Fiaz Mohamed
Dubai,UAE
Summary
Information Security officer Consultant with rich blend of experience in both Compliance , Governance, Risk and Technical Information Security controls for more than 11 years .
Results-driven IT Security professional with notable success in planning, analysis and implementation of security initiatives. Strengths in providing comprehensive security architecture and security frameworks. Certified in CISA, CEH and ISO27001
Proven expertise in Information Security Implementation, Governance Risk and Compliance, Cybersecurity Technical Assessments , Gap Assessment, Risk Assessment across various standards and cybersecurity regulations .
Ensured compliance and governance across more than 200 projects across various verticals such as Manufacturing, Insurance, and Finance, Banking, Health Care and Commercial sector
Overview
13
13
years of professional experience
9
9
years of post-secondary education
Work History
Information security Compliance Officer / Analyst
Dubai Airports
Dubai
01.2022 - Current
- ISO27001 and ISR Implementation, Governance, Risk & Compliance Officer
- End - End documentation of Policy & Procedures, Creation of procedures from ISR and ISO27001 standpoint across various domains
- Ensuring compliance towards ISR regulatory requirements for all controls, clauses and sub-clauses nearly 330+ security controls
- Security architecture and Technical review of cybersecurity controls
- Information Security Contracts Evaluation
- Performing Risk Assessment, Vendor Risk Assessment, Awareness and Training, Incident Management Analysis
- Full Support during ISO27001 and ISR External Audits
Information Security Officer
The Executive Council
Dubai
01.2018 - 02.2022
- Responsible for implementation, governance and management of ISR requirements. Implemented and ensured compliance across all domains of ISR and ISO27001
- Performed Governance, Risk, Compliance reviews and Technical Assessments across Network Security, Operations Security, Endpoint Security, Application Security, Business oriented information security,Server Security across IT and Business divisions
- Assessment, Vendor Risk Assessment, Awareness and Training, Incident Management Analysis
- Full Support during ISO27001 and ISR External Audits
- Implementation of ISO27001 and ISR Security
- Projects and Full implementation overview and management
- ISR control implementation across sectors such as HR, Administration, Physical, Finance, IT and across various business units
- Forefront activities conducted in ISR includes Risk Assessment, Gap Assessment, Audits, Incident Response and Management, Information Security Awareness, Vendor Risk Assessment, Policy and Procedure creation and updation,
- Implemented Azure: Cloud DLP, IRM and MFA
- Classification solutions as part of ISR Implementation
- SOC/SIEM implementation and managed SOC Team for various security alerts and Events
- Managed VA/PT Team, a group of 4 people primarily working on Vulnerability Assessment / Penetration testing on web applications and Mobile Apps
- Vendor management for endpoint security solution deployments such as AV solutions and MFA for emails
- Managed all vendors who are a part of organization performing vendor risk assessment activities as part of Due care and Due Diligence Activities
- As part of Governance, Risk and Compliance activities fully implemented the BIA framework and identified all critical and non-critical business processes related to BIA
- Providing consulting and advisories for all security related matters and incidents
- Managed ITSD, IT Operations for security governance related activities
Information Security Analyst
Tata Consultancy Services
Chennai, India
03.2016 - 01.2018
- I worked as a Lead Assessor in a team of 15 members who looked after Vendor Risk Assessment activities for a reputed 100 year old bank in Canada in order to comply with Canadian regulations under PIPEDA law
- Performed Risk Assessment based on services provided by the vendors as well as the data received by the vendor from the Bank institution
- Based on the data sensitivity and service criticality, inherent risks will be generated and risk assessment will be performed accordingly
- Verifying the design evidence and operating evidence as part of risk assessment activities
- Constantly co-coordinating with Supplier Manager as part of Risk and Scope Discussion
- As part of CQ phase, daily discussions and meetings with supplier SPOC in order to ensure compliance towards identified controls
- Weekly meetings with the client to discuss about the challenges and issues faced by the assessors while executing the RA process for various suppliers
- As part of corrective and preventive actions plans, detail discussions is a part of activity with the supplier in order to provide insights about the risks and its possible risk mitigation strategy and controls to implement and to reduce or mitigate the risks completely
- Following up with QA, SM and Supplier SPOC for closure of risks.
Information Security Auditor
Computer Science Corporation
Chennai, India
01.2013 - 03.2016
- Played the role of Corporate Internal Auditor for all the projects and support functions
- Projects audited by me for compliance towards ISO27001 controls includes, Citibank, Barclays, AT&T, Kaiser, Pfizer, Zurich, GAP,GLIC, Esurance, Aon Hewitt, Chrysler Rite Sourcing ,Truven Health Analytics, NHS-LDO , Telenor, Progressive Insurance, Lorenzo,Telenor, etc carrying out Baseline security audits as well as controls mentioned by the client as described in the Client security requirements
- Carrying out Corporate ISMS Audits and Information Security Audits for Support Functions such as Administration Department, Human Resource Department, Service delivery departments-Server Auditing/Desktop Auditing/Network Auditing, Internal, Application team Auditing, Data Centre Auditing, Material in/out Auditing, Visitor management auditing for Compliance towards ISO27001 controls and Information security policies and procedures compliance
- Carrying out Risk Assessment for varied verticals such as Manufacturing Projects, Finance Projects, Healthcare & Insurance projects, Consumer and Retails projects, Communication projects etc
- Verifying and Assessing HIDS, IDS, IPS, Asset inventory(hardware/software), On boarding/Off boarding process, Incident management reports, virus and worm cleanup database, Baseline vulnerability scanning reports, Data classification guidelines, Access Control Matrix , Found stone Web vulnerability scanning tool Log Analysis for detection of High, Medium and low risk vulnerabilities
- Co-coordinating with various projects for creation, establishment and development of Business Continuity Plan documents, BusinessImpact Analysis using LDRPS tool
- Testing the creation of BCP doc for effective and appropriate functioning of business operations at time of crisis by simulating a disaster scenario
- Carrying out multiple testing plans such as call tree testing, Table top testing,Crisis simulation testing
- Involved in Organizational level External ISO27001 audit conducted by the third party as part of re-certification audit and surveillance audit for re-establishment of ISO27001 certificate for the organization
- Establishing Client security requirements for projects by going through MSA agreement
- Ensuring that the OFIs (Opportunity for Improvement) and CAPAs (Corrective and Preventive Action) are closed within agreed timelines
- Conducting Information Security Awareness session for third party contractors, Sub-contractors, fresher's and experienced candidates.
Project Engineer
Wipro Technologies
11.2010 - 01.2013
- Worked on creation, protection of websites and implementing authentication and authorization protocols for a reputed banking organization of North America
- Hands-on experience on various operating systems such as UNIX,AIX & IBM httpd servers
- Creation of secured socket layer (SSL) Using IBM tool Ikeyman
- Plug-in generation to connect web server with the backend application server and to implement plug-in modules for the respective URL's
- Requesting Certificate Authority (CA) to generate certificates by providing the necessary parameters in X.509 std to implement SSL protection for websites and also management of PKI environment
- Modifying the httpd.conf file based on Users' requirement such as creation of rewrite rule, setting up re-directions, configuring error document handling files and various image-based files
- Executing authentication and authorization for users using CA's site minder technology in all three environments DEV, UAT, PROD
- Creation of Agent, Agent Configuration Object, Host Configuration object, Authentication scheme and Domain under system properties in site minder Console
- Web agent Installation to enable/connect the site minder policy server with web servers for Authentication and Authorization
- Manually configuring Agent properties - Single Sign-On (SSO), editing the Agent configuration properties if the website requires specific parameters (Valid target Domain, Allow Cache headers) as requested by the Application team.
Education
Certificate of Higher Education - Information Systems
CISA
Dubai 08.2020 - 08.2023
Certificate of Higher Education - Information Systems
Certified Ethical Hacker
Dubai 03.2017 - 03.2020
Certificate of Higher Education - ISMS
ISO27001
India 03.2014 - 03.2017
B.E - Electronics Engineering
Hindustan College of Engineering / Anna University.S.No Education Stream University
2010
Skills
Information Security Skills - Compliance
- Information Security Compliance, Gap Assessment, Risk Assessment
- ISO27001 / ISR / NIST /Q-Cert
- Information Security Governance
- Data Governance
- Policies and Procedures documentation and Implementation
- KPI’s, Metrics & Measurement
- Vendor Risk Assessments,
Information Security Skills – Technical
- DLP-Data Leakage Prevention
- Information Security, Data security
- CyberSecurity - Endpoint, Data Security, Email Security, PAM, DLP, MFA,Bitlocker Encryption
- Cybersecurity - Vulnerability Assessment
- SIEM / SOC - LTS Secure, Azure Sentinel
Additional Information
- In preparation of CISSP , Planning to sit for certification in the year 2023
Languages
Hindi
Intermediate
English
Advanced
Tamil
Advanced
Timeline
Information security Compliance Officer / Analyst
Dubai Airports
01.2022 - Current
Certificate of Higher Education - Information Systems
CISA
08.2020 - 08.2023
Information Security Officer
The Executive Council
01.2018 - 02.2022
Certificate of Higher Education - Information Systems
Certified Ethical Hacker
03.2017 - 03.2020
Information Security Analyst
Tata Consultancy Services
03.2016 - 01.2018
Certificate of Higher Education - ISMS
ISO27001
03.2014 - 03.2017
Information Security Auditor
Computer Science Corporation
01.2013 - 03.2016
Project Engineer
Wipro Technologies
11.2010 - 01.2013
B.E - Electronics Engineering
Hindustan College of Engineering / Anna University.S.No Education Stream University
Similar Profiles
Anoud AhmedAnoud Ahmed
Terminal Works & Safety Officer at Dubai AirportsTerminal Works & Safety Officer at Dubai Airports
Eisa AlmaazamiEisa Almaazami
Development (Head of Airside Service Delivery) at Dubai AirportsDevelopment (Head of Airside Service Delivery) at Dubai Airports
Francis AnyormidieFrancis Anyormidie
Mechanical Team Lead at Dubai AirportsMechanical Team Lead at Dubai Airports