G

Golam Sarwar CCISO,CISM,CISA,CDPSE,CDP, CTPRP, ISMS-LA,SABSA-SF

Consultant

Sydney, New South Wales, Australia27 yrs 7 mos experience
Highly Stable

Key Highlights

  • 20+ years of experience in cybersecurity and risk management.
  • Expert in third-party security risk assessment and compliance.
  • Proven track record in leading security initiatives and audits.
Stackforce AI infers this person is a Cybersecurity and Risk Management expert with extensive experience in enterprise security solutions.

Contact

golams@yahoo.comLinkedIn

Skills

Core Skills

Information SecurityRisk ManagementGovernanceThird-party Security Risk AssessmentSecurity Architecture DesignCloud SecuritySecurity ManagementInformation Security ManagementRisk AssessmentVulnerability Assessment

Other Skills

Cloud ComputingISO 27001IT Risk ManagementIdentity and Access Management (IAM)Computer SecurityCybersecuritySecurityIT Security AssessmentsISO31000LeadershipTechnology Enabled Business TransformationComplianceNIST CSFISM/PSPFDigital Transformation

About

Success is no accident. It is hard work, perseverance, learning, studying, wisdom & sacrifice. ๐Ÿ™Welcome to my LinkedIn page - ๆฌข่ฟŽ, ุฃู‡ู„ุง ุจูƒ, เคธเฅเคตเคพเค—เคค เคนเฅ‡, ะ”ะพะฑั€ะพ ะฟะพะถะฐะปะพะฒะฐั‚ัŒ, ฮบฮฑฮปฯ‰ฯ‚ ฮ—ฮกฮ˜ฮ‘ฮคฮ•, เฆธเงเฆฌเฆพเฆ—เฆค, karibu, ใ‚ˆใ†ใ“ใ, ์–ด์„œ ์˜ค์‹ญ์‹œ์˜ค, HoลŸ KarลŸฤฑlama, Selamat datang. ๐Ÿ‘จโ€๐ŸŽ“ I am an experienced Cyber Security & Risk Consultant with strong auditing experience across multiple domains. Certified as a senior IT Security GRC professional with NV1 security clearance. I combine a strong work ethic into 20+ yearsโ€™ experience in customer management & delivery of all security-related services, fifteen yearsโ€™ of IT Security experience, specialising in consulting, advisory, assurance, third-party security, privacy, security controls, security compliance & risk management. ๐Ÿ–ฅ With the increasing proliferation of information & communication technologies and the growing opportunity for real-time borderless exchange, cybersecurity is a complex transnational issue that requires global cooperation for ensuring a safe Internet. ๐Ÿ” Cybercrime has now become a business which exceeds a trillion dollars a year in online fraud, identity theft, & lost intellectual property, affecting millions of people around the world, as well as countless businesses & the Governments of every nation. ๐ŸคMy mission for the Cyber Security Community around the world is to give you a trusted resource to help you face the business challenges of today & impact the business outcomes of tomorrow. We will do this together, as isolation isnโ€™t an option in the face of todayโ€™s advanced cyber security threats. โœˆ๏ธ ๐ŸŒ I have lived and worked in Newcastle Upon Tyne & London in UK; San Diego, Los Angeles, Newark, New York City, & Phoenix in the United States; Wollongong & now live in a beautiful and sunny โ˜€๏ธ city Sydney, Australia ๐Ÿฆ˜is one of the world's most liveable, peaceful & safest cities. The international work experience has allowed me to learn about different cultures, & grow further professionally. ๐Ÿ“š ๐—ž๐—˜๐—ฌ ๐—ฆ๐—ž๐—œ๐—Ÿ๐—Ÿ๐—ฆ: โ˜‘๏ธPassionate Cyber Security Professional โ˜‘๏ธRigorous & perceptive IT Security audit capability โ˜‘๏ธWide knowledge of IT Security governance standards, frameworks, controls & processes โ˜‘๏ธKnowledgeable in Networks & Cloud environments โ˜‘๏ธStrong leadership & interpersonal skills, experienced manager, leader & coach โ˜‘๏ธHelping organisation to build, mature or validate their Cyber Security programs โ˜‘๏ธIdentifying & assessing a company's potential risk to safety, reputation, & financial prosperity โ˜‘๏ธExcellent written & verbal communication & presentation skills ๐Ÿ“งgolams@yahoo.com

Experience

27 yrs 7 mos
Total Experience
5 yrs 7 mos
Average Tenure
5 yrs 3 mos
Current Experience

Westpac group

๐’๐ž๐ง๐ข๐จ๐ซ ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐‚๐จ๐ง๐ฌ๐ฎ๐ฅ๐ญ๐š๐ง๐ญ

Jan 2021 โ€“ Present ยท 5 yrs 3 mos ยท Sydney, New South Wales, Australia ยท Hybrid

  • โžค Ensuring currency and alignment of security policies, standard and controls are aligned to regulatory and industry best practice.
  • โžค Management of security controls in the Technology Control Library, including alignment with policies and standards.
  • โžค Ensure compliance with Groups Security methodologies, disciplines and processes. Management of security policy exceptions
  • โžค Provide governance and security advise on security control and processes to the Business, WNZL, Asia and NYLON, to ensure that the group continues to be protected against current and emerging threats.
  • โžค Westpac ISG liaison/representative at all risk domain forum, group projects and assist Secure By Design on implementation of security controls where required. Govern Secure configuration across critical Third Parties
  • โžค Responsible for assisting with the identification of company-wide information security risks, conducting security risk assessments, and providing recommendations to Business and Group Tech units on how to improve projects and organizational security posture, in order to facilitate compliance with the Westpac Group Information Security Framework and target risk position for information security.
  • โžคMonitor and advise management of emerging security issues, threats and trends, including impacts of changes to legislation, to provide visibility and assurance to executive stakeholders about the information security state of the Group.
  • โžค Conduct educational workshops to the business for secure handling of data and information in accordance to our Security Standards.
  • โžคLiaise effectively with Westpacโ€™s business partners and third-party service providers as required to ensure that Westpac continues to be protected against current and emerging threats.
  • โžคIdentify information security requirements for business processes, applications and other software products to ensure that Westpac continues to be protected against current and emerging threats.
Cloud ComputingISO 27001Information SecurityGovernanceIT Risk ManagementIdentity and Access Management (IAM)+11

Allianz

๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ง๐—ต๐—ถ๐—ฟ๐—ฑ ๐—ฃ๐—ฎ๐—ฟ๐˜๐˜† ๐—ฅ๐—ถ๐˜€๐—ธ ๐—–๐—ผ๐—ป๐˜€๐˜‚๐—น๐˜๐—ฎ๐—ป๐˜

Nov 2020 โ€“ Jan 2021 ยท 2 mos ยท Sydney, New South Wales, Australia ยท Hybrid

  • โžคThird Party Cyber Security Risk Management based on the Australian Prudential Regulation Authority (APRA) CPS 234 โ€“ Information Security.
  • โžคPerformed analysis of the cyber and resilience risks associated with potential and existing third party suppliers and related parties.
  • โžคResponsible for performing due diligence on new suppliers enabling the business to obtain secure third-party services.
  • โžคManaged the classification and tiering of third party supplier as well as administering third party cyber assessment software.
  • โžคMaintained a current inventory of third party providers detailing their respective cyber risk.
  • โžคContributed to the continuous uplift of supplier cyber management capability.
  • โžคTracked key cyber security third party assessment metrics and generating reports to monitor the effectiveness of the third party program.
  • โžคCollaborated with Allianz's Procurement, Legal, and Risk & Compliance Community on risks associated with third and related parties
  • โžคExecuted reviews of contract security schedules.
  • โžคAssisted with maturing the third party cyber policies, standards and procedures owned by the team and helping to embed these across the organisation.
  • โžคPerformed Third Party Security Assessments using the clientsโ€™ provided questionnaire, Alyne and BitSight GRC tools.
Cloud ComputingInformation SecuritySecurity ManagementInformation Security ManagementComputer SecurityCybersecurity+5

Nbnโ„ข australia

3 roles

๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—–๐—ผ๐—ป๐˜€๐˜‚๐—น๐˜๐—ฎ๐—ป๐˜/๐—˜๐—ป๐—ด๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—ฃ๐—ฎ๐—ฟ๐˜๐—ป๐—ฒ๐—ฟ (Architect)

Jul 2017 โ€“ Nov 2020 ยท 3 yrs 4 mos ยท North Sydney, New South Wales, Australia

  • โžคProvided security advice to technology/business owners to ensure critical nbn environments and assets are protected with the right level of security controls.
  • โžคOrchestrated the security requirements for major business transformation projects.
  • โžคCoordinated effectively with different security teams (Security Architecture, Privacy, CSOC, and Physical Security) through engagement in various business projects.
  • โžคUnderstand the business and information risk context and propose architectures and countermeasures to mitigate risk.
  • โžคWorked closely with business managers, project teams, legal, procurement, solution architects and system engineers to identify, design and implement security controls which provide value driven risk reduction and alignment to compliance requirements.
Security Architecture DesignCloud ComputingNIST CSFISO 27001ISM/PSPFCloud Security+24

๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—”๐—ฑ๐˜ƒ๐—ถ๐˜€๐—ผ๐—ฟ ๐—ฎ๐—ป๐—ฑ ๐—”๐˜€๐˜€๐˜‚๐—ฟ๐—ฎ๐—ป๐—ฐ๐—ฒ

Jan 2016 โ€“ Jun 2017 ยท 1 yr 5 mos ยท North Sydney, New South Wales, Australia

  • โžคOwned a portfolio of NBN business units and be responsible for providing security advisory and assurance services, acting as their trusted advisor.
  • โžคIdentified and profiled emerging or imminent cyber threats that are likely to impact NBN business.
  • โžคIdentification, analysis and management of potential security breaches or incidents.
  • โžคMaintained awareness of current cyber security standards and ensure all activities comply with these standards.
  • โžคEvaluated potential vendors and third-party solutions for security scope. Managed the vendor life cycle, vendor risk identification and rating.
  • โžคProvided security risk recommendations to the procurement and legal team to ensure outsourced and/or offshored services are appropriately assessed
Cloud ComputingISO 27001ISM/PSPFDigital TransformationGovernanceIdentity and Access Management (IAM)+18

๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฆ๐—ผ๐—น๐˜‚๐˜๐—ถ๐—ผ๐—ป ๐€๐ซ๐œ๐ก๐ข๐ญ๐ž๐œ๐ญ

May 2015 โ€“ Jan 2016 ยท 8 mos ยท North Sydney, New South Wales, Australia

  • โžคCommunicate the NBN Co security policies & corporate risk appetite & security architecture and standards (ISO/IEC 27001/27002, ISO/IEC 31000, ISO/IEC 27799:2008, IRAM, PSPF, Privacy Act, eTOM, TOGAF, SABSA, TNM) to the solution design and delivery teams in the Application domains.
  • โžคCoordinate meetings, extract requirements, knowledge and documentation to then review designs against key domains of the target security architecture and NBN policies.
  • โžคProvide consultancy advice regarding security and infrastructure.
  • โžคWork with delivery teams & Solution Architects to ensure the security requirements for proposed solutions in the application domain are defined & satisfied.
  • โžคManagement of security exemptions throughout NBN space.
  • โžคCommunicate awareness of technical security architecture & standards within the application domain.
  • โžคEnsure that all new project solutions receive a Threat Risk Assessment (TRA) review and development and refinement
Security Architecture DesignCloud ComputingISO 27001ISM/PSPFInformation SecurityCloud Security+18

Telstra

3 roles

๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—ฟ

Promoted

Jan 2011 โ€“ Apr 2015 ยท 4 yrs 3 mos ยท Sydney, New South Wales, Australia ยท On-site

  • โžคResponsible for designing, implementing and maintaining the Telstra Information Security Management System (ISMS) and for stewardship of ISMSs in Telstra. The role ensures the continuing suitability, adequacy and effectiveness of Telstraโ€™s ISMS policy objectives, enforcing Telstra security policy and standards, consulting with other business units to ensure compliance with ISMS and Telstra information security requirements and coordinating a cluster-wide program of ISMS assessment and certification.
  • โžคOperated and managed ISO/IEC 27001 and ISO/IEC 27002 accredited ISMSโ€™s to regularly monitor and review Telstra information security processes to support ISMS objectives in the delivery of continual improvement of security management across the relevant Telstra business units, to maintain continued accreditation status and/or meet compliance needs.
  • โžคProvided management relevant reporting from internal audit programs, review of implemented security controls, current risk management activities, corrective and preventive actions database record management and any other source of information in the delivery of information security compliance management programs.
  • โžคTraining, mentoring and development of ISMS and Information Security E-learning trainings across the Telstra Cloud Services and Telstra Network Division.
Cloud ComputingISO 27001Risk AssessmentCloud SecurityDigital TransformationGovernance+23

๐—ฆ๐—ฒ๐—ป๐—ถ๐—ผ๐—ฟ ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฆ๐—ฝ๐—ฒ๐—ฐ๐—ถ๐—ฎ๐—น๐—ถ๐˜€๐˜

Promoted

Jan 2008 โ€“ Dec 2010 ยท 2 yrs 11 mos ยท Sydney, New South Wales, Australia ยท On-site

  • โžคCoordination of the Telstra ISMS assessment and certification program.
  • โžคConducted effective ISMS in accordance with stated business objectives.
  • โžคEnforced ISMS policies, plans and methodologies throughout all support groups engaged in product delivery.
  • โžคEngaged with all relevant business areas, service delivery and common services teams, including third-party service providers to ensure effective ISMS.
Cloud ComputingISO 27001Risk AssessmentDigital TransformationGovernanceVulnerability Assessment+21

๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ถ๐—ฐ๐—ฎ๐—น ๐—˜๐˜…๐—ฝ๐—ฒ๐—ฟ๐˜ - ๐—œ๐—ง ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†

Jan 2005 โ€“ Dec 2007 ยท 2 yrs 11 mos ยท Sydney, New South Wales, Australia ยท On-site

  • โžคAudit various platforms, including Linux, Solaris, and Windows.
  • โžคChaired the Security patch management forum which recommends and tracks security patches across all platforms
  • โžคMonitored and investigated security breaches across customer LAN, WAN and gateways.
  • โžคVulnerability assessment for Internal and External customers.
Cloud ComputingISO 27001Vulnerability AssessmentIdentity and Access Management (IAM)Security ManagementInformation Security Management+12

Ibm

๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—ฆ๐—ฝ๐—ฒ๐—ฐ๐—ถ๐—ฎ๐—น๐—ถ๐˜€๐˜

Jan 2000 โ€“ Dec 2004 ยท 4 yrs 11 mos ยท Sydney, New South Wales, Australia ยท On-site

ITILUnixInfrastructureInformation TechnologyNetwork Administration

At&t

๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ผ๐—น๐—ผ๐—ด๐˜† ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ถ๐—ฐ๐—ฎ๐—น ๐—ฆ๐—ฝ๐—ฒ๐—ฐ๐—ถ๐—ฎ๐—น๐—ถ๐˜€๐˜

Jan 1998 โ€“ Dec 1999 ยท 1 yr 11 mos ยท Sydney, New South Wales, Australia ยท On-site

ITILUnixInfrastructureInformation Technology

Education

University of Wollongong

๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“๐†๐ซ๐š๐๐ฎ๐š๐ญ๐ž ๐ƒ๐ข๐ฉ๐ฅ๐จ๐ฆ๐š โ€” ๐๐ฎ๐ฌ๐ข๐ง๐ž๐ฌ๐ฌ ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ๐ฌ

TECH Global University

๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“ ๐๐จ๐ฌ๐ญ๐ ๐ซ๐š๐๐ฎ๐š๐ญ๐ž ๐‚๐ž๐ซ๐ญ๐ข๐Ÿ๐ข๐œ๐š๐ญ๐ž โ€” ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐€๐ซ๐œ๐ก๐ข๐ญ๐ž๐œ๐ญ๐ฎ๐ซ๐ž & ๐Œ๐จ๐๐ž๐ฅ๐ฌ

Long Island University

๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“ ๐Œ๐š๐ฌ๐ญ๐ž๐ซ ๐จ๐Ÿ ๐’๐œ๐ข๐ž๐ง๐œ๐ž - ๐Œ๐’ โ€” ๐Œ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ๐ฌ ๐„๐ง๐ ๐ข๐ง๐ž๐ž๐ซ๐ข๐ง๐  (๐‚๐จ๐ฆ๐ฉ๐ฎ๐ญ๐ž๐ซ ๐’๐œ๐ข๐ž๐ง๐œ๐ž)

Alliant International University-San Diego Campus

๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“ ๐๐š๐œ๐ก๐ž๐ฅ๐จ๐ซ ๐จ๐Ÿ ๐’๐œ๐ข๐ž๐ง๐œ๐ž (๐.๐’๐œ.) โ€” ๐‚๐ข๐ฏ๐ข๐ฅ ๐„๐ง๐ ๐ข๐ง๐ž๐ž๐ซ๐ข๐ง๐ 

Richmond American University London

Completed 3 years of a 4 years BSc degree program at R-AIU in UK โ€” before relocating to the USA.

Northumbria University

Completed 1st year study of BSc in Building Services Engineering.

Stackforce found 100+ more professionals with Information Security & Risk Management

Explore similar profiles based on matching skills and experience

Akshat Sanwal

Akshat Sanwal

Security Analyst

at Zoom

Bengaluru, India6 yrs 7 mos exp
Rehan Khan

Rehan Khan

Technical Director

at KPMG India

Gurgaon, India15 yrs 6 mos exp
IT AuditsRisk AssessmentsBusiness Continuity
Aishwarya Shivhare

Aishwarya Shivhare

Senior Delivery Manager

at Tata Consultancy Services

Indore, India0 mo exp
Vivek Shah

Vivek Shah

Chief GRC & AI Officer

at Secura CyberTech

India8 yrs 9 mos exp
GRC Implementation & StrategyRSA Archer Development & Customization
Ali Khan

Ali Khan

Global Head Governance, Risk, Compliance & Audit

at ZS

Pune, India14 yrs exp
AuditGovernance Risk ComplianceRisk Management
Dhirendra Kumar

Dhirendra Kumar

Head Tech Risk and Cyber Control

at Barclays

Gurugram, India25 yrs 9 mos exp
Crisis ManagementCyber ResilienceInformation Risk ManagementOperational Resilience
DJ

Dollie Juneja

Senior Consultant

at EY

Hoboken, United States8 yrs 4 mos exp
Data AnalysisResearch Support
AS

Arun S

Principal Security Architect

at IBM

Coimbatore, India11 yrs 8 mos exp
Cloud Native SecurityCybersecurity Incident ManagementSecurity Incident Management