As a Virtual Chief Information Security Officer (vCISO), I provide strategic leadership and guidance in cybersecurity to ensure alignment with business objectives and regulatory requirements. I develop and implement comprehensive risk management strategies, design and oversee robust security architectures, and ensure compliance with industry standards such as NDMO, PDPL, SAMA, ISO and PCI DSS. My role includes designing and implementing Security Operations Centers (SOC) to provide real-time monitoring, detection, and response to security threats. I manage third-party vendor security, conduct regular cybersecurity assessments and audits, and lead incident response planning and execution to minimize impact. Additionally, I deliver security awareness training to foster a security-conscious culture within the organization. I also manage cybersecurity budgets and resources, provide clear executive reporting, and continuously enhance security capabilities to address evolving threats.

In my role as Chief Information Security Officer (CISO), I have led my organization's cyber security efforts and successfully implemented a wide range of security initiatives. Notably, I established a highly effective Cyber Security Consulting domain and securing long-term projects with top clients in industries such as Telecom, Insurance, BPO, and System Integration.Within these projects for multiple clients, I played a crucial role in designing and implementing robust Security Strategy, Governance, and Risk Management frameworks, aligning them with industry standards such as NIST and ISO27001. Additionally, I spearheaded the establishment of a state-of-the-art Security Operations Center (SOC), equipped with cutting-edge technologies including SIEM, SOAR, CTM, XDR, IPS/IDS, and other security product dashboards.In addition to my technical accomplishments, I provided expert consultancy services in Compliance, Security Assessment, and Information Security Awareness sessions for a substantial workforce of over 5000 employees. I also took on the responsibility of governing critical projects, including CIS Control Implementation, ISO27001 and ISO27701 Implementation, XDR Deployment, Data Loss Prevention (DLP), Payment Card System (PCI), SAMA Compliance (KSA), HIPAA, ePHI Compliance, GDPR, CCPA Compliance, and Enterprise Risk Management (ERM).My expertise spans various domains, including cloud security, identity and access management (IAM), security operations, penetration testing, incident response, risk assessment, threat intelligence, network security, vulnerability management, cyber threat hunting, security information and event management (SIEM), endpoint security, as well as data privacy and protection.

• Drafting the Cyber Security strategy for Shared Services along with security program.• Formulating the Cyber Security roadmap to augment the security strategy and overall Technology& Strategy targets.• Participating and Conducting Security Risk Assessment of Infrastructure, Applications and Integrations and recommend mitigation plan to achieve the target state.• Working as an Advisor to infrastructure team for designing the architecture on Defendable Security to protect the organization crown jewels.• Optimization of Secure network setup and EUC hardening on CIS benchmark.• Patch & Vulnerability Management and application of compensating controls until the final remediation applied. • Auditing of existing privileged accesses and monitoring the use of authorized identities to specific systems only.• Handling the IDS/IPS systems of GSS and providing the services to customers.• Hardening of EUC Platform to protect the environment from malicious activities and intrusion from unauthorized access.

• Performed the role of E2E Manager to roll out the collection of IT Security projects from planning till close-out. Managed the vendors and teams simultaneously for better control and efficient project management. • Planning, Designing and implementation of IT Security policies & Processes (Network, Infrastructure, DB, End User Computing etc). Monitoring the compliance of policies and recommendation of corrective actions.• Designing of Enterprise Security Architecture based on SABSA framework. Identifying the contextual and conceptual points through effective interviewing and mapping those with objective to design effective KPI’s and KRI’s.• Designing and Planning of Cisco ISE with Authentication over Radius and TACACS for all users and devices. • Enforced endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network, including 802.1X environments. • Developed and implemented Security Policies, Procedures in line with international standards i.e. CIS, ISO 27001 (ISMS) and ISO 20000 (ITSM), business demands, business risks and senior management directives and prepared the organization for ISO 27001 (ISMS) certification.• Monitoring IT defense perimeter and scanning infrastructure and communicate security events and incidents to Global Computer Emergency Response Team personnel and/or management.• Creation of Incident response & handling procedure consisting of Detection & Analysis, Containment & Recovery and Post Incident Review guidelines along with Incident handling team structure.• Designed the architecture for HP ArcSight SIEM within Telenor Pakistan distributed on multiple security zones for efficient source communication.• Coordinating and conducting security event collection using log management tools, Log analysis, initiating event management and enhancing compliance automation.

* Working experience on Cisco Firewalls and infrastructure Core and Access Routers and Switches.* Prepared future transport network strategies, architecture development and network roadmaps for capacity building and strategic objective.* Auditing of Firewall access rules and implementing the controls to protect the environment.* Configuring the IPS/IDS for efficient security monitoring.* Enhancing the monitoring capabilities with implementation NMS and alerting.

• Lead the ISO27001:2005 implementation, performed gap analysis and document the relevant controls to bridge the gaps.• Plan, design and implement the Log Management solution and implement SIEM for SOC.• Made all IS policies and enforce them through the Operations team also performed governance with regular audits.• Performed a security impact analysis for each proposed change to the system’s configuration• Reviewed work instructions and operational procedures for compliance with security requirements and policy Interpret security principles and requirements for technical teams• Designed and implemented centralized service desk and its processes and practices. • Ensured measurement and reporting of key performance indicators. • Developed ITSM processes and documentation, procedure, policies, and metrics, on job training and communication. • Designed and implement Intrusion prevention, attacks mitigation and prevention both from inside and outside network and Apply multilayer network security strategy to mitigate both internal and external threats/attacks. • Worked as Program Manager to prioritize the projects to ensure the consistency according to business strategies and recruit the skilled project resources to complete the projects within Time, Scope and agreed constraints.