Chief Information Security Officer
Current• Architected and built internal server and network infrastructure, including virtualized server infrastructure, storage area network, Microsoft Active Directory, and wireless network infrastructure• Developed identity and access management policy and governance for the entire organization• Developed and implemented an ISO 27001 compliant security program from inception to certification, ensuring alignment with organizational objectives and industry best practices.• Conducted comprehensive risk assessments and gap analyses to identify security vulnerabilities and establish prioritized remediation plans.• Created and documented security policies, procedures, and standards in accordance, tailored to the organization's specific needs and risk profile.• Established and maintained a robust information security management system (ISMS), including risk treatment plans, controls, and monitoring mechanisms.• Led cross-functional teams in implementing security controls and measures to mitigate identified risks, ensuring continuous improvement and compliance.• Conducted regular internal audits and reviews to assess the effectiveness of the security program, identify areas for improvement, and address non-conformities.• Facilitated external audits and certification assessments, liaising with auditors and stakeholders to demonstrate compliance with ISO 27001 requirements.• Provided ongoing training and awareness programs to educate employees on security policies, procedures, and best practices, fostering a culture of security awareness and accountability.• Implemented incident response and management procedures to effectively detect, respond to, and recover from security incidents and breaches.• Maintained documentation and evidence of compliance, ensuring readiness for audits and certification renewals.