institution (BSI)
Mar 2011Present

CISA: Certified Information Systems Auditor

Information Systems Audit and Control Association (ISACA)

Six Sigma/Lean

Bechtel Corporation
Dec 2010Present

CCSK: Certificate of Cloud Security Knowledge

Cloud Security Alliance (CSA)