Reshma Nair
Dubai,UAE
Summary
Accomplished information security professional with a focus on governance, risk, and compliance (GRC), adept at designing and enforcing security policies, performing comprehensive risk assessments, and ensuring adherence to regulatory standards.Skilled in deploying robust security measures and developing comprehensive data protection strategies to safeguard critical organizational assets.Committed to advancing organizational security posture through effective governance frameworks, risk mitigation initiatives, and compliance programs.
Overview
12
12
years of professional experience
5
5
years of post-secondary education
1
1
Certification
Work History
Senior GRC Specialist
Geidea Payment LLC
Dubai, UAE
05.2024 - 02.2025
- Implemented and managed the Information Security Management System (ISMS) in alignment with SAMA CSF, UAE IAR-NESA, PCI DSS, and ISO 27001, ensuring a robust security framework and regulatory compliance.
- Carried out compliance activities in accordance with applicable regulatory requirements, implementing proactive security monitoring to identify vulnerabilities, mitigate risks, and enhance the organization's security posture.
- Conducted risk assessments for third-party vendors and new projects, ensuring compliance with regulatory requirements and proposing targeted mitigation strategies to address identified risks, thereby enhancing the organization's overall security posture.
- Served as a Change Advisory Board (CAB) member, assessing security risks and approving changes to ensure seamless integration of compliance requirements and security controls into IT and business operations.
- Developed and presented comprehensive risk assessment reports to executive leadership, enabling informed cybersecurity decision-making.
- Responsible for monitoring and reporting on key performance indicators (KPIs) to evaluate and enhance the organization's security posture.
- Monitored emerging cybersecurity threats and trends, proactively enhancing the organization's security posture and incident response strategies.
- Created detailed governance reports, ensuring transparency and accountability in compliance initiatives.
- Designed and led organization-wide security awareness and targeted cybersecurity training programs, fostering a culture of compliance and enhancing employee engagement in security best practices.
Information Security Officer
Ras Al Khaimah National Insurance Company
Ras Al Khaimah, UAE
12.2020 - 04.2024
- Developed, implemented, and periodically reviewed information security policies and procedures to ensure compliance with ADHICS and UAE IAR - NESA.
- Collaborated with cross-functional teams to identify and mitigate compliance risks, security vulnerabilities, and emerging threats.
- Provided strategic guidance on security risk management, supporting the implementation of effective controls and best practices.
- Classified and managed information assets by working with stakeholders to assess data sensitivity and system criticality.
- Prepared and delivered comprehensive security reports to senior management, highlighting key metrics and risk assessments.
- Designed and executed enterprise-wide security awareness programs, fostering a strong security culture across the organization.
- Acted as the primary liaison for information security audits and regulatory assessments, ensuring compliance readiness.
- Assessed third-party vendors and service providers, evaluating their security posture and adherence to compliance standards.
Information Security Operations Officer
Wirecard Processing FZ LLC
Dubai, UAE
12.2016 - 10.2020
- Developed, implemented, and maintained security policies, guidelines, and procedural documents to ensure regulatory compliance and alignment with industry standards.
- Led audits in compliance with ISO 27001, ISO 22301, and PCI DSS, serving as the primary point of contact for PCI DSS and ISO 27001 assessments.
- Engaged with auditors and business units to gather requirements and scope security initiatives, leading system audits, access reviews, application security assessments, and infrastructure audits to enforce IT security policies.
- Managed enterprise-level security implementations, including Endpoint Protection, DLP (Forcepoint), Vulnerability Management (Qualys), Web Proxy (Forcepoint), FIM (Tripwire), and SIEM (Splunk) to enhance security posture.
- Conducted gap assessments to identify non-compliant systems and initiated remediation actions to align with security compliance tools and frameworks.
- Executed operational security monitoring, analyzing and reporting security events from multiple SIEM and monitoring tools to detect and mitigate threats.
- Performed vulnerability assessments, documented findings, and collaborated with business units to implement remediation measures.
- Developed and maintained security awareness programs, covering various domains of Information Security and Risk Management to enhance organizational security culture.
- Provided technical expertise in responding to Customer RFIs/RFPs, ensuring compliance with security standards and best practices.
- Configured and administered physical security systems, ensuring secure access control and surveillance.
- Managed the configuration and administration of Hardware Security Modules (HSM) to ensure the protection of sensitive data and secure transactions.
Information Security Engineer
Petrolink Data Services Pvt Ltd
Kochi, Kerala
10.2015 - 11.2016
- Monitored and analyzed vulnerabilities based on CVE and CVSS scores, ensuring timely alerting and risk mitigation.
- Managed information security incidents, overseeing reporting, investigation, and resolution to ensure timely closure.
- Performed regular firmware reviews of network devices to maintain security compliance and system integrity.
- Led information security awareness sessions, conducted assessments, and ensured follow-ups for continuous security
- Executed vulnerability assessments and generated reports with remediation recommendations.
- Documented internal security procedures and guidelines, ensuring clear and up-to-date compliance frameworks.
- Validated software legitimacy and URL security, mitigating risks from unauthorized applications and malicious links.
- Performed suspicious email analysis, identifying phishing and potential security threats.
- Conducted logical access reconciliations, ensuring appropriate access controls and compliance.
- Monitored outbound emails using DLP tools, preventing data leaks and enforcing security policies.
- Created and documented security guidelines and knowledge transfer materials to standardize information security operations.
Information Security Analyst
Cognizant Technology Solutions
Chennai, Tamil Nadu
05.2014 - 10.2015
- Managed SOC operations in a 24x7 environment, ensuring continuous monitoring and incident response.
- Conducted security analysis and vulnerability assessments, generating reports with risk ratings and mitigation strategies.
- Developed QRadar SIEM detection rules,custom dashboards and reports for enhanced security monitoring.
- Monitored real-time security logs from firewalls, IDS/IPS, DAM, WAF, operating systems (Windows/Linux), proxy servers, web servers, and networking devices in the Security Operations Center (SOC).
- Responded to security incidents, analyzing logs, gathering evidence, and ensuring proper documentation and tracking as per guidelines.
- Assisted in certificate issuance and revocation using Comodo Certificate Manager for internal business units and clients
Programmer
Cognizant Technology Solutions
Coimbatore, Tamil Nadu
07.2013 - 05.2014
- Performed the daily monitoring of HTTP and SMTP data channels in the DLP tool and alerting of critical data leakages in a 24x7 environment
- Implement, Configure, Maintain, Fine Tune & Troubleshoot Websense Triton Data Leak Prevention (DLP) Solution
- Monitor the Health of DLP components and generate reports on a regular basis
- Create incidents on events of data leakages using Ticketing tool and proactively manage them to meet SLA's
Education
MBA - Information Systems
School Of Distance Education Bharathiar University
06.2017 - 07.2019
BCA - Computer Applications
Nehru Arts And Science College
07.2010 - 07.2013
Skills
- Governance Framework Implementation
- Regulatory Compliance Management
- Security Risk Assessment & Mitigation
- Security Policy Development & Enforcement
- Cloud Security
- Security Awareness & Training
- Business Continuity & Disaster Recovery Planning
- Data Classification & Information Protection
- Stakeholder Engagement & Cross-Functional Collaboration
- Vulnerability & Threat Management
- Audit Preparation & Coordination
- Security Metrics, Reporting & Continuous Monitoring
Certification
- ISO 27701 Lead Implementer
- Certified Information System Security Professional (CISSP)
- Certificate of Cloud Security Knowledge (CCSKv4)
- ISO 27001 Lead Implementer
- PCI Internal Security Assessor
- SANS AUD507:Auditing Systems,Applications and the Cloud
- PCI DSS Implementer
- BCI CBCI
- GDPR Foundation
- CyberArk Certified Trustee
- Thales Payshield 9000 Certified Systems Engineer
References
References available upon request.
Timeline
Senior GRC Specialist
Geidea Payment LLC
05.2024 - 02.2025
Information Security Officer
Ras Al Khaimah National Insurance Company
12.2020 - 04.2024
MBA - Information Systems
School Of Distance Education Bharathiar University
06.2017 - 07.2019
Information Security Operations Officer
Wirecard Processing FZ LLC
12.2016 - 10.2020
Information Security Engineer
Petrolink Data Services Pvt Ltd
10.2015 - 11.2016
Information Security Analyst
Cognizant Technology Solutions
05.2014 - 10.2015
Programmer
Cognizant Technology Solutions
07.2013 - 05.2014
BCA - Computer Applications
Nehru Arts And Science College
07.2010 - 07.2013
Similar Profiles
Alfredo PerezAlfredo Perez
Senior Business Development/Implementation Leader at Mi Plata Payment Solutions, LLCSenior Business Development/Implementation Leader at Mi Plata Payment Solutions, LLC
Naresh MarellaNaresh Marella
Acceptance Expert (BDM) at Tap Payment Services LLCAcceptance Expert (BDM) at Tap Payment Services LLC
Sara O'ConnorSara O'Connor
Machine Operator at Allison Payment Systems LLCMachine Operator at Allison Payment Systems LLC