Accomplished information security professional with extensive expertise in establishing Information Security Management Systems (ISMS) and managing cybersecurity risks. Proven track record in delivering comprehensive security training and awareness programs to end-users, developing robust security policies and procedures, and ensuring compliance with information security governance standards. Adept at conducting thorough information security audits and implementing ISO 27001 standard requirements. Skilled in maintaining adherence to UAE and KSA security regulations, standards, and best practices. Committed to enhancing organizational cybersecurity posture through strategic risk management and continuous improvement initiatives.
Overview
13
13
years of professional experience
3
3
years of post-secondary education
4
4
Certification
Work history
Assistant Manager - Security & Privacy Consulting
Protiviti Middle East Member Firm LLC
Dubai, UAE
10.2018 - Current
Executed end-to-end ISO 27001:2013 implementation and certification projects for clients in financial and technology sectors.
Established Data Management Framework for a client in technology sector, covering the data protection and security requirements across the data lifecycle.
Conducted logical access management process audit for a client in oil and gas sector.
Conducted extensive Risk Control Self Assessment (RCSA) for over 40 applications across various regions such as UAE, Egypt, India, London, USA for a client in banking sector.
Performed NESA UAE IA Standard based current state assessment, reviewed and updated the information security framework accordingly for a client in government sector.
Worked as a key member in a project to establish cybersecurity (CS) function for a client in technology sector. This project covered activities such as developing CS Operating Model, CS Strategy, CS Framework (including policies, standards, procedures etc.) and automation of GRC activities.
Led the CS Risk Management section for the above-mentioned client in technology sector as a seconded resource for 4 years. This included managing activities such as: 1. Review and update of CS risk management documentation. 2. Conduct annual CS risk assessment for business units. 3. Perform periodic reporting and monitoring activities. 4. Develop CS risk assessment toolkits. 5. Design, automate and operationalize CS risk management activities in RSA Archer. 6. Conduct CS risk assessment before any new product/application is published in production. 7. Develop a unified controls list (UCL) to map all the relevant and applicable security standards/regulations/best practices. 8. Address key audit and regulatory requirements related to CS risk. 9. Manage the daily operational activities of CS risk management. 10. Provide CS risk related inputs to other sections of the Cybersecurity function such as CS Governance, Technical Security and SOC Management, Data Privacy.
Developed technical and commercial proposals for the RFPs received on security and privacy project requirements.
Experienced in calculating the efforts and financial budget for each proposal.
Trained multiple interns and new resources of the department on the various client and business development activities.
Actively participated in business development activities including proposal development, conducting interviews for potential candidates, centralized security documentation repository creation etc.
Chosen by HR of the organization to take part in brainstorming skip-level discussions with higher management to discuss the areas of improvement, concerns and suggestions.
Information Security Analyst
Dunia Finance LLC
Dubai, UAE
04.2016 - 10.2018
Developed and reviewed information security framework, policies and procedures.
Performed periodic Risk Control Self Assessment (RCSA) covering the key information security domains, processes and information assets of the organization.
Identified the applicable security regulations to which the organization need to comply.
Reviewed the results of VA/PT and other technical security assessments to identify potential risks which need mitigation.
Performed periodic third-party security risk assessment on the key third-party service providers of the organization.
Addressed the security issues identified by Internal Audit in various audit engagements.
Conducted periodic physical visits to datacenters and branch offices to evaluate the environmental and physical security controls.
Performed periodic user access review on critical business and IT applications.
Assisted in developing the business requirements from a security standpoint for new application/system designing and deployment.
Assisted in evaluating a suitable cyber insurance provider for the organization.
Conducted classroom-based awareness sessions for employees and contractors on various security topics.
Published periodic security awareness posters to end-users covering important security insights.
Assisted in developing periodic Management reporting for Information Security Risk Management Committee, showcasing the milestones achieved, roadblocks and important security updates that need Management attention.
Devised strategies for timely response to detected security incidents, reduced potential damage significantly.
Improved the overall security posture of the organization by establishing a strong, effective and adaptable information security management system.
Application support analyst
Wipro Technologies
Chennai, India
06.2012 - 01.2015
Executed tasks adhering to documented procedures and processes for all activities.
Provided Level-1 support for the client's applications, covering customers in multiple regions of the globe such as USA, China, Singapore, India etc.
Addressed customer Level-1 tickets on application support in timely manner.
Scheduled upgrades and regular maintenance to maintain smooth workflow.
Liaised with customers on operations issues and requests, providing efficient support.
Managed critical application updates, ensuring minimal disruption during peak hours.
Investigated reported issues, leading to prompt resolution times.
Prioritised tasks effectively under high-pressure situations, maintaining service levels consistently.
Increased productivity by providing technical support on various applications.
Conducted thorough analysis of incident reports, aiding in future prevention strategies.
Increased customer satisfaction by resolving issues.
Education
Bachelor of Information System and Management -
The Madras University
Chennai/ India
06.2009 - 04.2012
Skills
Establishing Information Security Management System (ISMS)
Information security/cybersecurity risk management
Security training and awareness to end-users
Security policies and procedures
Information security governance
Information security compliance
Information security/cybersecurity audits
Implementation and maintenance of security regulations, standards and best practices of UAE and KSA
End-to-end implementation of ISO 27001 standard requirements
Languages
English
Fluent
Tamil
Native
Hindi
Intermediate
Arabic
Beginner
Affiliations
Reading
Canvas painting
Accomplishments
Received appreciation email communication from the client addressed to Protiviti management of my organization on my significant contribution to the project in establishing and enhancing their cybersecurity risk management function.
Awarded "iShine Award" by Protiviti in 2022 for the outstanding performance during the quarter.