Member from the Oceania region. As member, I support ISACA by providing advice around the development and delivery of content designed to serve the needs of ISACA’s constituents, in the privacy profession and those aspiring to join the profession

Developing and maintaining comprehensive information security policies, procedures, and standards to ensure alignment with VPDSS, Essential 8, ISO 27001, IEC62443 and ISM.Supporting the implementation of key security technologies such as CASB, DLP, and EDR to enhance the organisation's security postureDeveloped and maintained comprehensive information security policies, procedures, and standards aligned with industry frameworks. Led penetration testing and cyber awareness programs, phishing simulation exercises, incident response simulations, and maintained a document management system. Developed and executed communication plans and metrics dashboards. Supported the implementation of security technologies to enhance security posture.

Solution specialist for – GRC, Third Party Risk Management, Privacy Management , Enterprise Policy, Privacy Notice and ESG management modulesPresent OneTrust product presentation and conduct demo to CxO, Senior Management and key decision makers.Respond to RFIs, RFPs and product queries from sales prospectsPartner with sales specialist teams in qualifying sales prospects, support sales team throughout the sales cycleImplementation of OneTrust solution, activities included – kick-off, requirements workshops, product configuration, support system integration, support user acceptance testing and deploymentDocumentation of Statement of Work, scope statements, requirements, deployment checklists and training materials

Review IT standards, policies and procedures and identify improvements.Develop plans and questionnaires for assessing IT security controls, Third Party Risk Assessments.Established audit universe and conducted assessments based on IT standards, policies and ISO 27001 requirements.Track and monitor gaps, remediation plans and risks identified through control assessments.Review IT exception requests, related IT risks and track corrective actions.Developed IT KPIs and established IT Dashboard for monitoring IT security, IT operations and IT Finance.Assist in planning and implementation of ISO 27001 certification for the organization.Develop, review and rollout training materials for cybersecurity awareness programs.Liaise with stakeholders on internal and external audit requirements.Monitor and respond to IT risk and compliance related requests, tickets in Service Now assigned to APAC region.

o Perform gap assessments against the Governance, Risk and Compliance frameworks, EHS requirements, Clinical Governance frameworks.o Discuss and suggest appropriate process frameworkso Conduct process workshopso Develop As-Is and To-Be workflowo Create user personas, use case diagrams, story boards to elicit and validate requirementso Create Business Requirements Specifications, System Requirement Specificationo Plan, coordinate and implement Governance, Risk and Compliance (GRC) software solution deliveryo Create project plan including project schedule, resource plan, risk plan, communication plan, quality plan, acceptance plan etc.,o Conduct project progress meeting (internal and external)o Prepare weekly and month project progress reportso Monitor SLA and project commitmentso Manage deliverables qualityo Involve in presales activities, drafting proposals and respond to tendersConsulting Tasks:o Discuss and suggest appropriate process frameworks, SDLC modelso Conduct process, policy development workshopso Plan, coordinate and implement SDLC processes and procedureso Conduct process audits against ISO 27001, ISO 20000, CMMI requirementso Conduct CMMI appraisals to identify strength and weaknesses of the company’s SDLC o Recommend process improvement roadmap.o Conduct project progress meeting (internal and external)o Prepare weekly and month project progress reports

As a Senior Consultant (Process Improvement Consultant) and Project Manager• Conduct gap assessment using IT Process Excellence frameworks (CMMI, ISO 27001, and provide report• Conduct process development and improvement workshops• Review organization process and policies• Draft processes, policies, templates and guidelines• Perform assessments to verify the preparedness of the client before third party certification audit• Advise organization on process improvement journey and provide a road map• Perform pre appraisal preparation activities and facilitate in CMMI SCAMPI A appraisals• Coordinate with SEPG members and process championsAs a Trainer• Perform public and in-house trainings on IT process frameworks• Key topics handled – IT Service Management (ISO 20000), ITIL, CMMI Product Suite, Information Security Management System (ISO 27001), Quality Management System (ISO 9001), Enterprise Risk Management (ISO 31000)• Other topics such as – Software Requirements Engineering, Software Metrics Management, Project Risk Management, Software Project Management and Business Continuity ManagementKey Projects:CMMI DEV Maturity Level 3, PT AdIns, Jakarta IndonesiaCMMI DEV trainings for BCA, Jakarta IndonesiaCMMI DEV Maturity Level 3, FCS Computers Sdn Bhd, Kuala Lumpur, MalaysiaCMMI DEV Maturity Level 3, SiliconNet Technologies Sdn Bhd, Kuching, MalaysiaCMMI SVC Maturity Level 3, LSS Academy Sdn Bhd, Kuala Lumpur, MalaysiaCMMI SVC Maturity Level 3, CCT Automation Sdn Bhd, Kuala Lumpur, MalaysiaInformation Security Trainings, SCOPE International, Kuala Lumpur, MalaysiaCMMI DEV Maturity Level 3, eGenting, Kuala Lumpur, MalaysiaCMMI DEV Maturity Level 3 and ISO 27001 certification, Dignersys Consulting, Kuala Lumpur, MalaysiaISO 20000 Certification, Heitech Padu, Kuala Lumpur, MalaysiaIT Governance, CMMI DEV, ISO 20000 Consulting, Globe Telecom, Manila, PhilippinesISO 27001, IBM Daksh, Manila, Philippines

• Perform process compliance audit and process management• Facilitate the team in process implementation and handhold project leader in project planning and estimation.• Metric analysis, conducting role briefing to the team.• Review of process documentation.• Conducting QA checks, CM audits and quality review