Sign in

Information Security Management

Maspeth, New York, United States
April 29, 2019

Contact this candidate


Contact Information:


Companies Served:

DarkMatter LLC

FAB Bank


Ernst & Young LLP

Jefferies & Company, Inc.

Credit Suisse Group

Deloitte & Touche LLP


Arthur Andersen LLP

State U. of NY

Bank of America (Merill Lynch Intern)

Wells Fargo Advisors (A.G. Edwards Intern)





CyberSecurity Certified Specialist






CIW Certified Architect

MCSE - Microsoft Certified

ISO 27001

ISO 20000


EMC Storage and Back Up

SAP Sybase


CCSE - Checkpoint Security Engineer

CITRIX CCA Certified

MCDBA – Microsoft DBA

IBM/INTEL Certified

Linux Certified

Microsoft Certified (MCDBA)

30 IBM Certifications Service Engineer

And more…

Education Background

M.S. in ISMS in CyberSecurity from Harvard University (Pursuing)

Bachelors of Science from Binghamton University majors in Computer Science, Economics and Political Science.

Foreign Languages:

Fluent in English, Hindi & Bengali. Business Speaking knowledge of French and Urdu.

Industries & Clients Served:

Financial Services:

A.G. Edwards

Acadia Insurance

Bank of America

Bank of Tokyo Mitsubishi

Bear Stearns


Chubb Insurance

Clarendon Insurance



Hermitage Insurance





Doha Bank

Doha Insurance

Interactive Brokers

Long Beach Acceptance Corp.

Marsh & Mclennan

Merrill Lynch

MetLife Insurance

Morgan Stanley

NY Magic MMO Insurance

PNC Bank - BlackRock

PXRe Insurance



Sirius Insurance

State Street

Sun Trust

TD Waterhouse – TD Bank

UFJ Bank

USI Holdings

WR Berkley Insurance

Amwal Bank



First Finance

Standard Chartered


Al Khaleej Insurance

Energy Sector:


Maersk Oil Qatar



Maersk Oil



Exxon Mobil

Conoco Phillips




Mesaieed Power Company







Centennial Communications



McGraw Hill




Manufacturing & Retail:





Jones Apparel Group



Conesco Doka





Qatar Steel

Pharmaceutical & Health Services:

Lenox Hill Hospital



Quest Diagnostics

HMC Hospital

Higher Education Clients:

New York State Board of Education

S.U.N.Y. at Binghamton

Long Island University

Qatar University

Qatar Foundation

Pharmaceutical & Health Services:

Lenox Hill Hospital



Quest Diagnostics

HMC Hospital

Public Sector Clients:

New York State Board of Education

S.U.N.Y. at Binghamton

ICT Qatar

State of New York

87 Government Ministries

Central Banks

Qatar University

Qatar Foundation

Government Hospitals

Rubayat M. Zahir

Experienced Cyber Security, Information Security, IT Risk Professional with more than 20+ years of Leadership and Consulting experience with Global Financial Services Organizations and Big 4 Consulting Firms.

Relevant Work Experience:

DarkMatter LLC UAE

Director of Information Assurance (Information Security)

2017 – Present

Led the Firm’s Information Assurance Team (5 Staff) which comprised of Information Security Governance, Enterprise Security Architecture and Engineering Teams.

Developed an Enterprise Security Strategy and Budgets for the firm

Developed an Enterprise Data Governance Strategy as per U.S. DoD standards.

Developed the Enterprise Corporate Security Strategy for the firm and implemented security measures to address the gaps identified in the current state

Developed Executive Information Security Dashboard to demonstrate progress.

Supported the Client Facing with staff who generated revenue for the firm

Performed benchmarking against ISO 27001, UAE IA (NESA), CREST standards

Implemented and Certified ISO 27001 and UAE IA Standards for the organization

Developed Cyber Crisis Management Plan and Incident Response Plan

Developed Secured Application Development Policy, Framework and Design

Developed International Office Security Standards and Office-in-a-Box strategy

Assessed the firm against ISO 27001, UAE – IA, NIST 800, ADSSA and AeCERT and developed 200+ Policies, Procedures, Standards, Baselines and Guidelines

Implemented Third-Party Security training, Awareness Campaigns, Phishing Simulation measures for FTEs and Contractors including AUPs and NDAs and tracking them

Provided training for contractors and bespoke security training, Provided Vendor Training for Secured Application Development for DevOps Team in line with BSIMM Performed incident handling with Operational Security, Public Relations Team, etc.

Coordinated VAPT scans for firm through Tripwire 360 and Internal/External Pentesters

Established a periodic access control review and third-party SaaS application review

Implemented the Third-Party and Supply Chain Security review program of third-parties and international offices in India, Belarus and Finland.

Supported ISO 17025, 9001 and WebTrust Initiatives.

Implemented a Unified Incident Response and Breach Management Policy for the firm alongside of Table Top Exercise and plans for Wargame simulations.

Developed an Enterprise Architecture Strategy and Enterprise Information Security Architecture methodology document

Performed PoCs of Security technologies such as Deception Technology, Content Disarm and Reconstruction (CD-R), Data Classification, Identity and Access Management (IDAM), Digital Rights Management (DRM), Single Sign On (SSO), Hardened OS Builds, Browser Isolation, Boardroom Security Products.

Performed Due Diligence for Cybersecurity Insurance

Designed and Planned Implementation of RSA Archer

First Abu Dhabi Bank (FAB) UAE, Malaysia, Germany, France

Vice President/Executive Director of Technology and Operations at GIA (CyberSecurity Specialist)

2013 – 2017

Worked closely with Information Security and IT to implement Security Controls and meet regulations.

Led Firmwide Projects to assess and implement CyberSecurity Controls

Worked with FinTech (Mobile Banking, mPOS, BlockChain [Ripple for Trade Finance], Oracle Big Data Analytics, IoT security review of technologies across the Bank and Branches and Digitization of the Bank across the group globally.

Implemented NESA, CyberSecurity, PCI-DSS assessment and projects

Implemented and assisted developing Information Security Function for the Bank

Led Information Security as an SME of CyberSecurity and Information Security

Managing & Leading IT and Cybersecurity Risk Assessments, Audits and Reviews Managing a team of 4 IT specialists (Including Local Staff)

Groupwide Reviews of Operations UAE and Globally (Switzerland, Hong Kong, Paris, Washington D.C. and Malaysia)

Reviewed and advised organization on structure of IT Governance, Information Security and Cybersecurity Regulatory Compliance globally.

Performed reviews and assisted in developing of the Bank’s Policy and Procedures against ISO 27001, ITIL, PCI-DSS, Global Regulations (US, UAE, Bahrain, Jordan, Egypt, Switzerland, Malaysia, Hong Kong and London). Advised on IT policy, Data Security, PCI, Card Center, EUDA, BYOD, IT Infrastructure, Information Security Reviewed Equities, Fixed Income, Wealth Management, Financial Markets, Retail Banking, Card Operations and Card Operations for risks

Reviewed Operating Systems (Windows Active Directory, AS/400, Solaris, Linux)

Reviewed and assisted in reconfiguring Two-Factor Authentication, Biometrics and Card Access Systems, DLP, E-mail-blocking tools, surveillance tools, Secured Storage, Database encryption software, PGP, Email Encryption, File Encryption, Whitelisting, Identity Management, Single Sign-On etc.

Reviewed Network Infrastructure (Telecommunication, Wireless, Network LAN/WAN)

Reviewed NOC/SOC (Arcsight, McAfee Foundscan, Symantec, TrendMicro, EMC Smart, NetIQ, Nessus, Acunetix, McAfee Foundscan, Retina, GFI LANGuard, Security Configuration Manager, Configuration tools, DLP, Cisco LMS, Anti-Virus & Malware, Password Repository, DATP Controls, Whitelisting Software, etc.)

Experience in reviewing the architecture and implementation of FireEye, McAfee Data Classification, DLP, PaloAlto, Arbor, APT Defense and Threat Intelligence softwares.

Reviewed Application Development against SDLC & SSDLC for critical applications, application transaction processing monitoring and helped redesign it.

Reviewed ITD and Information Security programs and redesigned the program

Working closely with the GCIO in IT Strategy and Information Security Strategy

Provided consulting services for PCI-DSS to Card Center, Compliance and IT

Performed review of Data Center, Information Security, Core Banking System [Intellect], ATMs, POS, Payment Gateways, SWIFT, Financial Reporting, Compliance, AML.

Performed IT, Security and Regulatory review of trading applications (MUREX, Bloomberg, Tradeweb, Tradenet, Reuters, Market Data, Pricing Software, etc.) and reviewed the security of Hadoop Based Architecture for the Trading Platform and Security of the E-Commerce Platforms.

Reviewed Penetration Testing Results from tools McAfee Foundstone, Nessus, Acunetix, NGS Squirrel and from vendors Deloitte, Qualys, IBM, GBM, Encode, etc.

Reviewed Third-Parties (Bloomberg, Etisalat, TradeWeb, Reuters, Murex, etc.)

Trained staff and GIA staff on cybersecurity, technology and technical concepts

Visa International Dubai, Singapore, Thailand

Head of Visa’s Account Information Security (AIS)/CISP – PCI Program for APCEMEA region

2012 – 2013

Managed & Lead PCI-DSS & Account Information Security Program

Managed a team of specialists and SMRs of PCI-DSS in APCEMEA Region

Managed Strategic Global Projects for the AIS Team and Risk Management team

Managed 10000+ Level 1,2,3 Merchants, 600+ Banks and 600+ 3rd Party SPs

Provided Consulting Services of PCI-DSS to Banks, Merchants and Service Providers in

Performed PCI relevant reviews of FinTech payment products for VbV, NFCs, VSDC/Chip&PIN, E-Commerce, Cybersource, Fundamo, Digital Wallets, Credit/Debit Products and all products

Managed relationships with clients (Processors, Merchants and Service Providers)

Provided Training in conferences for Information Security and PCI-DSS compliance

Managed and performed forensics investigation with PFIs for Banks, SPs and Merchants

Evaluated PA-DSS/PCI-DSS AOC/ROC/SAQs for clients

Evaluated PCI AOC/ROC/SAQs/ASV Penetration Testing Scans for Clients

Worked Closely for onboarding Service Providers, Banks and Third-Party Processors

Provided SMR support of PCI-DSS for VISA in APCEMEA

Developed TORs for the AIS Program and provided waivers/exceptions to clients Provided monthly Big Data analytics reports to Country/Regional Risk Management Teams and Provided Quarterly Reports to Global Risk Management Team

Hosted Information Security/PCI-DSS conferences hosted in AP-CEMEA Region

Worked closely with PCI-SSC Council for developing their Standards and Guidelines

Ernst & Young LLP Qatar, UAE and London

Executive Director, Information Technology Security, Risk & Assurance for EMEIA Practice

2009 – 2012

Headed the National CyberSecurity Practice for EY in Qatar

Managed Multi-Million USD portfolio (2.5 Million Revenue & 4 Million Dollar Pipeline)

Developed IT and IS Strategy for Retail and Investment Bank

Led the National Information Security & A&P Teams with Application Security, Infrastructure Security, PCI-DSS, VISA PCI PIN/PTS Review

Managed Relationships with the C-level Clients (Business and IT)

Implemented and provided security consulting for FinTech and IoTs for Mobile Commerce, Banking and Internet Banking Platforms for Bank Digitization Transformation Projects

Provided vCISOs and CISO as a Service, Information Security function development and organization development for clients

Managing a team of 16+ (upto 22) Security Specialists

Implemented and Designed Security Solutions for Banks and Healthcare Providers

ERP Specialization: SAP, J.D. Edwards and Oracle Financials

Implementations with a framework of policies and procedures ISO 27001, ISO 20000, BS 25999, PCI-DSS, SCADA, QCB, ICT, QFC, QP regulations.

Implementation of BCP/DRP for Energy Sector clients and Banking Sector Clients

Global Project Management with GCC, Europe and Asian countries

Electronic Content Management – Strategy and Implementation

Asset Management and Inventory Management with Software Licenses

ERP Project Management with SAP and Oracle Financial/E-Business Suites

Data Center Design and implementation against TIA Standards

IT Contract Reviews and Benchmarking of Contracts for a Bank, Government, Hospital

Jefferies & Company, Inc. New York and London

2007 – 2009 Vice President

Information Technology Risk & Audit (CyberSecurity Specialist)

Managed Relationships with the Clients (Business and IT), CIO, CISO, CTO and Senior IT management to incept and finalize Projects.

ERP Reviewed: Peoplesoft and Lawson

Performed Application Reviews (IB Deal Management Software; Pivotal, all Equities and Fixed Income Trading Applications, Private Banking and Asset Management.

Managed Penetration Tests, Security Assessment, Third-Party Risk Assessments, Process Assessment, Information Security Audits, of nearly 300+ applications globally.

Performed Application and Technology Reviews of Products (Structured Products, Prime Brokerage, Fixed Income Products, Convertibles, Govies & Corporate, Investment Banking, High Yield, Equities Trading, Sales & Trading, Middle Office.

Performed Technology and Security Reviews of Middle Office/Back Office Functions

Performed Special Projects and Investigations (Data Mining & Analytics)

Third-Party Controls Assessment ADP/Broadridge, JPMC-Bear Stearns, NSC, SIAC and DTCC, Intralinks, Merrill, Bloomberg, ECNs and Market Data Platforms.

Credit Suisse Group New York, Brazil and Costa Rica

2005 – 2007 Assistant Vice President

Information Technology Audit & Risk (CyberSecurity Specialist)

Management of Global Information Technology, Security and Audits/Projects with global staff (Eight Project Managers and Consultants in NY, London and Singapore)

Managing relationships and interaction with Business and Information Technology Groups (Application and Infrastructure) for coordinating Information Security projects

Review of Global Information Security and BCM Policies, Procedures and Standards

Application security reviews for Private Banking, Asset Management and Investment Banking (Equities and Investment Banking). Application Security and SSDLC/SDLC reviews for Equities (AES, Prime Brokerage), Fixed Income, Investment Banking Division, Private Bank Web Application Security Assessment,

Creation of Security Assessments Scripts for Databases (MS SQL, Sybase, Oracle, Informix and DB2) and for Windows Server environment and Linux.

Security Review of Mainframe Environment (ACF2, USS, DB2, CICS, etc.), AS/400 and VAX/VMS. Vulnerability Assessment of technology (Web Application, Networks)

IT Security Engineering and Architecture Reviews (Operating System, Network, Database, Web Servers, Midrange Systems, ID Management, Email Surveillance, Network Firewall, IDS/IPS implementation)

ERP Reviewed: Oracle and Peoplesoft

T.D. Ameritrade New York and Toronto

2005 – 2005 Vice President

Information Technology Audit & Risk (CyberSecurity Specialist)

Application Security (Retail Online Brokerage) and Infrastructure Security Review (Systems, Servers, Firewalls, Routers, Switches, Telecom Infrastructure)

Vulnerability Assessments, Wireless Assessments, Penetration Testing

Mergers and Acquisition Projects for T.D. Bank, T.D. Waterhouse and Ameritrade

ERP Reviewed: Peoplesoft, Oracle Financials

Deloitte & Touche LLP New York

2003 – 2005 Experienced Sr. Consultant - Manager, Cyber Risk Services

Security Advisory - Implementation Projects (Consulting)

Outstanding Achievement Award for 2004 & 2005 and attained 168% Chargeability

Member of the Information Security Officer Advisory Group.

Application and Network Security Reviews, Vulnerability Assessments, Wireless Assessments, Risk Assessments and Penetration Testing with Wardialers, Scanners, ISS, NetRecon, SSS, Database Scanners, Bindview, Vanguard, CA-Examine, Nessus, Cybercop, NMap, Iris, NetIQ, eEye, Symantec ESM and many others.

ERP Reviewed: Peoplesoft, Oracle Financials, JD Edwards, SAP, Lawson

Engaged in projects for assessing Firewalls, Routers and Multiplatform Servers.

Creation of Global policies, procedures standards and guidelines with industry regulations such as FDICIA, ISO 17799, BS7799, ISF, ISACA COBIT, ISC2, ISACA, HIPAA, GLBA, SB1386, FFIEC (DR-BCP), 17A4, 21CFR11, NASD, NAIC compliance, SOC-1/2/3, SOX Regulatory Assessments and etc.

BCP DR development and PIR reviews for several clients.

Privacy Engagements – Assessment and Implementation of policy and procedures for Electronic Data Privacy acts.

Operating Systems Security Reviews (Novell, Windows NT/2000/2003/Longhorn/XP, UNIX, OS/390 RACF, TOPSECRET, ACF2, VAX VMS, Stratus VOS and WANG OS)

Identity and Access Management Reviews and Assessments


2002-2003 Experienced Associate, Cyber Security Services

Network and Security Advisory Projects (Consulting)

Redesigned/Architected a Security/Network/OS security for a Fortune 100 Client.

Vulnerability Assessments, Wireless Assessments and Penetration Testing

Creation of policies, procedures standards and guidelines, risk assessments with industry regulations such as SOX, ISO 17799, BS7799, ISF, COBIT, ISC2, ISACA, HIPAA, GLBA, SB1386, FFIEC (DR-BCP), 17A4, 21CFR11, NASD, NAIC compliance and etc.

Performed Information Security Reviews for SAS 65 and SSAE 16/ISAE 3402

Application and Infrastructure Security Assessments.

ERP Security Reviews: SAP, Peoplesoft, Oracle, Sybase, CICS/DB2, MS SQL

Arthur Andersen LLP New York

Andersen Business Consulting

2001-2002 Experienced Consultant with eCommerce Technology Integration Services

Security Projects:

Application Design and Implementation for T+3 to T+1 Migration for Investment Banks

Application Design and Implementation in POC environment for Websphere, Oracle Weblogic, Siebel, Oracle, DB2, Webmethods, Tibco and Vitria

Application Security Review /Audit Support (Pre-OWASP) and Infrastructure review of Network and Systems Security including Cisco Routers/Switches/PIX Firewall SAN Storage, SAN Fabric Switches of various models for implementation

Network security projects (IPSEC, PKI) and SNMP monitoring tools,

Architected Checkpoint Firewall/ISA 2000 Solution for implementation

Disaster Recovery planning in Network, Servers, Systems and Data Centers and Security.

State of New York New York

1996-2001 Sr. Consultant of Network Support Group and Systems administration

Management and Administrative Projects:

Managed Network, Systems and Database implementation and upgrade projects in an environment with 20,000 workstations, servers and network.

3com, Xyplex and Cisco Catalyst Switches and Routers, PIX Firewall, Network Monitoring Tools from SGI, Oracle Sun, IBM, Microsoft, Cisco and many other vendors

Contact this candidate