• Prepare security requirements as part Preliminary and Detailed solution architecture and present security controls in the Architecture Review Board and Change Management Board.• Developed IAM strategy, gap analysis, solution selection, and Proof of Concept.• Developed a holistic, agile, security roadmap for internet gateway moving it from one maturity level to another.• Lead the evaluation, selection, design and the implementation new security tools and evaluation of security controls of business solutions.• Support other teams across in remediation of security anomalies gaps and issues.• Prepared Privacy/Consent/Cookies security requirements and helped in solution deployment.

• Prepared Mobile, Web, and API Security Requirements, and assessed mobile/web through security code reviews, penetration testing.• Guided developers in application design and code review sessions to identify security risks.• Worked closely with (Solution Architects, Application Architects and Developers) to help identify and appropriately remedy software security and infrastructure vulnerabilities• Helped in creating security standards for application deployment on both private and public clouds and oversee the implementation of appropriate applications as per defined standards and frameworks• Prepared Security User Stories and prepared Penetration testing scope.• Prepared AWS Cloud Security and Resources security requirements (Serverless, appsync, GraphQL, etc…).• Led Security Advisory Board and evaluated technological changes that include Network changes, system changes, AWS configuration, etc..• Worked on Cloud security, Software Security, IAM, MFA, Internet App, API, etc…• Prepared maturity models for Privileged Accounts, IAM, MFA, etc..

• Designed a new overall DLP strategy for BMO. Introduced Business driven approach to DLP/Rules design and implementation. Introduced resolution for 75% of the DLP use cases. Improved end-to-end cycle of Event handling.• Provided support for the Governance of the Bank information security initiative (DLP, CDN/Akami, FW, Proxy, and Cloud).• Designed and Managed Exception process to Information security policy using Archer.• Added functionalities and re-structured CDN - Akamai policies.• Prepared Rule base optimization of all FW metrics. Reviewed FW governance policies, and optimized FW Rule change process.• Managed a group of eight people, and led Forum meetings attended by C-level staff.

• Conducted FFIEC and OSFI cyber security self-assessment and followed up on controls implementation.• Served as a focal point for advisory on Information Security topics and others to meet and maintain compliance with internal audit, and regulators (OSFI, FFIEC, GLBA, PIPEDA and PCI).• Assessed Service provider’s Security for all outsourced activities by conducting Service, Information Security, and Vendor’s Continuity Risk Assessment.• Evaluated Service Provider’s reports such as: SOC1, SOC2 Type I and II, and VAPT.• Provided support for implementation and monitoring of the Bank information security initiative (APT, IDS/IPS, Proxy, URL filtering, DMARC, Mobile Device Management -MDM, DLP, DDoS, etc.…).• Conducted vulnerability scans and penetration tests (internal and external) and advised IT team on remediation of vulnerabilities.• Prepared scope of Work (services), and evaluated DDoS service providers’ proposals.• Communicated bank’s information security stance, including compliance issues, risk and incidents to senior management.• Delivered cyber security training to the bank employees.• Prepared BOD committee’s presentations, and supporting documents.

• Conduct research and analysis that will contributed to the planning, design, development, implementation and support of the Risk Management and Cyber Security programs.• Provide specialized advice on Cyber Security issues affecting the organization such as: (1) Identify potential exposures, (2) Conduct reviews to ensure that undesirable effects are detected, corrected and/or mitigated, (3) Provide consultation assessed high-profile projects for Cyber Security Risks, identify potential exposures, and present recommendations that are practical, realistic, and achievable.• Implemented risk management framework (CRAMM) and other information security frameworks, principles, methodologies, standards and practices.• Conduct research to aid in the threat risk assessment / privacy impact assessment of company operations, projects, and IT systems and Information Assets.• Review on regular basis enterprise IT controls and procedures, and recommend measures to eliminate or mitigate risks and weaknesses.• Provide consultation to internal stakeholders and project managers, consistently determined to ensure that adherence to security/risk management policies and procedures is built into project deliverables.

• Prepared project documents (e.g., business case, feasibility study, detailed budget submission, briefing notes, executive summaries) and utilizing project management tools for planning and implementing complex projects and/or packages.• Managed 3rd party security solution providers, conducted / supported IT investigations and breaches (forensics, log analysis), worked with law enforcement and/or regulatory bodies, supervised and coached internal business and technical team members• Provided advise on emerging architectures, technologies or products such as government services reference models, business intelligence/data warehousing, e-service, quality assurance tools, and enterprise content management. • Executed projects in Business Intelligence/Data warehousing modeling, and implementation, e-service design, Content Management and archiving.• Supervised staff and contracted resources, reported work assignment progress against budget and assessed performance on a project basis,• Participated in security committee and developed procedures and policies for e-mail usage, internet usage, user creation/deletion, security controls, and disaster recovery,• Deployed URL filtering -Websense- as an attack countermeasure on Web browsing to minimize security threats,• Configured Switches and Routers, Windows Servers, Unix Solaris, Security threat and attack resolution, • Managed project in all stages (Business case, Planning, …., Commissioning) of complex business strategy and information management projects, costing resources and critical path identification in large, diversified environment, and experienced in using MS Project software.