Nasrin Sayed
Mumbai
Summary
Professional with total 28 year of experience. Passionate about establishing and implementing Information & Cyber security and Privacy control framework and management systems within organization and as per client requirements. Customer focused with 15 years of experience in consulting, delivering infosec and Cybersecurity based projects and security audits.
Leading and managing cyber security-based practices, implementing ISMS, performing Risk Assessment, Internal Audits, Privacy Impact Assessment, Gap assessment with respect to Data Protection.
Developing IS policies, standards, procedures and Guidelines.
Designing and developing IT Service Management Processes including Incident Management, Problem Management, Change Management, Policy Exception process.
Developing and implementing Business Continuity Policy and Process including developing, implementing, and testing BC and DR plans.
Overview
16
16
years of professional experience
1
1
Certification
Work History
Information Security /Data Privacy Officer
Protivitiglobal
Kuwait
01.2024 - 06.2024
- Reviewing and assessing the applicable regulations with respect to information & Cybersecurity requirements for the bank.
- Developing Gap Assessment Report
- Updating the existing ISMS policies, standards, procedures and mitigate gaps.
Sr. Consultant
Ernst & Young Consultancy Co WLL
Kuwait
11.2022 - 08.2023
- Worked as an onsite Contingent Work Manager for a reputed oil company in middle east, performed major tasks such as audit planning, coordinating and conducting ISO 27001:2013 internal Readiness audit, reviewing corrective Actions.
- Reviewed and updated ISO Policies & Procedures, performing gap assessment in the existing IT Governance and Cybersecurity processes, and enhancing them with the help of process and service owners as per best practices and known frameworks.
- Reviewed the technical security assessment reports (VA, PT and Security Configuration Reports) for IT Infrastructure and reporting gaps during audits.
- Contributed towards improving IT assets onboarding / deboarding process for SOC monitoring by collaborating with different teams.
Sr. Consultant
EY India Technology Consulting
Gurgaon
04.2021 - 11.2022
- Performed information security risk assessment including asset valuation, threat & vulnerability assessment, risk evaluation, security control evaluation and risk treatment planning and approval.
- Performed ISO 27001 readiness and domain specific audits (BCP, Security Incident Management, Operation Security etc.).
- Performed gap assessment with respect to draft PDPB and assisted client to develop framework including privacy governance, privacy policy, Data Protection Impact assessment and guided them implementing privacy controls as Data Controller.
- Performed assessment on the applicability of IT ACT 2008 amendments and IT ACT rule 2011 within organization and recommended the security control requirements.
Lead – Risk & Compliance
AGS Transact Technologies Ltd.
Mumbai
02.2019 - 04.2021
- Developed and implemented Risk Management process based on ISO 31000 within organization and carried out risk assessment for all divisions and group entities.
- Developed organization wide Business Continuity Process ensured that all divisions within group entities have their business specific Business Impact Analysis, RTO and RPO defined for their critical business operations.
- Scheduled yearly review of Business Continuity Plan, half yearly testing the BCP and meeting the customer contractual and regulatory compliance requirements.
- Streamlined the cybersecurity Incident management process within organization and ensured timely reporting, logging, responding the security events, weaknesses.
Developed and implemented Information Security Awareness for end-users and technical staff. - Developed and implemented infosec and cybersecurity policies as per standards and contractual requirements.
Information Security Consultant
Ernst & Young LLP
Bengaluru
09.2013 - 01.2019
- Understanding the client requirements, scope finalizing and project planning (project scoping, estimating efforts, resource planning, team building, project deliverables).
- Managing project kick off meetings, managing escalations, managing project milestone, scheduling, co-ordinating project activities, reviewing and monitoring project execution.
Reviewing key project deliverables, providing guidelines, support, imparting knowledge, instructions, enhancing communications between the teams and stakeholders.
Meeting with different stakeholders at customer place, understanding their pain areas, gathering data and interviewing IT personnel. - Developing policies, procedures, process flows based on ITIL, Cobit 5 frameworks.
- Developed core competency within team, transformed existing ISMS to 2013 ISO standard, installed steering committee, communicated roles and responsibilities.
- Developed risk management framework, performed RA, RTP and implemented action plans to meet security objectives.
- Managed ISMS covering 2000 employees at 4 offices with more than 100 teams at Trivandrum and Kochi from Sep 2013 till Sep 2015.
- Improved change management framework Evaluated and measured security controls for their effectiveness and arranged management review meetings and presented ISMS status to the MR.
IS Consultant
Sify Technologies Ltd.
Mumbai
10.2008 - 08.2013
- Contacting new prospects and finding business opportunities, aligning with Sales Managers, visiting customers, and understanding their requirements, meeting stakeholders, understanding their pain areas and overall engagement objectives.
- Developing proposals, participating in bidding process, finalizing engagement SOW, calculating efforts, Planning, resource planning, team building, defining deliverables, kick off meetings, Escalations & communications, milestone scheduling and project co-ordinating.
- Reviewing, monitoring, and reporting progress, reviewing deliverables, providing guidelines and support, imparting knowledge, and instructions. Initiating customer feedback and planning for improvements.
Education
Post - Graduate Diploma in Management - Business Administration
Welingkar Education
Mumbai, MH06-2017
BE in Electronics & Telecommunications - Engineering
Advanced Institute of Engineering & Management
Mumbai, MH12-2010
Diploma in Computer Engineering - Engineering
M.H.Saboo Siddik Polytechnic
Mumbai, MH05-1992
Skills
- Information Security Risk management, IS Governance and Compliance
- Business Continuity Management and Disaster Recovery
- Third Party Risk Management, ISMS, ITSM, QMS
- Project Management
- well versed with ISO 27001, ISO 31000, NIST, GDPR, PCI DSS, ENISA, SCF, Cloud Security, OWASP top 10, Cobit 2005 & 2019, ITGC Controls
Accomplishments
- Received Award for Highest Performing Team.
Received 5-star rating/feedback from leaders.
Bagged multiple projects from single customer.
Received 100% highly satisfied customer feedback.
Received Appreciation from COO/SBU Head.
Affiliations
deboardingProtivitiglobal
- Responsive, connected and insightful. Maintain integrity, professional values.
- Developed and implemented new risk management methodology across the organization & its group companies. This helped organization to close long pending audit NC.
- Managed IT security testing program for a reputed telecom firm in India with 15 core competent team.
Helped the telecom stakeholders to deliver secured critical IT services (Web & mobile applications) by timely security assessment and going live.
Transitioned the existing ISMS at 4 offices of the organization with more than 100 services/sub services to new ISO 27001:2013 standard, 2014-15 this resulted that EYGSS Kerala became the 2nd ISO 27001:2013 certified across EY globe.
Developed and established Cobit 5 based IT governance framework for a reputed oil refinery firm in Kuwait resulted consistent IT processes across 9 divisions and enabled them to deliver consistent IT services within organization.
Certification
- CISM-certification-CISM-1118068
CISA-certification-CISA-0974149
CRISC-certification-CRISC-1620039
ISO 27001:2022 LA - 149153
ISO 22301 LA
ISO 9001:2015 LA - ENR 00602648
Certified PCI DSS Compliance Specialist (CPCS)
ITIL V3 & V2
Network Security Audit Workshop
Languages
Urdu
First Language
English
Proficient (C2)
C2
Hindi
Intermediate (B1)
B1
Marathi
Upper Intermediate (B2)
B2
References
References available upon request.
Timeline
Information Security /Data Privacy Officer
Protivitiglobal
01.2024 - 06.2024
Sr. Consultant
Ernst & Young Consultancy Co WLL
11.2022 - 08.2023
Sr. Consultant
EY India Technology Consulting
04.2021 - 11.2022
Lead – Risk & Compliance
AGS Transact Technologies Ltd.
02.2019 - 04.2021
Information Security Consultant
Ernst & Young LLP
09.2013 - 01.2019
IS Consultant
Sify Technologies Ltd.
10.2008 - 08.2013
Post - Graduate Diploma in Management - Business Administration
Welingkar Education
BE in Electronics & Telecommunications - Engineering
Advanced Institute of Engineering & Management
Diploma in Computer Engineering - Engineering
M.H.Saboo Siddik Polytechnic
Similar Profiles
Hardik ShahHardik Shah
Representative - South Asia at EHL Hospitality Business SchoolRepresentative - South Asia at EHL Hospitality Business School
Shivam BhatShivam Bhat
Senior Consultant at EYSenior Consultant at EY
HARISHARAN KUMARHARISHARAN KUMAR
Manager – Business Analytics & Operations at Cipla Ltd.Manager – Business Analytics & Operations at Cipla Ltd.
SUYOG WAMANSUYOG WAMAN
Sr. Java Developer at Sydney Trains | Wayside Information ManagementSr. Java Developer at Sydney Trains | Wayside Information Management
Rula AwawdehRula Awawdeh
Data Protection Officer - Information Security, Privacy, Risk Management & Compliance at THE WORLD BANK GROUPData Protection Officer - Information Security, Privacy, Risk Management & Compliance at THE WORLD BANK GROUP