Professional Documents
Culture Documents
CMN Security Manager
CMN Security Manager
CMN Security Manager
PROFILE SUMMARY:
Highly experienced and results-driven Chief Manager of Cyber Security with over 23 years of information
security expertise. Proven track record in penetration testing, red teaming, vulnerability assessment, and
team leadership. Seeking the opportunity to contribute my extensive knowledge and skills to ReBIT and
drive the organization's cyber security initiatives to the next level.
Seeking the Chief Manager of Cyber Security role to drive security initiatives and establish robust
cybersecurity policies and standards for the company and its affiliates, while ensuring compliance with
industry standards and regulations.
SUMMARY OF QUALIFICATIONS:
23+ years of comprehensive experience in information security.
Proficient in penetration testing, red teaming, vulnerability assessment, and exploitation.
Strong leadership skills with a track record of managing teams of 50+ professionals.
In-depth understanding of software security, infrastructure architecture, threat modeling, and risk
assessment methodologies.
Strong knowledge of industry best practices including OWASP, SANS Institute, ISACA, GAO,
FISCAM, NSA, NIST, and IETF.
Extensive expertise in cybersecurity architecture, risk management, and compliance.
Proven ability to define and implement enterprise security architecture to support business
strategies.
Strong knowledge of cybersecurity standards and frameworks (ISO27001, NIST, ISA/IEC 62443).
Experienced in evaluating and selecting security solutions and managing vendor relationships.
Excellent communication skills and the ability to collaborate with cross-functional teams.
Information Security Certification (CISA/CISM/CEH/CHFI/ISO27001/ISA/IEC 62443).
Project management expertise.
Bachelor's degree in Computer Science & Information Systems.
AREAS OF EXPERTISE
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Vulnerability Assessment Tools Enterprise Architecture Quality & HSE policies and
ICS Monitoring Solutions IT/Solution Architecture procedures.
Cybersecurity Frameworks Vendor Selection and After Action Reports(AAR)-
(NIST, IEC 62443) Management Disaster Recovery
Incident Response Planning Cloud Security Strong human relation skills to
Anomaly Detection Systems Compliance and Governance interface with management
Risk Management & Technical Evaluation and staff at all levels.
Compliance Communication and Catastrophic Response
Internal and External Reviews Collaboration Strategies
Off-Shore Team Management Evaluation and final approval of Compliance &Regulatory
Project Planning information security Requirements
Information Security Incident procurement SABSA-ZACHMAN, TOGAF
Response (ISIRT) Enterprise Security Governance /OSA/SOA
IT&OT Security Audit and Development and Maintenance /SOMF/DODAF/E2AF/COBIT
Assessment of Business Asset Management & IT
Process Design and Contingency/Disaster Recovery Infrastructure Coordination
implementation Plans Business Impact Analysis
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Conducted compliance testing of applications/systems against clients Information Security practices.
Ensured new applications are inducted into the data center after thorough pen testing and vulnerability
assessments.
Prioritized security vulnerabilities based on business impact and collaborate with the Security Operations team
to mitigate them.
Followed up on the closure of identified security gaps and escalate when necessary.
Defined relevant metrics for measuring security effectiveness and develop algorithms for quantification.
Defined and managed enterprise cybersecurity architecture for Corporate and its affiliates in multiple countries.
Developed strategy, goals, and objectives for a comprehensive cybersecurity training, education, and awareness
program, adapting to emerging technologies and risks.
Led the implementation of new security solutions and evaluate and shortlist vendors.
Provided technical expertise, roadmaps, principles, and standards for the Cyber Security Architecture strategic
roadmap.
Assessed controls related to emerging technologies and market trends in cybersecurity.
Collaborated with other Companies departments (IT/OT) to ensure alignment with cybersecurity policies and
standards.
Monitor, control, and enforce compliance with cybersecurity policies and standards.
Conducted thorough risk assessments of operational technology environments to identify cybersecurity threats,
vulnerabilities, and potential consequences to critical infrastructure and industrial processes.
Monitored and analyzed OT-specific cyber threats, vulnerabilities, and attack techniques through various threat
intelligence sources and industry-specific information sharing platforms.
Evaluated the security posture of OT assets, such as ICS devices and SCADA systems, to identify weaknesses and
potential entry points for cyber attackers.
Developed and recommended risk mitigation strategies and countermeasures to address identified
vulnerabilities and potential cyber threats in OT systems.
Ensured compliance with relevant cybersecurity standards and regulations specific to operational technology
environments, incorporating standards such as NIST SP 800-82 and IEC 62443.
Collaborated with incident response teams to develop and test incident response plans tailored to OT
environments, ensuring effective response to cybersecurity incidents.
Provided specialized cybersecurity training and awareness programs for OT personnel to enhance their
understanding of cybersecurity risks and best practices.
Evaluated the security design of OT systems and participated in the review of new OT projects to incorporate
security controls from the outset.
Assessed the cybersecurity posture of OT vendors and third-party partners, ensuring alignment with the
organization's security requirements.
Developed and presented regular cybersecurity risk reports to management and relevant stakeholders,
providing insights into the organization's OT security posture and risk exposure.
Defined, implemented, and monitored enterprise information security and risk management program.
Owned, developed, and delivered a risk-based plan and roadmap for threat and vulnerability management
services across corporate infrastructures, following a defense-in-depth strategy.
Assessed cyber security controls for IT/OT environments, evolved architectures to enhance defensibility, and
improved resilience against attacks.
Partnered with ITC stakeholders to identify and mitigate security threats aligned with business needs.
Evaluated OT cybersecurity requirements, coordinated solution designs, and communicated recommendations.
Developed and delivered comprehensive threat and vulnerability management reporting capabilities.
Conducted in-depth analysis of current threat activity and trends.
Communicated security control findings accurately and professionally to internal stakeholders and senior
management.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Presented information security services in a high-quality professional manner, ensuring cybersecurity
requirements and budgets were in place for operational security.
Prepared and maintained Cyber Incident Response plans, playbooks, and documentation.
Reviewed and analyzed the effectiveness of security control implementation.
Documented policies, processes, and procedures related to the threat and vulnerability management program.
Key Achievements:
Successfully established and implemented the Information Security strategy and program, ensuring compliance with
laws and regulations.
Led the development of a comprehensive cybersecurity training, education, and awareness program, significantly
improving the organization's security maturity.
Enhanced defensibility of IT/OT environments by evolving architectures and implementing effective security controls.
Developed and delivered threat and vulnerability management reporting capabilities, enabling informed decision-
making and proactive risk mitigation.
2010 TO 2017- Sr. Consultant (ICS / PCD Cyber Security &BCP) INDIAN CONSULTANCY
SERVICES LTD. (MIDDLE EAST& AFRICA)
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Define global information risk solutions and security, create information security management
systems.
Manage consultant teams and engineering security.
Lead Security Architect for Compliance projects and Major IT Governance Risk.
Organization of programs for ISO 27001.
Consulting in the areas of out sourcing (Managed/Shared Services, Managed security and BCP/DRP).
Leading the customer engagement for Data centre capacity planning, architecture, implementation,
optimization, virtualization, migration and Consolidation.
Network, Storage and Server consolidation feasibility study, application suitability assessment,
planning and implementation.
Infrastructure and application architecture assessment, design and implementation for high
availability, scalability, performance and security.
2008-2010 –SR. Solution Architect (Managed Security & IDC) BHARTI AIRTEL ENTERPRISE
SERVICES LTD
Planning, designing and implementation of secure, reliable, scalable and efficient IT infrastructure.
Infrastructure and application architecture assessment, design and implementation for high
availability, scalability, performance and security.
Network, Storage and Server consolidation feasibility study, application suitability assessment,
planning and implementation.
Building Partnership with Vendors & Industry Leaders to supply highest quality solutions.
Providing the best-fit (built to suit) DC& DR solution that is aligned with the current and future needs of
the Company at affordable price.
Data center capacity planning, architecture, implementation, Consolidation, optimization Virtualization
and migration.
Data center setup and Operational Capabilities Assessment.
Costing all phases of projects and Preparing BOM/BOQ
Conducting training for Presales and Sales team on DRP and other critical challenges of enterprise
customers.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Systems Architect for security project.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.