Information Security Analyst
Resume:
+974-******** – Primary - (Qatar)
RANGA KARIYAWASAM
Bachelor o f Business Information [ B . B . I ],
Massey University, New Z e a l a n d
Majors
( I n f o r m a t i o n S y s t e m s & S y s t e m D e v e l o p m e n t ) P G D i n ( I T ), C I S M, C I S A, CDPSE, C EH, I S O / I E C 27001: 2 0 1 3 (LA ), B C M S 22301: 2 0 1 2 ( L A ), I T S M 2 0 0 0 0 - 1 : 2 0 1 1 ( L A ), Q M S 9 0 0 1 : 2015( L A ), C C N A, C I S S, M B C S, & R e g i s t e r e d A u d i t o r f o r I S M S . QID : 27xxxxxxxxxxx Age: 40 Email: *****.**********@*****.*** Skype ID: rangakatukoliha Highly esteemed and degree qualified Information Security professional with a respectable career spanning 14+YEARS in Information Security, Governance, Risk and Compliance, & Enterprise Security work experience. Achieves desired outcomes within tight timeframes and strict budgets, results are supported by full lifecycle management expertise. Applying comprehensive methodologies, pre-empts and resolves any system issues and is further reinforced by excellent analytical abilities in reviewing, diagnosing and resolving complex networking problems and compliance issues, with advanced troubleshooting skills across local & wide area networks, information security systems and wireless. Adept at collaborating with top management and multiple key stakeholders, and devising feasible action plans those are cohesive with organisational objectives. I have Confident self-starter and independent personality with the ability, enthusiasm and drive to hit the ground running in a busy environment with a blend of technical, interpersonal, strategic and commercial skills. I have been a consultant to a number of organizations in the commercial and government segments across Gulf nations. Industry experience in BSFI, TELCO, Oil & Gas, Insurance, Healthcare, Retail, ICT, and Manufacturing. KEY PROJECTS
Key Projects delivered: –
Qatar National Bank (QNB) - Resident consultant – Information Security - Doha – Qatar.
Arab National Bank (ANB) - Enterprise Security Architecture design and Information security enhancement project - Riyadh, Kingdom of Saudi Arabia (KSA).
YASREF (Saudi ARAMCO subsidiary) – ISMS and BCMS implementation - Yanbu, Kingdom of Saudi Arabia (KSA).
Ministry of Finance (MOF) – IMS (27/20 & 22301) BCMS, ISMS & ITSM implementation - Abu Dhabi/Dubai, UAE.
ABB AG (MENA) - Enterprise security enhancement with ISMS - Dubai – UAE.
Ahmed Siddiqui & Sons – ISMS implementation - Dubai – UAE.
Abu Dhabi Sports Council (ADSC) - ISMS implementation - Abu Dhabi, UAE.
Millennium IT (MIT) (London Exchange subsidiary) – ISMS Implementation – Colombo, Sri Lanka.
Brandix Lanka Ltd – ISMS Implementation – Colombo, Sri Lanka.
Dialog Axiata PLC - PCI DSS implementation - Colombo, Sri Lanka.
Dialog Axiata PLC – ISMS/ITSM implementation - Colombo, Sri Lanka. EXPERTISE OFFERED
Consultation and Implementation Four standards (ISMS/BCMS/ITSM/QMS), PCI DSS & Integrated Management System
ISO/IEC Certification acquisition and
sustenance, CB Audit management, &
Compliance assessments
Four standards (ISMS/BCMS/ITSM/QMS), & PCI DSS
Risk Management Risk Assessments, Risk Treatments and control implementation, Risk registry development and maintenance.
VA/PT – Network Vulnerability
Assessment
Tools: Nessus, Nipper, Wireshark, Nmap, Metasploit, Aircrack, Nikto, Samurai, safe3, Websecurify and SQLmap
IT infrastructure review Network architecture review, and device configuration review. Firewall Auditing Rule base, Documentation.
Documentation Security Policy, Procedure, Baseline development as per industry standards (ITIL, COBIT, PCIDSS, SOX, OCTAVE/31000 and COSO)
2 P a g e
CAREER SNAPSHOT
Information Security Governance and oversight Analyst Risk Division, QNB Group, Doha, Qatar (2018 January – Present) Resident Consultant - Information Security, Risk Division, QNB Group, Doha, Qatar (2016 May – 2018 November) Principle Consultant – GRC & Information Security, Excella Technology Consultancy, Dubai, UAE – (2014 Oct to 2016 May 2014) Senior Security Consultant – Information Security & GRC, Valiant Technology Consultancy LLC, AUH, UAE – (2012 Sep – 2014 July) Senior Executive – Information Security, Dialog Axiata PLC – Colombo, Sri Lanka – (2012 Apr to 2012 Sep) Coordinator – Information Security, Dialog Axiata PLC – Colombo, Sri Lanka – (2007 June to 2012 April) Executive – Information Security, – Dialog Axiata PLC – Colombo, Sri Lanka (2006 Dec to 2007 June) Trainee IT officer – Dialog Axiata PLC – Colombo, Sri Lanka – (2006 Feb to 2006 Dec) PROFESSIONAL CERTIFICATIONS
Certified Data Protection Solution Engineer (CDPSE), ISACA Certified Information Security Manager (CISM), ISACA Certified Information Systems Auditor (CISA), ISACA Certified Ethical Hacker (C EH), USA
Cisco Certified Network Associate (CCNA)
Cisco Information Security Specialist (CISS)
Microsoft Certified Professional (MCP)
ISO 27001: 20013 Lead Auditor, ISMS (Exemplar Global) ISO 20000:2011 Lead Auditor, ITSM, (Exemplar Global) ISO 22301: 2012 Lead Auditor, BCMS, (Exemplar Global) ISO 9001: 2015 Lead Auditor, QMS, (Exemplar Global) Registered Auditor for ISMS – ISC
Certified ISO 27001:2005 Internal Auditor (DNV -India) Certified Internal Trainer (Dialog Academy)
EDUCATION
MBA, Sri Jayewardenepura University, Sri Lanka. (2 year programme, Currently Pursuing) PGD in Information Technology, SLIIT, Sri Lanka. (1 year Post graduate diploma, Graduated) Bachelor of Business Information B.B.I, Massey University, Wellington – New Zealand. (Graduated) Diploma in Windows 2003/XP Network Administration (First Division), National Youth Services Council, Ministry of Youth Affairs & Sports, – Sri Lanka, (Graduated)
Diploma in LINUX Network Administration (Second Division), National Youth Services Council, Ministry of Youth Affairs & Sports – Sri Lanka, (Graduated)
Dharmaraja College, Kandy – Sri Lanka (12 years, High school education) PROFESSIONAL TRAINING
ISO/IEC 9001:2015 Lead Auditor training by ISC – Riyadh, KSA ISO/IEC 27001:2013 Lead Auditor training by ISC – Dubai, UAE ISO/IEC 27001:2013 Lead Implementer training by ISC – Dubai, UAE ISO/IEC 22301:2012 Lead Auditor training by ISC – Dubai, UAE ISO/IEC 20000:2011 Lead Auditor training by ISC – Dubai, UAE CISA boot camp conducted by Valiant – Dubai, UAE
3 P a g e
CISM boot camp conducted by Valiant – Dubai, UAE
C EH - Certified ethical hacker (EC-Council), USA
ISO/IEC 27001:2005 Lead Auditor training by BSI India, Coimbatore, India Introduction to ISO 27001:2005 & ISO 1799:2005 Information Security Standards – Sri Lanka ISO/IEC 27001:2005 & ISO 1799:2005 Information Security Implementation Training - Sri Lanka Professional Development Program - Sri Lanka
Technical Training on “CHECKPOINT SECURITY ADMINISTRATION NGX-1” - Sri Lanka Workshop on “Attacks & Defense” - Inflow Technologies & Sans Bound Solutions – Sri Lanka MEMBERSHIPS
Board Member - ISACA Sri Lankan chapter. (2011 - 2012) Member of ISACA lecture panel for CISA, CISM & CRISK Professional Member – ISACA [#568004] - Sri Lankan chapter Professional Member – ISACA [#568004] - UAE chapter Professional Member of the British Computer Society – [# 990141897] REFERENCE
Available Upon Request
Contact this candidate