Information Security Manager

As an Information Security Manager, I managed Governance, Risk, and Compliance programs, specializing in ISO/IEC 27001:2022, ITGC, and Data Protection. I led initiatives to streamline processes, automate offline workflows, and align operations with updated security policies, ensuring stronger compliance, improved efficiency, and enhanced organizational resilience.

• 👨🏼‍💻 Led and participated in risk identification, baseline control checks, and audit readiness across multiple business functions, ensuring compliance with internal and external requirements.
• 📊 Managed risk registers for 10+ units, conducted detailed IT risk assessments, and ensured timely NCR closures.
• 🛡️ Reviewed and assessed over 500+ change requests, improving adherence to security policies, and reducing potential breach risks.
• 🔄 Supported audit readiness and control validations for new infrastructure setups through HOTO activities and physical security walkthroughs.
• 💻 Conducted hardening checklist reviews for Windows and server environments, enhancing configuration compliance across corporate systems.
• 📑 Designed multiple SOPs to streamline internal processes and modified monthly governance reporting templates for improved leadership visibility.
• 🎨 Created security posters and awareness PPTs (leveraging AI tools) to drive enterprise campaigns; delivered sessions to 20,000+ associates and spearheaded InfoSecurity Fest with 10,000+ participants.
• 📊 Collaborated with leadership to organize and present insights at Branch Security Committee (BSC) meetings, sharing incident trends, risk dashboards, and compliance posture.
• 🔍 Performed incident analysis, implemented process improvements, and aligned policies across multiple units.
• ✅ Identified and assessed key controls across multiple units, updated processes, conducted effectiveness testing, and recommended remediation strategies to ensure compliance with internal policies.
• 🤖 Assessed GenAI solutions for confidentiality, privacy, and policy alignment.
• 👥 Delivered knowledge transfer (KT) sessions to new joiners and strengthened communication through professional email drafting and stakeholder engagement.
• 🕵🏻‍♂️ (Potentially) Identified and addressed gaps in compliance processes, recommending updates to improve efficiency and strengthen control effectiveness.