● Managing customer expectaions with regards to Cyber Security. ● Ensure compliance with regulatory and legal requirements related to cybersecurity. ● Complying to ISO 27001 framework & GDPR. ● Ensuring compliance to Cyber Security policies & procedures. ● Conducting risk assessments to identify vulnerabilities and threats to the organization. ● Implement and oversee a risk management program to mitigate cyber risks. ● Assessing OT Cyber Security and providing recommendations. ● Assess and manage security risks associated with vendors and partners. ● Working with customer on GRC Framework & tool implementation. ● Managing a team of Cyber Security engineers. ● Day to day operations of network security devices. ● Managing PKI for internal & external certificate management. ● Managing End point, Identity Access, Cloud security. ● Overseeing efficiency of SOC activities & continuous improvement. ● Managing VA scanning & closure of vulnerabilities. ● Managing external PT exercise conducted by our teams & third party. ● Assisst customer with Red & Blue team exercise. ● Work with customer to build IR process & capabilities. ● Consistently working on improvements & automation of existing operational tasks. ● Automation of Cert Management, FW rule optimisation, auto-ticket remediation etc. ● Corodinating with OEMs to ensure smooth operations. ● Following Incident, Change, Problem management as per ITIL process.

● Ensuring cyber security compliance for the Qatar SMART Nation program and all its Use Cases. ● Entire Cyber Security for FIFA World cup 2022 Real Time Crowd Management Use Case. ● Cyber security for other Smart City Use Cases like Smart Parking, Digital Twin. ● Cloud & IOT security for the one of the biggest MS Azure implementations in GCC region. ● Ensuring compliance for International and Regional IS & Privacy standards for Cloud & IOT. ● Managing Information Security Operations, Risk Management, people & vendor management for Qatar Smart Program (known as TASMU), an initiative to make the country smart in multiple areas by 2030 by using MS Azure Cloud Platform, one of the biggest and ambitious program by the QATAR Government till date in the Digital space. ● Ensuring security for IOT end-points for various Use cases like SMART City, Digital Twin etc. ● Building and managing the SOC Operations for Qatar Smart Program, one of the biggest and advanced SOC in the country with complete automation using Azure Sentinel, Cloud AI features, threat hunting platform, IR and MDR capabilities. ● Ensuring data governance for Azure data lake integrations by data classification & applying principles of data security & privacy. ● Managing all aspects of MS Azure Cloud Security, MS 365, D365 and Azure DevOps Security. ● Working on new Security projects like PKI, VA/PT, Security Architecture reviews. ● Security testing for the mobile apps, cloud platform and the entire ecosystem. ● Ensuing Security & Compliance for new Smart Use Cases for various ministries in Qatar. ● Managing Qatar Airways (biggest Airline of the world) SOC (Biggest in Qatar) running on LogRhythm as an additional responsibility. ● Managing two biggest SOC in QATAR for Ooredoo (Azure Sentinel) and Qatar Airways (LogRythm).

● Meeting the expectations of the Board & Senior Management by developing Information Security Strategy and managing Cyber Security Operations for the bank. ● Detecting & responding to new threats, IT Risk Management, Project Management, People/Vendor management, annual IS budget planning & spend, ensuring regulatory requirements are met, managing Internal, External & Regulatory Audits. My team’s day-to-day activities: ● Developed enterprise IT Risk strategy that consists of strategically integrated elements of NIST risk management and Cybersecurity frameworks, SANS Critical Controls, ISO 27001/27002, PCI DSS, GDPR & other Regional standards like NIA, FIFA World Cup Cyber Security Framework 2022. ● Design and manage the entire Lifecycle IT Risk management by continuous Risk Assessments, Risk Mitigation, Reporting & managing the residual risk. ● Revamping the traditional SOC to Managed Detection & Response Center. ● Managing day to day Cyber Security Operations. ● Continuous Risk Assessments of all the critical IT Applications and Infrastructure. ● Ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization. ● IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements. ● Ensuring Data Privacy by implementation of National Data Privacy laws, GDPR. ● Managing the Information Security Budgeting every year in alignment with the IS Strategy & Bank’s Vision. ● Ensuring Bank’s Information Security Compliance across different regions/countries. ● Working closely with Regulatory audit bodies like Central Banks & CERT teams. ● Collaborate with Regional CISO’s to keep abreast of any changing trends. ● Participating in Cyber Drills every year conducted by Country’s CERT team across all industries. ● Information Security metrics to depict the IS posture of the bank to Management and the Board. ● Ensuring Security compliance in the Change Lifecycle Management. ● Incident Response procedures and metrics. ● Creation and deployment of Security Awareness Program. ● Working on the Blue team & Red team model for continuous enhancement of the Information Security Gap Assessment which covers the entire IT landscape. ● Third part RA’s, Vendor & People Management. Projects successfully implemented in my tenure: ● Migrating applications & IT Infra components to cloud ● PCI DSS Certification, first bank in Qatar ● ISO 27001 ● Security Compliance on Cloud Projects like Microsoft Azure, Oracle. ● Completed end-to-end security assessments for projects like Core Banking upgrade, Internet Banking migration, payment applications, Card & Pin printing Solution, Trading apps & E-Wallet ● Identity Access & Privilege Access Management ● Governance, Risk & Compliance solution ● Anti-Malware/APT prevention at Web, Email & EDR ● Volumetric & Application DDOS protection ● Implementation of Anti Phishing solution for email & Web ● GDPR & National Privacy law Compliance ● Qatar National Information Assurance Policy & Cyber Security Framework 2022 Compliance ● Data Classification and DLP for Email, Web & Endpoints ● Privilege ID management – Covered all critical applications, Databases and Network Devices. Password Management, Session recording, approval workflows, Integration of UNIX Environments with Active Directory. ● Identity & Access Management – User Access Governance & Provisioning for critical applications ● Revamping the traditional MSSP in to Managed Detection Response Center ● Designing Cryptographic controls policy for the bank ● App Security testing & Compromise Assessments on the IT infrastructure

Managing a team of Information Security professionals and solely responsible for the Information Security posture of the company by constantly sensitizing the top management on the critical issues. Some achievements in my tenure: ● Implemented Data Loss Prevention project for network and endpoints. ● Ethical Hacking assessment to test the robustness of the network & systems. ● Implementing end point security solution to manage end points centrally. ● Security Architecture review. ● Designing the preparedness of IT systems for cloud computing. ● Security baseline for BYOD & Mobile applications. ● ISO 27001 Gap Analysis. ● PCI DSS assessment. ● SOX Compliance review. ● Creating the Application Security Assessment guidelines. ● Implementing IT GRC Solution using IBM OpenPages. ● Implemented RSA Envision for security incident & event monitoring.

● Responsible for delivering high end IT security and compliance solutions to clients across all verticals like BFSI, Telco’s, IT companies, Public Sector companies. ● Mostly we focused on the BFSI segment. ● We did evaluation of different solutions for the clients, audits & assessments, fixing of the gaps found, detailed documentations for compliance, pre-RFP preparation. Some Achievements in my tenure: ● Did complete ISMS readiness for a financial services company & others across Asia. ● Designed security architecture for one of the biggest oil companies in India. ● Did complete Security Architecture review for a multinational BPO. ● Did multiple assessments for VA/PT, ISO 27001 across domains like BFSI, Telecom, Manufacturing, BPO. ● Worked on Arbor DDOS solution, which was a hosted solution from Telco’s for corporates. ● Consulting on DR for datacenter for a large BPO company in India ● Did BCP for a BFSI from a risk-based approach. ● Did the review of the risk management framework for one of the biggest automobile company of the world for its India division. ● Managed projects for one of India’s largest Telecom company involving very high-end customized security solutions.

● Managed a team of security analysts and project leads working in designing, implementing and operating Vulnerability Management & Security log monitoring for the bank worldwide.

● Responsible for managing a team handling the Information Security Management System (ISMS) for Aricent worldwide.

● Responsible for all the Information Security operations and projects across GE Money India.

● Providing support for implementing, troubleshooting and supporting high-end Enterprise/Mid-Range/SOHO level Firewall VPN Security Solutions for WATCHGUARD®, USA.