Newmarket, Ontario, Canada
Enthusiastic Cybersecurity Leader with extensive experience in the areas of Enterprise Information Security, Risk Management, Compliance, Security Operations and Security Architecture. Having worked in a variety of Industries like Oil and Gas, Automotive and Healthcare, I have had the opportunity and pleasure to help many Organizations improve their Security Posture by taking a cost-efficient, risk-focused approach in their strategic goals.
Supporting Governance, Risk and Compliance initiatives.
Supporting the Executive Team in implementing cost-effective, risk mitigation strategies.
• Provided line management leadership and strategic direction on related governance functions such as Information Security, Risk Management, IT and Compliance • Managed the development and implementation of IT security policies, procedures and guidelines according to the industry standard ISO 27001/27002. • Developed IT security strategies to prevent cyber-attacks, to identify threats and vulnerabilities and to mitigate control gaps
As an independent Consultant I have conducted Enterprise IT Security Threat Risk Assessment, Vulnerability Assessment and Penetration Testing to a multitude of customers in different sectors. I have provided risk mitigation strategies to organizations bringing their cyber risks to acceptable levels. I help organizations to measure compliance with privacy, cybersecurity legal and regulatory requirements, policies and industry standards. My role involves organization Bench-marking, maturity ratings, risk matrix charts and risk maps. I also provide recommendations on cybersecurity controls and remediation plans, helping to develop future state security roadmap.
• Managed a team of information security professionals to provide security risk management, consultations, compliance attestation, vulnerability management, architecture services and incident management • Participated in several committees related to Governance, Risk and Compliance • Led the identity and access management strategy for numerous projects that include cloud solutions, multi factor authentication and provincial identity providers • Secured online and mobile applications by providing security guidelines throughout the entire software lifecycle • Implemented information security controls to prevent attacks to Company’s assets, online applications and web sites • Supported third parties' consultants to conduct annual financial audits • Improved the information security program by creating and reporting on key performance indicators and by implementing a robust risk management process • Reviewed audits, risk analysis and security assessments to ensure compliance with the organization policies, current legislation and to improve IT security processes • Supported procurement processes (RFPs) by providing information security input • Ensured security and organizational compliance with current privacy legislation and regulations like PHIPA, PIPEDA, FIPPA and AODA • Acted as the security manager and primary point of contact for security breaches, investigations and incident management • Collaborated with the Architecture and IT Operations teams to translate security controls into architecture and design strategies • Provided training to all employees on a variety of topics related to information security
• Led the Information Security Architect and Risk Analyst to achieve department objective • Reviewed IT operational processes to conduct gap analysis, identify potential risks or security concerns and to recommend information security controls • Provided incident response management, technical control selection advice, risk assessment services, penetration testing and vulnerability management • Collaborated with a team of enterprise information security analysts to create and document enterprise wide security policies, processes and guidelines • Promoted security awareness and good data protection practices to safeguard organization’s assets • Liaised with consultants and vendors to accomplish assurance activities and to assess existing and proposed applications and projects • Reviewed proposals and detailed technical design documents to ensure compliance towards enterprise security standards • Collaborated with infrastructure and architecture teams when analyzing security solutions for web and mobile applications • Conducted threat risk assessments (TRAs) following industry standards like ISO 27001/27002 and created mitigation plans to address discovered risks • Helped in the design and implementation of an enterprise risk register solution
• Reviewed proposals and detailed technical design documents to ensure compliance towards enterprise security standards • Collaborated with infrastructure and architecture teams when analyzing security solutions for web and mobile applications • Conducted threat risk assessments (TRAs) and created mitigation plans in order to provide actionable guidance to upper management • Promoted security awareness and good data protection practices to safeguard organization’s assets
• Provided Tier 3 support to more than 1000 customers including Fortune 500 Companies, Banks and The Canadian Government • Maintained and configured lab equipment to reproduce customer’s problems • Kept abreast of new technologies and trends by certifying with different vendors • Trained and mentored new employees • Configured networking equipment including Switches, Routers, Firewalls, Load Balancers and WAN Accelerators from different vendors • Worked in the Business-to-Business Project to exchange information with Cisco • Created and Implemented a Wan Accelerator model using Juniper equipment