Mar 2021 – May 2024 · 3 yrs 2 mos · Dubai, United Arab Emirates · Hybrid

• Leading a team of Information Security professionals to comply with organization wide Information Security compliance requirement from various International Banking Group (IBG) regulators and industry specific regulations for UAE and 13 IBG locations. Ensure Information Security Compliances are identified, managed and implemented for UAE and all IBG locations.
• Managing the group wide regulatory requirements and annual certifications for PCI DSS and SWIFT.
• Managing the International Banking Group (IBG) related regulatory compliance requirements for various regulators like RBI, NYDFS, CBUAE, CBB, CBE, QCB etc.
• Liaising with internal teams and vendor for Information Security related regulatory, external and internal audits and to provide support to close the observations.
• Understand the various Central Banks Information Security circulations, liaise with the internal IT team to implement the recommendations.
• Reporting to senior management on compliance status of various regulatory and industry compliances related to Information Security.
• Lead and actively participated in various prestigious internal projects related to Cyber War Gaming, Ransomware Management, Cyber Insurance etc.
• Automated the management dashboard and reporting through Archer to provide the update to the management on Information Security Compliance postures.
• Participated enterprise Cyber Security Resiliency Programs including Ransomware Resiliency, Cyber War Gaming.
• Leading team on professional to provide the assurance to management on Information Security controls effectiveness on design and implementation level and various regulatory requirements.
• Drafted the Regulatory Incident Reporting guidelines based on the regulatory reporting requirements for UAE and other IBG Location’s.

Jun 2019 – Nov 2020 · 1 yr 5 mos · Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates

• Leading a team of IT Risk professionals to perform organization wide (for 11 Countries) IT Risk Assessment to identify, analyze, mitigate, manage, monitor, and communicate IT risks.
• Established a process and workflow for remediating backlog of the vulnerabilities and security issues, tracking, monitoring and reporting to senior management.
• Ensure IT risks are identified and managed as per the agreed IT risk appetite and tolerance levels.
• Work with Information Security team to ensure the implementation of security controls within IT.
• Management of risk assessment activities in IT and ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc.
• Deliver periodic risk profile reports and KRI reports to Tier 1 committees and senior management.
• Manage Technology risk committee meetings, reporting to senior management on IT Risk profile.
• Lead risk automation practices and tools to streamline efficient operation of the team and seamless interactions with IT stakeholders.
• Understand the Central Bank Cyber Security circulations, liaise with the internal IT team to implement the recommendations and communication to Internal Compliance team on Central Bank circulations and its compliance. Reporting to senior management on compliance status of Central Bank Circulations.
• Liaising with internal teams to support the NESA audit, review and collection of evidences.
• Liaising with internal teams for IT and IT Security related regulatory, external and internal etc. audits.
• Operate an efficient workload planning process for the team, and identify the appropriate resourcing solutions to deliver each objective.
• Monitoring Data Leakage Prevention (DLP) incidents and coordinating with senior management on preventive and corrective actions, escalation to the right stakeholders to minimize the incident impact.

Nov 2016 – Jun 2019 · 2 yrs 7 mos · Dubai, Dubai, United Arab Emirates

• Perform IT audit for complex business applications which includes development of audit plan, define audit scope, develop Risk Control Matrix, align risks with the Enterprises Risks Matrix, develop work programs and report findings to various stakeholders and senior management.
• Preparation of audit planning which include Information Systems risk identifications covering risk areas related to confidentiality, integrity, availability, efficiency and effectiveness of business critical systems using data analytics tool.
• Preparation of detailed audit work papers incorporating test schedules, observations, and audit conclusions; and ensuring the control validation contain sufficient supporting documentation and have been properly referenced on electronic work papers (Audit Documentation tool)
• Coordination with the different stake holder for audit management and review, control validation, reporting of the final observation and discussion on the recommendations.
• Test the existing controls in place, identify control gaps and recommend action plan to address the risks where controls are weak;
• Perform Information system audit to ensure the compliance with organization’s policies and procedures, various regulatory and industry compliances e.g. TRA compliance audit, ISO 27001 etc.
• Review of the organization Information security policies against the industry best practices, emerging technologies and evolving threat landscapes and provide recommendations to enhance overall information security posture.
• Perform technical security assessment, application code review and overall security control validation for the critical business applications and their associated infrastructure including operating systems, database, web and application servers etc.
• Operation knowledge of Data Analytics tools like ACL.

Jul 2014 – Nov 2016 · 2 yrs 4 mos · Dubai

• Lead strategies security planning to achieve business goals through prioritizing initiatives and coordinating the evolution, deployment and management of current & future security technologies.
• Lead and manage the staff of the IT Security & governance area, spanning a range of technical services including risk assessment, policy administration, security protection and maintenance of security and governance architecture.
• Develop and communicate security and governance strategies and plans to senior management, staff, partners and stakeholders.
• Develop and maintain organization security architecture including firewall, IPS/IDS and other security systems.
• Assessing risks, threats & design and implement disaster recovery and business continuity plans.
• Prepare & manage security audits and governance reporting.
• Develop, implement & maintain policies and associate plans for systems security governance based on industry-standard best practices.
• Investigate incidents and breaches of security and taking corrective & preventative actions.
• Collaboration with the business stakeholders and technical stakeholders (Solution, Infrastructure, and application architects) to perform security architecture risk assessment.
• Ensure operational and incidents trends in cyber security are considered in developing security architecture requirements and recommendations.
• Providing recommendations for advancing in the enterprise security architecture practices, security policies and security control standards to enhance operational practices.
• Responsible of engineering, design and administration of security technologies.
• Participate in and lead projects for security requirements, network design reviews and security testing of network, systems and other IT infrastructure.
• Coordinate with system, network and development team to ensure network security standards are being followed and implemented correctly.

May 2013 – Jul 2014 · 1 yr 2 mos · Abu Dhabi

• DLP monitoring, coordinating, administrating and reporting using Symantec and WebSense DLP Tools. Responsible for creating DLP policies based on the Bank’s requirement.
• IT Process review – Reviewing the IT security processes with the industry best security practices. Reporting the gaps and liaising with IT team for closing them.
• Monitoring and assessing the IT infrastructure/applications of the Bank to ensure that the availability, integrity and security of IT systems are maintained.
• Actively coordinating with IT and IT Security teams (local, global and regional) to ensure best IT Security practices and deliveries.
• Vendor and ODCs security assessment based on the organization security policy.
• Creating, Reviewing and improving organization Policies, Procedures, Baselines, and Guidelines related to Information Security.
• Active involvement in facilitating & assisting in External audits like ISO 27001, Singapore MAS compliance.
• Internal audit for ISO 27001 and Singapore MAS compliance.
• Design and deliver specific security training programs for internal teams and vendors.
• Internal vulnerability assessment, baseline review, software and user enumeration.
• Incident Response, investigation and management.
• Performing risk assessment of applications, new security projects and processes, in order to lead to an increased security level.
• Creation of management dashboards, heat maps and reports to capture data protection risk and compliance with compliance requirements.

Oct 2012 – Apr 2013 · 6 mos · Bangalore

• Worked on multiple implementation and sustainment projects related to “Data Security and Privacy” based on EU data protection law and IBM DS&P framework. This includes review of the privacy and security control established at third party and business associates to ensure the industry standard privacy practices have been adhered.
• Project requires creation of standard processes, securing the PI/BSI/SPI information of the end client.
• Rationalizing privacy requirements
• Developed controls on the basis of rationalized requirements
• Developed policy, procedure and controls based on EU data protection Law, application DS&P laws and IBM data security and privacy framework.
• Analyzing existing policies against the control framework and identifying potential gaps
• Identifying key business functions and processes that collect, store, process, use, and/or share Personally Identifiable Information
• Performing business process privacy readiness assessment against the identified requirements
• Performing data lifecycle mapping, requirements and gap identification, and final reporting
• Preparation of PCI DSS sales presentations and proposal

Sep 2011 – Oct 2012 · 1 yr 1 mo · Mumbai Metropolitan Region

• PCI DSS gap assessment, remediation support and certification audit (IT Audit based on PCI DSS compliance) for one of the largest retail chain in Middle-East region. Assessment covered Central operational facility, retail stores. POS terminal review, loyalty card services, Customer support service.
• PCI DSS recertification audit for one of the largest payment gateway and service provider in India. Assessment covered payment gateway service, card issuance, 3D Secure, Call center services offered by the service provider.
• Computer forensics analysis for a credit card breach. Forensic Imaging using Helix and Encase 6.15 for Linux and Windows Server. Application Code review to analyze the scenarios when card number was captured in the application log with time line analysis.
• PCI DSS gap assessment, remediation support and certification audit for one of the largest bank in Philippines. Assessment covered card issuance, acquiring, internet banking, core banking, mobile banking, 3D secure service, payment gateway, authorization, settlement services offered by the bank.
• Gap assessment of the payment switch, POS vendor based on the PA DSS (Payment Application – Data security Standard) requirement and remediation support. Analysis of the application on the multiple platforms.
• Report on Compliance (ROC) writing for Level 1 merchant, Acquirer and service providers.
• Risk Assessment for one of the Asia’s biggest third party service provider. Led team of 3; Preparation of risk assessment methodology, Risk assessment templates and risk assessment report.
• Worked as a Project manager and team lead for multiple PCI DSS, PA DSS and risk assessment projects.
• Conducted Data Centre Audit for number of clients.

Jun 2009 – Sep 2011 · 2 yrs 3 mos · Bangalore

• Risk assessment of the business processes by using proprietary Risk assessment methodology based on ISO 27005, NIST SP 800 30 and OCTAVE risk assessment framework. Interview based approach has been used for identification of critical asset, their threats, vulnerabilities, Impact and probability of occurrence. Various Risk profiles/ models were created for identification of all the possible threats and assessment of their impact on the business.
• PCI DSS gap assessment, remediation support and certification audit for one of the largest m-commerce service provider. The Assessment covered m-commerce application review, services like mobile recharge, shopping, ticket/ hotel booking etc. services offered by the m-commerce merchant
• Solely handled project co-ordination and assessment for multiple BPOs and retail organizations between several International and domestic locations across the globe.
• Conducted ISO 27001-surveillance audit and Internal Audit for software development organization.
• Consulting project for ISO 27001 compliance certificate which include development of policies & procedures, Risk assessment and mitigation plan, statement of applicability etc.