SUMMARY

• An experienced and certified Cybersecurity Architect with over 6 years of enterprise experience in Information Security, skilled professional in Cyber Risk management and Audit, vulnerability analysis and remediation, Penetration Testing, Cloud Security, Incidence Response, threat hunting and aligning Cyber Security Strategy with overall Business Objectives.
• me provide Network and Systems Security advisory while maintaining Confidentiality, Integrity and Availability of Information and Information - assets.

PROFESSIONAL EXPERIENCE

Confidential

Information Security Manager

Responsibilities:

• Assisted in building, aligning, and implementing Enterprise Security Architecture program
• Implemented data privacy security based on regulatory compliance and business objectives
• Performed security assessment and gap analysis by assessing compliance against security standards including PCIDSS, NIST Cybersecurity framework, ISO 27001, CIS controls, GDPR and SOC 2 audit
• Led and conducted Internal and External Vulnerability Assessment, Web application penetration tests, based on OWASP top 10 and automated business logic tests by leveraging tools like Qualysguard, Nessus and Kali Linux
• Led projects involving information security and cyber risk management
• Worked closely with DevOps and other internal teams to ensure security is embedded into every stage of teh SDLC by training on secure coding best practices and review application source codes for control flows and security flaws.
• Assists in teh development of Information security policies and procedures, cyber security strategies and frameworks based on industry standards
• Collaborate with PMO, Enterprise Risk to carry out security assessment and due diligence on 3rd party integrations.
• Collaborate with internal teams and work closely with external auditors to ensure SOC 2 controls, policies and processes are designed and implemented.
• Support a 24x7 Security Operation Center (SOC) environment dat includes respond to security alerts and performing real-time monitoring of security controls and IOCs
• Drove improvements on current risk assessment methodologies and implement new methodologies as required.
• Aggregate, monitor and investigate security/system logs for events and potential incidents based on defined IOCs
• Managed security incidents on QRadar SIEM using Incident response management plan.
• Perform detailed risk assessment and risk analysis using RSA Archer to reduce risk to an acceptable level
• Performed manual and automated security code reviews (SAST and DAST) using tools like ChekMarx and Postman

Confidential

Senior Analyst, Information Security & Cyber Risk

Responsibilities:

• Led Information Security projects from inception through implementation.
• Applied and built organization’s defense in-depth mechanism using teh Cyber Kill Chain methodology to perform vulnerability management and penetration testing of Internal and external applications including web services and mobile applications.
• Developed and periodically fine tune QRadar and Microsoft Sentinel SIEM use cases and alert rules
• Managed 3rd party risks, issues and remediation activities dat ensure compliance with IBSS control requirements and vendor recertification campaign
• Develop security metrics dat monitors key trends with respect to level of security compliance to best practices
• Improve efficiency using automation and orchestration solutions to reduce manual work dat can be automated.
• Drove best practices relating to security measures to mitigate risk
• Respond and managed all security threat notifications (Security incidents) by ensuring dat security incidents are mitigated by following teh incident management steps.
• Drove teh annual implementation of security audit certification process for PCIDSS, ISO 27001 and SOC 2 Audit
• Perform detailed risk assessment and risk analysis using RSA Archer to reduce risk to an acceptable level
• Interfacing with application, business analysts, architect and development teams to embed security requirements as part of teh SDLC methodology.
• Automated Windows server and network administration using PowerShell scripting, Psexec and Wmic tools
• Supported and managed various security tools including Forescout NAC, CrowdStrike EDR AV, Imperva WAF & PAM

Confidential

Network Security Analyst

Responsibilities:

• Triage information risk and perform remediation of vulnerabilities on teh Bank’s network, systems and applications
• Perform threat hunting and threat modelling using MITRE attack framework and other methodologies.
• Performed first level support by responding to and analyzing events/offenses generated by QRadar SIEM
• Managed and support enterprise Firewall in teh group office and UK subsidiary (Cisco ASA, Checkpoint, Palo Alto)
• Performed Vulnerability Management and Penetration Testing on Internal and External Assets (Identification, Analysis and Remediation)
• Perform periodic review of teh firewall rule-set and regular reviews of identity access management.
• Maintain awareness of current and emerging threats and actively stay abreast of current and developing technologies, risks, and security best practices.
• Performed manual and automated security code reviews (SAST and DAST) using tools like ChekMarx and Postman
• Managed Enterprise Endpoint Patch & Antivirus update using (SCCM/PDQ, McAfee e-PO, CrowdStrike EDR)
• Ensured dat web applications are benchmarked against defined security baseline before deployment to production
• Played key roles in teh Bank’s annual certification and compliance to three major information security standards (ISO 27001, PCIDSS and GDPR)
• Perform gap analysis and develop compliance roadmaps for required security standards PCI, SSAE 16 etc
• Collaborate in security specific awareness training for technology staff and vendors to ensure compliance with regulations and organization policy

Confidential

IT Security Officer/ Datacomm Analyst

Responsibilities:

• Monitored and tracked vulnerabilities dat exist within client network and work with Operations Group to remediate such vulnerabilities.
• Perform periodic risk assessments of key services and monitor remediation plans
• Drive best practices relating to security measures to mitigate risk
• Provided subject matter expertise on information technology security related projects.
• McAfee Endpoint Security management, ensuring continuous adherence to antivirus signature SLA by working with antivirus vendor/EUS team to update antivirus signature on systems dat has fallen outside of SLA.
• Conducted in-house security awareness programs to educate colleagues in other business units about cyber security so as to reduce teh risk of social engineering attack
• Responsible for establishing maintenance routine and timely response to customer’s technical problem and product related changes
• Perform periodic risk assessments and risk mitigation on key services and monitor remediation plans
• Provided consulting services & hands on support leading to ISO 27001, PCI-DSS, certification for clients.
• Facilitated Information Security Awareness and Business Continuity Training
• Achieved basic deployment automations by creating command-based batch packages for remote patch installations on end user systems
• Performed operational security activities including audits, system backups and recovery