Information Security Manager

• Dec 2021 - Present

Security Manager

• Jun 2019 - Nov 2021

• Drive & Govern the Technology Team requirements for maintaining PCI-DSS compliance for Finance Now• Take responsibility for the Technology Operational Risk framework.• Direct and approve the design of security systems• Trusted Advisor for disaster recovery and business continuity plans• Review and approve security policies, controls and cyber incident response planning.• Approve and oversee identity and access management (IAM) policies.• Understand the IT threat landscape for the industry.• Enforce the PCI-DSS Operational Event Calendar with assistance from Accountable Line Managers• Security Program Management of PCI-DSS workstream and security projects • Manage Finance Now’s security operations function utilizing both internal and external resource

IT Security Advisory Manager

• Jul 2017 - May 2019

APAR Technologies is a Staffing & Consulting company who provide staffing service to Group CIMB Bank in Malaysia. I was deputed in Group CIMB Bank which is the second largest bank in Malaysia with over 1200 branches in 18 counties. I was Leading the IT Security advisory team and act as subject matter expert on PCIDSS compliance for Group CIMB bank.• Manage Projects for CIMB Group on IT Security best practices, conduct risk assessment and evaluate systems to ensure compliance and audit requirements.• Responsible to prepare blueprints, policies and architecture design for implementation across Business, IT, DevSecOps and Operations areas to ensure data privacy and compliance.• Proactively educate Security best practices to working team and advocate for adoption of Security standards in Operational activities.• Act as subject matter expertise for data privacy and ensure data leak protection during architecture design, implement risk management standards, best practices and systems/processes to ensure information privacy/protection and classification.

Senior Manager Information Security

• Aug 2016 - Jun 2017

ETSS Management is a leading ICT Security consulting company in UAE where I was responsible to provide guidance to clients and delivery teams on IT Risk Management, Governance & compliance audit.• Responsible to conduct risk assessment, PCIDSS / PADSS Gap assessment and prepare remediation place to meet compliance requirements.• Responsible for procedures and controls to assure compliance with applicable regulatory, data privacy controls and legal requirements as well as good business practices.• Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures and data leakage.

Manager Security & technology Implementation

• Aug 2014 - Aug 2016

Risk Associates is an Information Security Consulting company with headquartered in Australia, providing services in GRC and Technology. I was responsible to develop information security roadmap, business cases and remediation plans for clients.•Develops information security roadmaps, business cases and remediation plans.•Contributes towards the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations, such as PCI DSS.•Designs and executes information security awareness training and educational activities.•Implements security solutions (infrastructure and/or application) including the design, configuration, development, testing and deployment of security-related technologies such as Security information & Event Monitoring (SIEM), Identity & Access Management, IDS/IPS, Data Loss Prevention, Digital Rights Management, Network Access Control and Payments Security technologies.•Supports the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable.•Conducts activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties.•Definition and development of security control designs including those required to support external regulations.

Manager IT & Infrastructure

• Feb 2010 - Aug 2014

Euronet Worldwide is a US provider of electronic payment services with headquartered in Leawood, Kansas. Euronet is a leader in global electronic transactions and payments and facilitate the payments between financial institutions, retailers, service providers and consumers. I worked as a member of Asia Pacific IT Steering Committee in Euronet Middle East & Pakistan.Manage and set priorities for the design maintenance, development and evaluation of all infrastructure systems, including LANs, WANs, Internet, Intranet, IT Security and Wireless communication. Responsible to maintain PCI-DSS, ISO 27001 and other Data Security & Business Continuity StandardsProvide planning, design, and implementation of IT Services and Project delivery to the customers.Design and implement short and long-term strategic plan to ensure infrastructure capacity meets existing and future requirement.Evaluate complex system's production readiness and supportability by identifying and resolving problems, risks, and issues, Coordinate and plan for future requirements.Provide input to Business plan to support future computing requirements including Modernization and/or upgrade of existing data center facilities.Provide technical support on business development and sales propositions.Conduct feasibility studies for various upgrade projects, improvements and other conversion.Develop, implement and maintain policies, procedure and associated training plans for infrastructure Administration and project management.Responsible to maintain the application, network and system capabilities and produce infrastructure designs that meet business requirements.Responsible to maintain the underlying practices that affects computing system performance and identifies potential systems improvements.Serves as a liaison between technical staff, management, users, and vendors regarding service requests, usage, standards, security, and other technical matters.

Manager Networks & Infrastructure

• Mar 2006 - Mar 2010

1LINK Limited is a National ATM & payment gateway of Pakistan with over 25 banks connected for payment gateway services. 1LINK is a consortium of major banks that own and operate the largest representative interbank network in Pakistan. Acts as a technical expert in matters relating to network design, administration and operation by maintaining broad and expert-level knowledge of networking technology Develop guidelines and upgrade techniques for new operational procedures for the support of databases, hardware systems, operating systems software, network systems software, and security and client-server systems. Development of detailed functional specifications prior to Network implementation Acts as counsel to the Manager Network Operations concerning the creation, implementation and enforcement of network-related operational policies, procedures and Project Management.  Troubleshoot issues and enforces the approved policies and procedures as necessary. Acts as project manager, in scoping, executing, reporting and gaining closure on projects in collaboration with stakeholders and other team members. Involvement in planning, designing, and implementing networked systems, including configuration, supporting/ troubleshooting network problems.