As the Head of Information Security, my primary responsibility is to safeguard the organization's data, systems, and networks against cyber threats while ensuring adherence to security standards. Some key responsibilities include:Strategic Leadership: Devising and executing the information security strategy in alignment with business objectives.Risk Management: Identifying, evaluating, and mitigating potential security risks and vulnerabilities across various systems.Security Policies and Procedures: Creating and enforcing security standards and protocols to maintain a secure environment.Compliance and Governance: Ensuring full compliance with ISO 27001 standard.Incident Response: Taking charge of incident response and recovery efforts in the event of security breaches.Security Awareness: Advocating security awareness programs and employee training to cultivate a security-conscious culture.Vendor Management: Supervising security assessments and fostering relationships with external vendors and partners.Security Architecture: Establishing and preserving a robust security architecture, encompassing network security and access controls.Security Operations Center (SOC): Establishing and overseeing SOC operations to detect, analyze, and prevent cyber incidents.Technical Vulnerability Management: Supervising the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities within the organization's systems.Team Management: Leading and guiding a team of information security professionals while offering direction and support.

As the Senior Director of Information Security at Afiniti, I hold responsibility for overseeing the company's global information security strategy, governance, and operations in regions such as US, EU, UK, Turkey, Korea, Pakistan etc. Afiniti specializes in providing AI and behavioral pairing solutions that optimize customer and employee interactions.My journey with the company began as an individual contributor, but as Afiniti evolved, I proactively expanded my sphere of influence to encompass various critical functions, including L1, L2, L3, SOC, Architecture & Design, Internal Threat Management, and red team activities, among others. Alongside this growth, I actively engaged in defining the budget and aligning organizational goals with departmental objectives, fostering a cohesive and strategic approach to security and risk management.Throughout my tenure at Afiniti, I have consistently sought out opportunities for personal and professional development, demonstrating unwavering dedication to enhancing the organization's security posture and overall success.

In 2019, I was entrusted with the responsibility of establishing and overseeing a team dedicated to SIEM & Security Operations Center. This role provided me with valuable opportunities to develop essential leadership skills, including team building, decision making, time management, conflict resolution, delegation, communication, and strategic thinking. My efforts were geared towards reducing the organization's risk exposure by effectively leveraging the potential of people, processes, and technologies.

In 2018, I became part of the Afiniti team as a Manager, and through continuous efforts and achievements, I progressed steadily, receiving multiple promotions that eventually led me to the esteemed position of Senior Director. At the beginning of my journey, my responsibilities centered on individual contributions, with a specific focus on various essential security aspects, including SIEM, vulnerability assessment, penetration testing, internal audits, PAM, FIM, and more.

During my brief tenure at Cure MD, my primary focus was on ensuring the organization's compliance with ISO 27001 standards.

During my tenure as a Senior Manager, I successfully assembled a skilled team capable of delivering services both internally and to global clients in regions like the USA, Australia, and the UAE. Our services catered to a diverse range of industries, including IT & Telecom, Banking, Fintech, HR, and more.The services provided by my team covered a wide spectrum of essential areas, some of which are as follows:• SIEM deployment & Management• Vulnerability Assessments & Management• Penetration testing• ITIL• PCI DSS compliance• ISO 27001 compliance• ISMS Gap Analysis• Information Security Internal Audits• Review Risk Assessment• SOA (Statement of Applicability)Alongside these, we addressed various other critical aspects, ensuring our clients received comprehensive and top-notch information security solutions.

My main responsibilities included the following:Compliance:• Conducting internal audits for ISO 27001 ISMS, SSAE-16, and ISO 9001 QMS standards.• Coordinating with External Audit teams for ISMS, SSAE-16, and QMS re-certification and surveillance audits.• Performing Gap Analysis to compare defined practices with implemented ones.• Overhauling policies, procedures, and guidelines for the organization.• Reviewing and updating Business Impact Analysis.• Supervising and coordinating Risk Assessment for Security and Privacy Risks.• Reviewing and updating Capacity Planning.• Coordinating and executing Disaster Recovery steps as per the plan.• Delivering ISMS, SSAE-16, and QMS trainings.As a consultant, my primary responsibilities involved developing and reviewing the following high-level and DLP processes in line with ISO 20000, along with their KPIs:• IT Change Management• IT Configuration Management• IT Demand Management• IT Incident Management• IT Problem Management• IT Release and Deployment Management• IT Service Catalogue Management• IT Service Introduction• Information Asset Management• Release Management• Risk ManagementTechnical:• Coordinating Vulnerability Assessments for Servers, Network Devices, and Applications.• Coordinating Penetration Testing for Servers, Network Devices, and Applications.• Technically deploying, implementing, and maintaining IBM Qradar, Guardium, and Appscan.• Handling Incident Management/Analysis.

As part of my major responsibilities, I was tasked with:• Conducting internal audits for ISO 27001 ISMS and ISO 9001 QMS standards.• Coordinating with External Audit teams during ISMS re-certification and surveillance audits.• Performing Vulnerability Assessments for Servers, Network Devices, and Applications.• Conducting Penetration Testing for Servers, Network Devices, and Applications.• Managing Incident Management and Analysis.• Performing Gap Analysis between defined and implemented Practices.• Reviewing and enhancing Security architecture, Policies, Procedures, and Guidelines for the organization.• Reviewing and updating Business Impact Analysis.• Overseeing and coordinating Risk Assessment for Security and Privacy Risks.• Reviewing and updating Capacity Planning.• Coordinating and executing Disaster Recovery steps as per the plan.

Throughout my tenure as an IS-Engineer, I have been primarily responsible for the following key tasks:• Implementing ISO/IEC 27001 standard.• Planning and administering the IT Security program.• Developing Security architecture, Policies, Procedures, Standards, and Guidelines tailored to the organization's needs.• Overseeing and coordinating Risk Assessment for Security and Privacy Risks.• Facilitating the development of system security contingency plans and disaster recovery strategies.• Conducting Penetration testing and Information Security analysis.• Ensuring the overall security of Systems and Networks, including the configuration of Security devices.