Experience

Noom Inc.

• United States
• Wellness and Fitness Services
• 100 - 200 Employee

• Director, Information Security

  • Jul 2021 - 2 years 6 months

  Washington, United States



Amazon

• Bangladesh
• Advertising Services
• 1 - 100 Employee

• Principal TPM (Information Security Payments)

  • Mar 2020 - Jul 2021

  Greater Seattle Area + Led security improvement initiatives across Amazon Payments. + Developed detective programs to uncover security risks in existing systems. + Developed proactive programs to enable teams to preserve trust for our customers.

• Senior Manager, IT Audit (Consumer Business)

  • Jan 2017 - Mar 2020

  Greater Seattle Area + Led, established and cultivated a strong working relationship with business, finance, IT, and Legal teams to advance the culture and effectiveness of risk management + Conducted risk assessments and determined audit priorities + Proactively identified business and strategic risks and guided management in the appropriate mitigation plans



Deloitte Canada

• Canada
• Management Consulting
• 100 - 200 Employee

• Senior Manager, Cyber Risk Services

  • Jul 2014 - Jan 2017

  Toronto, Canada Area + Primary responsibility was to lead consultant team in delivery of IT security strategy and advisory for clients in all sectors (specialization in Vulnerability Management)



Security Compass Inc.

• Director of Consulting

  • Feb 2013 - Jun 2014

  Toronto, Canada Area + Primary responsibility was to lead consultant team in delivery of IT security strategy and advisory for clients in all sectors such as healthcare, financial, education, utility, transportation and government + Collaborated with Practice Leads to establish goals, targets and opportunities in service delivery areas such as SDLC Advisory, Web & Mobile Application Security, Infrastructure Security and Cyber Security + Managed hiring, talent development, performance evaluation, compensation… Show more + Primary responsibility was to lead consultant team in delivery of IT security strategy and advisory for clients in all sectors such as healthcare, financial, education, utility, transportation and government + Collaborated with Practice Leads to establish goals, targets and opportunities in service delivery areas such as SDLC Advisory, Web & Mobile Application Security, Infrastructure Security and Cyber Security + Managed hiring, talent development, performance evaluation, compensation review of consultants + Managed consultant team utilization, forecasting, budgeting and billable percentage against annual targets + Reviewed and moderated improvements for risk management procedures of client service delivery + Reported directly to CEO and Managing Director

• Principal Consultant

  • Feb 2012 - Feb 2013

  Toronto, Canada Area + Primary responsibility was to lead assessment team and also perform fieldwork in vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, mobile application, wireless, host based configurations reviews, code reviews and physical security) + Developed web and mobile application security testing methodology for consistency of delivery by consultant team + Provided internal training sessions for… Show more + Primary responsibility was to lead assessment team and also perform fieldwork in vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, mobile application, wireless, host based configurations reviews, code reviews and physical security) + Developed web and mobile application security testing methodology for consistency of delivery by consultant team + Provided internal training sessions for talent development of junior/internship resources + Supported Sales Team with technical and service delivery approach information to potential clients + Developed proposal responses to public tender opportunities + Participated in code review tools and web scanning tools for Consultant Team



Deloitte & Touche, LLP

• United States
• Alternative Medicine

• Manager, Vulnerability Management

  • Sep 2008 - Jan 2012

  Toronto, Canada Area + Primary responsibility was to lead assessment team and also perform fieldwork in vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, mobile application, wireless, host based configurations reviews, code reviews and physical security) + Contributed to Deloitte’s Cyber Security service offering through training and methodology development + Reported directly to the National Practice Lead for… Show more + Primary responsibility was to lead assessment team and also perform fieldwork in vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, mobile application, wireless, host based configurations reviews, code reviews and physical security) + Contributed to Deloitte’s Cyber Security service offering through training and methodology development + Reported directly to the National Practice Lead for Vulnerability Management (Canada) + Developed proposal responses to public tender opportunities + Provided internal training sessions for talent development of junior resources and crossing selling with other service delivery teams at Deloitte (e.g. Consulting, Audit, etc.)

• Consultant / Senior Consultant

  • Feb 2006 - Aug 2008

  Toronto, Canada Area + Primary responsibility was to perform fieldwork for vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, wireless, host based configurations reviews, code reviews (OWASP, ISO1799), password quality, policy and compliance review (PIPEDA, HIPA) and physical security) + Performed other vulnerability management services such as various stages of incident response process and forensic, Payment Card… Show more + Primary responsibility was to perform fieldwork for vulnerability assessments and penetration tests (external & internal network; firewall rule review and network architecture reviews, web application, wireless, host based configurations reviews, code reviews (OWASP, ISO1799), password quality, policy and compliance review (PIPEDA, HIPA) and physical security) + Performed other vulnerability management services such as various stages of incident response process and forensic, Payment Card Industry (PCI) audit, development and implementation of a + Vulnerability Management program, Threat Risk Assessment, Cyber Security solutions and defense capability evaluation + Delivered training courses to client teams such as tool usage, security awareness and PCI related topics



Kasten Chase Applied Research

• United States
• Software Development

• Manager, Development

  • Mar 2005 - Dec 2005

  Mississauga, Canada Area + Primary responsibility was to lead team of senior and junior developers (both internal and third party development teams) in the product development of Assurency SecureData (SAN Disk and Tape encryption service for Windows and Unix systems) + Coordinated product release with QA Manager and Business development/strategy members for strategic release of features, tools, capabilities + Consulted with customers involved in product evaluation and pilot to facilitate the evolution of the… Show more + Primary responsibility was to lead team of senior and junior developers (both internal and third party development teams) in the product development of Assurency SecureData (SAN Disk and Tape encryption service for Windows and Unix systems) + Coordinated product release with QA Manager and Business development/strategy members for strategic release of features, tools, capabilities + Consulted with customers involved in product evaluation and pilot to facilitate the evolution of the product and contribute to future revisions of the product

• Software Developer / Team Lead

  • Apr 2002 - Feb 2005

  Mississauga, Canada Area + Primary responsibility was to coordinate, review and maintain delivery schedule for development team + Coordinated the composition and review of functional specification design documents throughout the development cycle + Participated in the submission of product components for FIPS 140-2 certification (Security Requirements for Cryptographic Modules) by NIST and Common Criteria evaluation + Developed and maintained application components using JBuilder and Visual Studio (J2SE, J2EE,… Show more + Primary responsibility was to coordinate, review and maintain delivery schedule for development team + Coordinated the composition and review of functional specification design documents throughout the development cycle + Participated in the submission of product components for FIPS 140-2 certification (Security Requirements for Cryptographic Modules) by NIST and Common Criteria evaluation + Developed and maintained application components using JBuilder and Visual Studio (J2SE, J2EE, C/C++, Visual Basic) + Participated in peer Java code reviews to ensure conformance to coding standards and Java coding best practices