Information Security Management
Resume:
Contact Information:
*******.*****@*****.***
************@*******.***
LinkedIn: https://www.linkedin.com/rubayatzahir
Companies Served:
DarkMatter LLC
FAB Bank
VISA
Ernst & Young LLP
Jefferies & Company, Inc.
Credit Suisse Group
Deloitte & Touche LLP
KPMG LLP
Arthur Andersen LLP
State U. of NY
Bank of America (Merill Lynch Intern)
Wells Fargo Advisors (A.G. Edwards Intern)
Certifications
CISSP
CISA
CISM
CyberSecurity Certified Specialist
C EH
CHFI
CIFI
PCI-DSS
Prince2
CIW Certified Architect
MCSE - Microsoft Certified
ISO 27001
ISO 20000
ITIL
EMC Storage and Back Up
SAP Sybase
CISCO CCNA, CCDA
CCSE - Checkpoint Security Engineer
CITRIX CCA Certified
MCDBA – Microsoft DBA
IBM/INTEL Certified
Linux Certified
Microsoft Certified (MCDBA)
30 IBM Certifications Service Engineer
And more…
Education Background
M.S. in ISMS in CyberSecurity from Harvard University (Pursuing)
Bachelors of Science from Binghamton University majors in Computer Science, Economics and Political Science.
Foreign Languages:
Fluent in English, Hindi & Bengali. Business Speaking knowledge of French and Urdu.
Industries & Clients Served:
Financial Services:
A.G. Edwards
Acadia Insurance
Bank of America
Bank of Tokyo Mitsubishi
Bear Stearns
BlackStone
Chubb Insurance
Clarendon Insurance
CSFB
Heartland
Hermitage Insurance
HIP
HSBC
CBQ
QIB
Doha Bank
Doha Insurance
Interactive Brokers
Long Beach Acceptance Corp.
Marsh & Mclennan
Merrill Lynch
MetLife Insurance
Morgan Stanley
NY Magic MMO Insurance
PNC Bank - BlackRock
PXRe Insurance
Radian.Biz
SIAC (NYSE)
Sirius Insurance
State Street
Sun Trust
TD Waterhouse – TD Bank
UFJ Bank
USI Holdings
WR Berkley Insurance
Amwal Bank
Qinvest
QFIB
First Finance
Standard Chartered
QIIB
Al Khaleej Insurance
Energy Sector:
QEWC
Maersk Oil Qatar
QP
TOTAL
Maersk Oil
Tasweeq
QCHEM
Exxon Mobil
Conoco Phillips
QAPCO
QAFAC
QAFCO
Mesaieed Power Company
SASOL
OryxGTL
ADNOC
OXY
Telecommunication:
Exp@nets
Centennial Communications
QTEL
Media:
McGraw Hill
IPG
EasyLink
Reuters
Manufacturing & Retail:
Siemens
Cendant
Gillette
COTY
Jones Apparel Group
Footlocker
EMCO
Conesco Doka
Joule
IBM
Transammonia
Honeywell
Qatar Steel
Pharmaceutical & Health Services:
Lenox Hill Hospital
MEETH
HIP of NY
Quest Diagnostics
HMC Hospital
Higher Education Clients:
New York State Board of Education
S.U.N.Y. at Binghamton
Long Island University
Qatar University
Qatar Foundation
Pharmaceutical & Health Services:
Lenox Hill Hospital
MEETH
HIP of NY
Quest Diagnostics
HMC Hospital
Public Sector Clients:
New York State Board of Education
S.U.N.Y. at Binghamton
ICT Qatar
State of New York
87 Government Ministries
Central Banks
Qatar University
Qatar Foundation
Government Hospitals
Rubayat M. Zahir
Experienced Cyber Security, Information Security, IT Risk Professional with more than 20+ years of Leadership and Consulting experience with Global Financial Services Organizations and Big 4 Consulting Firms.
Relevant Work Experience:
DarkMatter LLC UAE
Director of Information Assurance (Information Security)
2017 – Present
Led the Firm’s Information Assurance Team (5 Staff) which comprised of Information Security Governance, Enterprise Security Architecture and Engineering Teams.
Developed an Enterprise Security Strategy and Budgets for the firm
Developed an Enterprise Data Governance Strategy as per U.S. DoD standards.
Developed the Enterprise Corporate Security Strategy for the firm and implemented security measures to address the gaps identified in the current state
Developed Executive Information Security Dashboard to demonstrate progress.
Supported the Client Facing with staff who generated revenue for the firm
Performed benchmarking against ISO 27001, UAE IA (NESA), CREST standards
Implemented and Certified ISO 27001 and UAE IA Standards for the organization
Developed Cyber Crisis Management Plan and Incident Response Plan
Developed Secured Application Development Policy, Framework and Design
Developed International Office Security Standards and Office-in-a-Box strategy
Assessed the firm against ISO 27001, UAE – IA, NIST 800, ADSSA and AeCERT and developed 200+ Policies, Procedures, Standards, Baselines and Guidelines
Implemented Third-Party Security training, Awareness Campaigns, Phishing Simulation measures for FTEs and Contractors including AUPs and NDAs and tracking them
Provided training for contractors and bespoke security training, Provided Vendor Training for Secured Application Development for DevOps Team in line with BSIMM Performed incident handling with Operational Security, Public Relations Team, etc.
Coordinated VAPT scans for firm through Tripwire 360 and Internal/External Pentesters
Established a periodic access control review and third-party SaaS application review
Implemented the Third-Party and Supply Chain Security review program of third-parties and international offices in India, Belarus and Finland.
Supported ISO 17025, 9001 and WebTrust Initiatives.
Implemented a Unified Incident Response and Breach Management Policy for the firm alongside of Table Top Exercise and plans for Wargame simulations.
Developed an Enterprise Architecture Strategy and Enterprise Information Security Architecture methodology document
Performed PoCs of Security technologies such as Deception Technology, Content Disarm and Reconstruction (CD-R), Data Classification, Identity and Access Management (IDAM), Digital Rights Management (DRM), Single Sign On (SSO), Hardened OS Builds, Browser Isolation, Boardroom Security Products.
Performed Due Diligence for Cybersecurity Insurance
Designed and Planned Implementation of RSA Archer
First Abu Dhabi Bank (FAB) UAE, Malaysia, Germany, France
Vice President/Executive Director of Technology and Operations at GIA (CyberSecurity Specialist)
2013 – 2017
Worked closely with Information Security and IT to implement Security Controls and meet regulations.
Led Firmwide Projects to assess and implement CyberSecurity Controls
Worked with FinTech (Mobile Banking, mPOS, BlockChain [Ripple for Trade Finance], Oracle Big Data Analytics, IoT security review of technologies across the Bank and Branches and Digitization of the Bank across the group globally.
Implemented NESA, CyberSecurity, PCI-DSS assessment and projects
Implemented and assisted developing Information Security Function for the Bank
Led Information Security as an SME of CyberSecurity and Information Security
Managing & Leading IT and Cybersecurity Risk Assessments, Audits and Reviews Managing a team of 4 IT specialists (Including Local Staff)
Groupwide Reviews of Operations UAE and Globally (Switzerland, Hong Kong, Paris, Washington D.C. and Malaysia)
Reviewed and advised organization on structure of IT Governance, Information Security and Cybersecurity Regulatory Compliance globally.
Performed reviews and assisted in developing of the Bank’s Policy and Procedures against ISO 27001, ITIL, PCI-DSS, Global Regulations (US, UAE, Bahrain, Jordan, Egypt, Switzerland, Malaysia, Hong Kong and London). Advised on IT policy, Data Security, PCI, Card Center, EUDA, BYOD, IT Infrastructure, Information Security Reviewed Equities, Fixed Income, Wealth Management, Financial Markets, Retail Banking, Card Operations and Card Operations for risks
Reviewed Operating Systems (Windows Active Directory, AS/400, Solaris, Linux)
Reviewed and assisted in reconfiguring Two-Factor Authentication, Biometrics and Card Access Systems, DLP, E-mail-blocking tools, surveillance tools, Secured Storage, Database encryption software, PGP, Email Encryption, File Encryption, Whitelisting, Identity Management, Single Sign-On etc.
Reviewed Network Infrastructure (Telecommunication, Wireless, Network LAN/WAN)
Reviewed NOC/SOC (Arcsight, McAfee Foundscan, Symantec, TrendMicro, EMC Smart, NetIQ, Nessus, Acunetix, McAfee Foundscan, Retina, GFI LANGuard, Security Configuration Manager, Configuration tools, DLP, Cisco LMS, Anti-Virus & Malware, Password Repository, DATP Controls, Whitelisting Software, etc.)
Experience in reviewing the architecture and implementation of FireEye, McAfee Data Classification, DLP, PaloAlto, Arbor, APT Defense and Threat Intelligence softwares.
Reviewed Application Development against SDLC & SSDLC for critical applications, application transaction processing monitoring and helped redesign it.
Reviewed ITD and Information Security programs and redesigned the program
Working closely with the GCIO in IT Strategy and Information Security Strategy
Provided consulting services for PCI-DSS to Card Center, Compliance and IT
Performed review of Data Center, Information Security, Core Banking System [Intellect], ATMs, POS, Payment Gateways, SWIFT, Financial Reporting, Compliance, AML.
Performed IT, Security and Regulatory review of trading applications (MUREX, Bloomberg, Tradeweb, Tradenet, Reuters, Market Data, Pricing Software, etc.) and reviewed the security of Hadoop Based Architecture for the Trading Platform and Security of the E-Commerce Platforms.
Reviewed Penetration Testing Results from tools McAfee Foundstone, Nessus, Acunetix, NGS Squirrel and from vendors Deloitte, Qualys, IBM, GBM, Encode, etc.
Reviewed Third-Parties (Bloomberg, Etisalat, TradeWeb, Reuters, Murex, etc.)
Trained staff and GIA staff on cybersecurity, technology and technical concepts
Visa International Dubai, Singapore, Thailand
Head of Visa’s Account Information Security (AIS)/CISP – PCI Program for APCEMEA region
2012 – 2013
Managed & Lead PCI-DSS & Account Information Security Program
Managed a team of specialists and SMRs of PCI-DSS in APCEMEA Region
Managed Strategic Global Projects for the AIS Team and Risk Management team
Managed 10000+ Level 1,2,3 Merchants, 600+ Banks and 600+ 3rd Party SPs
Provided Consulting Services of PCI-DSS to Banks, Merchants and Service Providers in
Performed PCI relevant reviews of FinTech payment products for VbV, NFCs, VSDC/Chip&PIN, E-Commerce, Cybersource, Fundamo, Digital Wallets, Credit/Debit Products and all products
Managed relationships with clients (Processors, Merchants and Service Providers)
Provided Training in conferences for Information Security and PCI-DSS compliance
Managed and performed forensics investigation with PFIs for Banks, SPs and Merchants
Evaluated PA-DSS/PCI-DSS AOC/ROC/SAQs for clients
Evaluated PCI AOC/ROC/SAQs/ASV Penetration Testing Scans for Clients
Worked Closely for onboarding Service Providers, Banks and Third-Party Processors
Provided SMR support of PCI-DSS for VISA in APCEMEA
Developed TORs for the AIS Program and provided waivers/exceptions to clients Provided monthly Big Data analytics reports to Country/Regional Risk Management Teams and Provided Quarterly Reports to Global Risk Management Team
Hosted Information Security/PCI-DSS conferences hosted in AP-CEMEA Region
Worked closely with PCI-SSC Council for developing their Standards and Guidelines
Ernst & Young LLP Qatar, UAE and London
Executive Director, Information Technology Security, Risk & Assurance for EMEIA Practice
2009 – 2012
Headed the National CyberSecurity Practice for EY in Qatar
Managed Multi-Million USD portfolio (2.5 Million Revenue & 4 Million Dollar Pipeline)
Developed IT and IS Strategy for Retail and Investment Bank
Led the National Information Security & A&P Teams with Application Security, Infrastructure Security, PCI-DSS, VISA PCI PIN/PTS Review
Managed Relationships with the C-level Clients (Business and IT)
Implemented and provided security consulting for FinTech and IoTs for Mobile Commerce, Banking and Internet Banking Platforms for Bank Digitization Transformation Projects
Provided vCISOs and CISO as a Service, Information Security function development and organization development for clients
Managing a team of 16+ (upto 22) Security Specialists
Implemented and Designed Security Solutions for Banks and Healthcare Providers
ERP Specialization: SAP, J.D. Edwards and Oracle Financials
Implementations with a framework of policies and procedures ISO 27001, ISO 20000, BS 25999, PCI-DSS, SCADA, QCB, ICT, QFC, QP regulations.
Implementation of BCP/DRP for Energy Sector clients and Banking Sector Clients
Global Project Management with GCC, Europe and Asian countries
Electronic Content Management – Strategy and Implementation
Asset Management and Inventory Management with Software Licenses
ERP Project Management with SAP and Oracle Financial/E-Business Suites
Data Center Design and implementation against TIA Standards
IT Contract Reviews and Benchmarking of Contracts for a Bank, Government, Hospital
Jefferies & Company, Inc. New York and London
2007 – 2009 Vice President
Information Technology Risk & Audit (CyberSecurity Specialist)
Managed Relationships with the Clients (Business and IT), CIO, CISO, CTO and Senior IT management to incept and finalize Projects.
ERP Reviewed: Peoplesoft and Lawson
Performed Application Reviews (IB Deal Management Software; Pivotal, all Equities and Fixed Income Trading Applications, Private Banking and Asset Management.
Managed Penetration Tests, Security Assessment, Third-Party Risk Assessments, Process Assessment, Information Security Audits, of nearly 300+ applications globally.
Performed Application and Technology Reviews of Products (Structured Products, Prime Brokerage, Fixed Income Products, Convertibles, Govies & Corporate, Investment Banking, High Yield, Equities Trading, Sales & Trading, Middle Office.
Performed Technology and Security Reviews of Middle Office/Back Office Functions
Performed Special Projects and Investigations (Data Mining & Analytics)
Third-Party Controls Assessment ADP/Broadridge, JPMC-Bear Stearns, NSC, SIAC and DTCC, Intralinks, Merrill, Bloomberg, ECNs and Market Data Platforms.
Credit Suisse Group New York, Brazil and Costa Rica
2005 – 2007 Assistant Vice President
Information Technology Audit & Risk (CyberSecurity Specialist)
Management of Global Information Technology, Security and Audits/Projects with global staff (Eight Project Managers and Consultants in NY, London and Singapore)
Managing relationships and interaction with Business and Information Technology Groups (Application and Infrastructure) for coordinating Information Security projects
Review of Global Information Security and BCM Policies, Procedures and Standards
Application security reviews for Private Banking, Asset Management and Investment Banking (Equities and Investment Banking). Application Security and SSDLC/SDLC reviews for Equities (AES, Prime Brokerage), Fixed Income, Investment Banking Division, Private Bank Web Application Security Assessment,
Creation of Security Assessments Scripts for Databases (MS SQL, Sybase, Oracle, Informix and DB2) and for Windows Server environment and Linux.
Security Review of Mainframe Environment (ACF2, USS, DB2, CICS, etc.), AS/400 and VAX/VMS. Vulnerability Assessment of technology (Web Application, Networks)
IT Security Engineering and Architecture Reviews (Operating System, Network, Database, Web Servers, Midrange Systems, ID Management, Email Surveillance, Network Firewall, IDS/IPS implementation)
ERP Reviewed: Oracle and Peoplesoft
T.D. Ameritrade New York and Toronto
2005 – 2005 Vice President
Information Technology Audit & Risk (CyberSecurity Specialist)
Application Security (Retail Online Brokerage) and Infrastructure Security Review (Systems, Servers, Firewalls, Routers, Switches, Telecom Infrastructure)
Vulnerability Assessments, Wireless Assessments, Penetration Testing
Mergers and Acquisition Projects for T.D. Bank, T.D. Waterhouse and Ameritrade
ERP Reviewed: Peoplesoft, Oracle Financials
Deloitte & Touche LLP New York
2003 – 2005 Experienced Sr. Consultant - Manager, Cyber Risk Services
Security Advisory - Implementation Projects (Consulting)
Outstanding Achievement Award for 2004 & 2005 and attained 168% Chargeability
Member of the Information Security Officer Advisory Group.
Application and Network Security Reviews, Vulnerability Assessments, Wireless Assessments, Risk Assessments and Penetration Testing with Wardialers, Scanners, ISS, NetRecon, SSS, Database Scanners, Bindview, Vanguard, CA-Examine, Nessus, Cybercop, NMap, Iris, NetIQ, eEye, Symantec ESM and many others.
ERP Reviewed: Peoplesoft, Oracle Financials, JD Edwards, SAP, Lawson
Engaged in projects for assessing Firewalls, Routers and Multiplatform Servers.
Creation of Global policies, procedures standards and guidelines with industry regulations such as FDICIA, ISO 17799, BS7799, ISF, ISACA COBIT, ISC2, ISACA, HIPAA, GLBA, SB1386, FFIEC (DR-BCP), 17A4, 21CFR11, NASD, NAIC compliance, SOC-1/2/3, SOX Regulatory Assessments and etc.
BCP DR development and PIR reviews for several clients.
Privacy Engagements – Assessment and Implementation of policy and procedures for Electronic Data Privacy acts.
Operating Systems Security Reviews (Novell, Windows NT/2000/2003/Longhorn/XP, UNIX, OS/390 RACF, TOPSECRET, ACF2, VAX VMS, Stratus VOS and WANG OS)
Identity and Access Management Reviews and Assessments
KPMG LLP New York
2002-2003 Experienced Associate, Cyber Security Services
Network and Security Advisory Projects (Consulting)
Redesigned/Architected a Security/Network/OS security for a Fortune 100 Client.
Vulnerability Assessments, Wireless Assessments and Penetration Testing
Creation of policies, procedures standards and guidelines, risk assessments with industry regulations such as SOX, ISO 17799, BS7799, ISF, COBIT, ISC2, ISACA, HIPAA, GLBA, SB1386, FFIEC (DR-BCP), 17A4, 21CFR11, NASD, NAIC compliance and etc.
Performed Information Security Reviews for SAS 65 and SSAE 16/ISAE 3402
Application and Infrastructure Security Assessments.
ERP Security Reviews: SAP, Peoplesoft, Oracle, Sybase, CICS/DB2, MS SQL
Arthur Andersen LLP New York
Andersen Business Consulting
2001-2002 Experienced Consultant with eCommerce Technology Integration Services
Security Projects:
Application Design and Implementation for T+3 to T+1 Migration for Investment Banks
Application Design and Implementation in POC environment for Websphere, Oracle Weblogic, Siebel, Oracle, DB2, Webmethods, Tibco and Vitria
Application Security Review /Audit Support (Pre-OWASP) and Infrastructure review of Network and Systems Security including Cisco Routers/Switches/PIX Firewall SAN Storage, SAN Fabric Switches of various models for implementation
Network security projects (IPSEC, PKI) and SNMP monitoring tools,
Architected Checkpoint Firewall/ISA 2000 Solution for implementation
Disaster Recovery planning in Network, Servers, Systems and Data Centers and Security.
State of New York New York
1996-2001 Sr. Consultant of Network Support Group and Systems administration
Management and Administrative Projects:
Managed Network, Systems and Database implementation and upgrade projects in an environment with 20,000 workstations, servers and network.
3com, Xyplex and Cisco Catalyst Switches and Routers, PIX Firewall, Network Monitoring Tools from SGI, Oracle Sun, IBM, Microsoft, Cisco and many other vendors
Contact this candidate