Building a great.technical.team - Responsible for Security Engineering Services covering secure code review, software supply chain / composition analysis, secure code training / awareness, penetration testing, Also delivered building technical capabilities for Security tools to automate & integrated with CICD pipeline. Building capability across Australia / NZ and maintain service coverage while maintaining quality through adoption of low cost service centres. Passionate about 'how to scale services' via various delivery frameworks(Agile, waterfall) to retain coverage & quality while maintaining low touch point. Experience in delivering multi million dollars projects and BAU services simultaneously.

Responsible for managing a large portfolio that consist of security architects & risk analysts. Responsible for day to day line management and providing prioritization for a large group of squad aligned with various Technology Domain . Enabled the team to grow both in onshore and offshore while maintaining high quality. Some of the key responsibilities includes demand management, recruitment, cost recoveries, oversight on managed service, delivery of Strategy (DevSecOps), governance over technical control & oversight. Helped business & technology projects to complete on time . Participated in various planning exercise to reducing security cost -> risk reduction -> threat reduction.

• Provide portfolio leadership for the security and technology risk change initiative delivery• Acting as a point of escalation to provide consistent, specialist information security (IS) and technology risk expertise to :o Provide guidance, interpretation and ensure application of relevant IS policies and standardso Enable an informed understanding of the effectiveness of IS controls in mitigating risk o Approve the recommendations for processes and technology with an informed view of risk and available options and by analysing impacts of all design optionso Embed appropriate architecture and standards based security patterns into designs to facilitate repeatable, consistent and secure solutions.o Ensure traceability of security requirements in final solution designs and that these are appropriate to address risk.o Facilitate and provide guidance to stakeholders on the alignment of solution design to the enterprise security architecture framework and methodology.• Develop and lead a highly engaged team focused on success and the effective implementation of security for projects. Build the professional capability of the team.• Represent ISO at quality events (or delegate). Deliver / lead process improvement initiatives.• Manage platform delivery for allocated platforms. E.g. Payments platforms

• Providing consistent, specialist information security and technology risk advice • Support change initiatives to interpret and apply IS policy, standards and frameworks to secure solutions.• Facilitate and provide guidance to stakeholders on the alignment of solution design to the enterprise security architecture framework and methodology.• Contribute to solution designs that meet required service levels, quality, requirements and compliance expectations, taking into account multiple organisational, environmental, functional and non-functional constraints.• Ensure traceability of security requirements in final solution designs and that these are appropriate to address risk.• Utilise specialist knowledge and expertise to identify and resolve complex solution gaps by developing IS design enhancements or workarounds• Capture technology and security exposures and controls associated with the initiative and identify any residual exposures and work with initiatives to identify required treatments.• Take a ‘no surprises’ approach to identifying and managing risks and issues.• Deliver / lead process improvement initiatives.• Support projects with TDM, ISEN, cloud assessments, COAT activities.

• Vendor security assessment including contract review, logical and physical security review• Regulatory and compliance review for APRA, PCI-DSS, Privacy, Offshore/outsourcing, FFIEC (US), • Penetration testing and vulnerabilities life cycle management• Leading complex and challenging IT risk for project life cycle management i,e; cloud, mobile, online payments, scheme regulatory changes to name a few areas• Business and IT stakeholder management both in onshore and offshore

Worked for one of the Australian big fours in consulting capacity• Annual control testing for a division• User access management audit remediation for a application (16000+ users)• Conduct Information Technology risk assessment for various projects• Developing and maintaining strong relationships with existing and potential clients• Providing insight into our client's businesses using innovative approaches to addressing IT Security risks

• User access compliance currency and SME for identity and access management covering a range of operating system, database and directory services. • Manage the lifecycle of external and internal audit and vulnerabilities remediation.• Project Application Risk assessment.• Conduct research on security architecture and make recommendations for strategy.• Coaching and mentoring junior IT Security team members through an established coaching program• Provide advice to projects (end to end) on information security practices and standards following SDLC or agile methodologies.

• Overall responsibility as system manager of post’s LAN and other non-High secure office systems;• Administer and maintenance of user accounts Mange and administer Access Control List (ACL) and Distribution List through Lotus Notes. • Monitor daily scheduled tasks through Big Brother(BB), Multi Router Traffic Grapher (MRTG)• Provide Level 1 and 2 support, install and troubleshoot corporate Australian Government approved packages (SAP, IRIS, TARDIS, Citrix and others) • Work as a local administrator of the PABX system including bill printing, recovery of private calls from the users