Sep 2019 – Feb 2021 · 1 yr 5 mos · Abu Dhabi, United Arab Emirates

• My role is instrumental in steering the organization's cybersecurity strategies, compliance adherence, and risk management frameworks. Overseeing a comprehensive spectrum of responsibilities, I'm dedicated to fortifying the company's security posture while ensuring regulatory compliance and promoting a culture of best practices.
• Leadership and Strategic Oversight:
• In my capacity as the IT Risk and Compliance Officer, I've wielded strategic leadership to guide Royal Group towards a robust cybersecurity posture. My initiatives have been focused on aligning security measures with the company's objectives and evolving threat landscapes.
• Information Security Risk Management:
• Central to my role is the meticulous identification, assessment, and management of Information Security Risks across the organization. Conducting thorough risk assessments and analyses has enabled the development and execution of mitigation strategies to preemptively address potential threats and vulnerabilities.
• Compliance and Regulatory Adherence:
• Ensuring adherence to various industry standards and regulatory frameworks is a critical aspect of my role. I've navigated and ensured compliance with diverse regulations,ISO27001 & other regional mandates.
• I've been instrumental in orchestrating the implementation of robust security controls, leveraging industry-standard frameworks such as NIST, CIS Controls, and ISO/IEC 27001. This involved devising, implementing, and monitoring controls across varied IT environments, enhancing defenses against potential cyber threats.
• Cultivating a Security-Aware Culture:
• A key focus of my initiatives has been fostering a culture of heightened security awareness across the organization. Through tailored training programs, workshops, and awareness campaigns, I've instilled a proactive mindset among employees, empowering them to contribute to the safeguarding of organizational assets.

Apr 2017 – Sep 2019 · 2 yrs 5 mos · Dubai, United Arab Emirates

• My role at Mashreq Bank was to fortify the organization's security posture. I've been entrusted with developing a comprehensive roadmap that acts as the cornerstone for elevating the company's security measures. My responsibilities span overseeing security metrics, policy and procedure updates, project initiatives aligned with business needs, and assessing cloud security requirements.
• Developing a Robust Security Roadmap:
• A pivotal aspect of my role involves crafting a detailed roadmap aimed at enhancing the organization's security posture. This roadmap serves as a guiding framework, outlining strategic initiatives, resource allocation, and timelines to fortify security measures across the enterprise. This comprehensive plan acts as a blueprint, aligning security goals with the company's overarching objectives.
• Security Metrics and Management Review:
• I was responsible for curating security metrics that facilitate management review and informed decision-making. These metrics serve as vital indicators, providing insights into the effectiveness of implemented security measures. Regular review sessions with management ensure that actions are taken promptly to address identified gaps and mitigate potential risks proactively.
• Policy and Procedure Review and Update:
• Ensuring that policies and procedures are in line with industry standards and evolving threat landscapes. I lead the review and update process, meticulously aligning policies with regulatory requirements and best practices.
• Cloud Security Assessment:
• With the increasing adoption of cloud technologies, I plaed a pivotal role in assessing the security requirements for cloud adoption. My expertise allows for a comprehensive evaluation of cloud environments, enabling the formulation of tailored recommendations. These recommendations are aimed at optimizing security controls and best practices specific to cloud infrastructures, ensuring a secure cloud environment.

May 2016 – Apr 2017 · 11 mos · Bahrain

• During my role as Information Security Officer at S2M TGCC I have been instrumental in shaping policies and procedures that align with diverse industry standards and regulatory compliance requirements. Additionally, my responsibility includes spearheading the meticulous implementation of Payment Card Industry Data Security Standard (PCI-DSS) compliance measures, ensuring the organization's adherence to these critical standards.
• Development of Policies and Procedures:
• A significant aspect of my role revolves around crafting robust policies and procedures that align with various industry standards and regulatory frameworks. I've led cross-functional teams to meticulously develop, review, and refine policies to meet compliance requirements. These policies serve as the foundation for the organization's security posture, addressing data protection, access controls, incident response, and other vital aspects of cybersecurity.
• Implementation of PCI-DSS Compliance:
• I've taken a leadership role in managing the implementation of PCI-DSS standards within the organization. This involved orchestrating a comprehensive approach to comply with the stringent requirements set forth by PCI-DSS. My responsibilities encompassed assessing the existing infrastructure, identifying gaps, and strategizing the implementation of controls and measures to ensure compliance with PCI-DSS mandates.
• Achievements:
• Successfully developed and implemented a suite of policies and procedures aligning with ISO, NIST, and other industry benchmarks, resulting in a 30% improvement in compliance scores.
• Led the PCI-DSS compliance project, resulting in the achievement of full compliance within the mandated timeline, thus enhancing the organization's credibility and trustworthiness in handling cardholder data.
• Conducted thorough assessments and audits, identifying and addressing vulnerabilities, culminating in a 40% reduction in potential PCI-related risks.

Jan 2015 – Jan 2016 · 1 yr

• During my tenure as an Incident Handler at Presidio, a prominent US-based Managed Service Provider (MSP), I played a critical role in managing and mitigating incidents across a diverse clientele base. My responsibilities encompassed incident response, resolution, and proactive measures to safeguard the interests of over 25 valued customers.
• Incident Response and Resolution:
• As an incident handler, I operated at the forefront of incident response, addressing a wide array of security incidents spanning multiple customer environments. My role involved prompt identification, analysis, and resolution of security incidents, ensuring minimal disruption to critical business operations.
• Proactive Measures and Prevention Strategies:
• In addition to reactive incident handling, I proactively implemented measures aimed at preventing future incidents. Through comprehensive risk assessments and analysis, I identified potential vulnerabilities, recommending and implementing preventive strategies to bolster the overall security posture of client environments.
• Client Portfolio Management:
• Managing incident handling for a diverse clientele demanded a tailored approach for each customer's unique environment and requirements. I navigated and resolved incidents across varied industry sectors, customizing response strategies and solutions to align with individual client needs.
• Collaborative Approach and Stakeholder Engagement:
• Successful incident resolution often required seamless collaboration and coordination with internal teams and customer stakeholders. I facilitated clear communication channels, ensuring alignment between incident resolution strategies and client expectations.

Jul 2012 – Sep 2012 · 2 mos · Mumbai Area, India

• During my tenure as an Information Security Specialist, I led the comprehensive implementation of an Information Security Management System (ISMS) tailored specifically for a prominent pharmaceutical company. This pivotal role involved strategizing, planning, and executing robust security measures to safeguard sensitive data and uphold industry standards.
• ISMS Implementation Strategy:
• I formulated and executed a tailored strategy for the implementation of an ISMS within the pharmaceutical company. This encompassed identifying and assessing security risks, developing policies and procedures, establishing controls, and fostering a security-aware culture across the organization.
• Compliance and Regulatory Alignment:
• Ensuring compliance with stringent industry regulations and standards was at the core of the ISMS implementation. I meticulously aligned the ISMS framework with industry benchmarks such as ISO 27001, and other pharmaceutical-specific regulatory requirements, ensuring the company's adherence to legal and regulatory mandates.
• Risk Assessment and Mitigation:
• Conducting comprehensive risk assessments formed a cornerstone of the ISMS implementation process. I identified potential vulnerabilities, assessed risks, and devised robust mitigation strategies to preemptively address threats, safeguarding critical pharmaceutical data and intellectual property.
• Policies, Procedures, and Training:
• I played a pivotal role in drafting, refining, and implementing information security policies and procedures. These policies were designed to govern data handling, access controls, incident response, and compliance protocols. Additionally, I orchestrated tailored training programs to educate employees, fostering a security-conscious culture within the organization.

Jan 2012 – Jan 2015 · 3 yrs · New Delhi Area, India

• Cyber Security Specialist | Policy Development & Incident Response
• Empanelment Exercises Management:
• I oversaw and managed Empanelment Exercises, playing a pivotal role in their execution. My responsibilities involved developing comprehensive test beds to assess the security auditing competencies of participating organizations. These exercises were instrumental in evaluating and enhancing the security readiness of diverse entities, fostering a culture of preparedness against cyber threats.
• National Cyber Security Policy Drafting:
• I actively contributed to the drafting and review phases of the inaugural National Cyber Security Policy. Collaborating closely with key stakeholders, I provided valuable insights and recommendations that contributed to the formulation of a robust policy framework. This policy laid the foundation for national cybersecurity initiatives, encompassing critical aspects of cyber resilience and defense strategies.
• Coordination of Cyber Security Drills/Exercises:
• In a coordinating capacity, I orchestrated and facilitated Cyber Security Drills and Exercises. These proactive initiatives aimed at simulating real-life cyber threats and responses, fostering preparedness among stakeholders. My role involved organizing, coordinating, and evaluating these exercises to enhance incident response capabilities and refine cyber defense strategies.
• Policy and Procedure Review for Critical Sector Organizations:
• I undertook the meticulous review and analysis of policies and procedures for critical sector organizations. This included assessing existing frameworks, identifying gaps, and providing recommendations to fortify security postures. By aligning policies with industry standards and best practices, I contributed to enhancing the resilience of critical infrastructure against cyber threats.