Summary
Overview
Work History
Education
Skills
Accomplishments
Affiliations
Certification
Languages
References
Timeline
Generic
Nasrin Sayed

Nasrin Sayed

Mumbai

Summary

Professional with total 28 year of experience. Passionate about establishing and implementing Information & Cyber security and Privacy control framework and management systems within organization and as per client requirements. Customer focused with 15 years of experience in consulting, delivering infosec and Cybersecurity based projects and security audits.
Leading and managing cyber security-based practices, implementing ISMS, performing Risk Assessment, Internal Audits, Privacy Impact Assessment, Gap assessment with respect to Data Protection.
Developing IS policies, standards, procedures and Guidelines.
Designing and developing IT Service Management Processes including Incident Management, Problem Management, Change Management, Policy Exception process.
Developing and implementing Business Continuity Policy and Process including developing, implementing, and testing BC and DR plans.

Overview

16
16
years of professional experience
1
1
Certification

Work History

Information Security /Data Privacy Officer

Protivitiglobal
Kuwait
01.2024 - 06.2024
  • Reviewing and assessing the applicable regulations with respect to information & Cybersecurity requirements for the bank.
  • Developing Gap Assessment Report
  • Updating the existing ISMS policies, standards, procedures and mitigate gaps.

Sr. Consultant

Ernst & Young Consultancy Co WLL
Kuwait
11.2022 - 08.2023
  • Worked as an onsite Contingent Work Manager for a reputed oil company in middle east, performed major tasks such as audit planning, coordinating and conducting ISO 27001:2013 internal Readiness audit, reviewing corrective Actions.
  • Reviewed and updated ISO Policies & Procedures, performing gap assessment in the existing IT Governance and Cybersecurity processes, and enhancing them with the help of process and service owners as per best practices and known frameworks.
  • Reviewed the technical security assessment reports (VA, PT and Security Configuration Reports) for IT Infrastructure and reporting gaps during audits.
  • Contributed towards improving IT assets onboarding / deboarding process for SOC monitoring by collaborating with different teams.

Sr. Consultant

EY India Technology Consulting
Gurgaon
04.2021 - 11.2022
  • Performed information security risk assessment including asset valuation, threat & vulnerability assessment, risk evaluation, security control evaluation and risk treatment planning and approval.
  • Performed ISO 27001 readiness and domain specific audits (BCP, Security Incident Management, Operation Security etc.).
  • Performed gap assessment with respect to draft PDPB and assisted client to develop framework including privacy governance, privacy policy, Data Protection Impact assessment and guided them implementing privacy controls as Data Controller.
  • Performed assessment on the applicability of IT ACT 2008 amendments and IT ACT rule 2011 within organization and recommended the security control requirements.

Lead – Risk & Compliance

AGS Transact Technologies Ltd.
Mumbai
02.2019 - 04.2021
  • Developed and implemented Risk Management process based on ISO 31000 within organization and carried out risk assessment for all divisions and group entities.
  • Developed organization wide Business Continuity Process ensured that all divisions within group entities have their business specific Business Impact Analysis, RTO and RPO defined for their critical business operations.
  • Scheduled yearly review of Business Continuity Plan, half yearly testing the BCP and meeting the customer contractual and regulatory compliance requirements.
  • Streamlined the cybersecurity Incident management process within organization and ensured timely reporting, logging, responding the security events, weaknesses.
    Developed and implemented Information Security Awareness for end-users and technical staff.
  • Developed and implemented infosec and cybersecurity policies as per standards and contractual requirements.

Information Security Consultant

Ernst & Young LLP
Bengaluru
09.2013 - 01.2019
  • Understanding the client requirements, scope finalizing and project planning (project scoping, estimating efforts, resource planning, team building, project deliverables).
  • Managing project kick off meetings, managing escalations, managing project milestone, scheduling, co-ordinating project activities, reviewing and monitoring project execution.
    Reviewing key project deliverables, providing guidelines, support, imparting knowledge, instructions, enhancing communications between the teams and stakeholders.
    Meeting with different stakeholders at customer place, understanding their pain areas, gathering data and interviewing IT personnel.
  • Developing policies, procedures, process flows based on ITIL, Cobit 5 frameworks.
  • Developed core competency within team, transformed existing ISMS to 2013 ISO standard, installed steering committee, communicated roles and responsibilities.
  • Developed risk management framework, performed RA, RTP and implemented action plans to meet security objectives.
  • Managed ISMS covering 2000 employees at 4 offices with more than 100 teams at Trivandrum and Kochi from Sep 2013 till Sep 2015.
  • Improved change management framework Evaluated and measured security controls for their effectiveness and arranged management review meetings and presented ISMS status to the MR.

IS Consultant

Sify Technologies Ltd.
Mumbai
10.2008 - 08.2013
  • Contacting new prospects and finding business opportunities, aligning with Sales Managers, visiting customers, and understanding their requirements, meeting stakeholders, understanding their pain areas and overall engagement objectives.
  • Developing proposals, participating in bidding process, finalizing engagement SOW, calculating efforts, Planning, resource planning, team building, defining deliverables, kick off meetings, Escalations & communications, milestone scheduling and project co-ordinating.
  • Reviewing, monitoring, and reporting progress, reviewing deliverables, providing guidelines and support, imparting knowledge, and instructions. Initiating customer feedback and planning for improvements.

Education

Post - Graduate Diploma in Management - Business Administration

Welingkar Education
Mumbai, MH
06-2017

BE in Electronics & Telecommunications - Engineering

Advanced Institute of Engineering & Management
Mumbai, MH
12-2010

Diploma in Computer Engineering - Engineering

M.H.Saboo Siddik Polytechnic
Mumbai, MH
05-1992

Skills

  • Information Security Risk management, IS Governance and Compliance
  • Business Continuity Management and Disaster Recovery
  • Third Party Risk Management, ISMS, ITSM, QMS
  • Project Management
  • well versed with ISO 27001, ISO 31000, NIST, GDPR, PCI DSS, ENISA, SCF, Cloud Security, OWASP top 10, Cobit 2005 & 2019, ITGC Controls

Accomplishments

  • Received Award for Highest Performing Team.
    Received 5-star rating/feedback from leaders.
    Bagged multiple projects from single customer.
    Received 100% highly satisfied customer feedback.
    Received Appreciation from COO/SBU Head.

Affiliations

deboardingProtivitiglobal

  • Responsive, connected and insightful. Maintain integrity, professional values.
  • Developed and implemented new risk management methodology across the organization & its group companies. This helped organization to close long pending audit NC.
  • Managed IT security testing program for a reputed telecom firm in India with 15 core competent team.
    Helped the telecom stakeholders to deliver secured critical IT services (Web & mobile applications) by timely security assessment and going live.
    Transitioned the existing ISMS at 4 offices of the organization with more than 100 services/sub services to new ISO 27001:2013 standard, 2014-15 this resulted that EYGSS Kerala became the 2nd ISO 27001:2013 certified across EY globe.
    Developed and established Cobit 5 based IT governance framework for a reputed oil refinery firm in Kuwait resulted consistent IT processes across 9 divisions and enabled them to deliver consistent IT services within organization.

Certification

  • CISM-certification-CISM-1118068
    CISA-certification-CISA-0974149
    CRISC-certification-CRISC-1620039
    ISO 27001:2022 LA - 149153
    ISO 22301 LA
    ISO 9001:2015 LA - ENR 00602648
    Certified PCI DSS Compliance Specialist (CPCS)
    ITIL V3 & V2
    Network Security Audit Workshop

Languages

Urdu
First Language
English
Proficient (C2)
C2
Hindi
Intermediate (B1)
B1
Marathi
Upper Intermediate (B2)
B2

References

References available upon request.

Timeline

Information Security /Data Privacy Officer

Protivitiglobal
01.2024 - 06.2024

Sr. Consultant

Ernst & Young Consultancy Co WLL
11.2022 - 08.2023

Sr. Consultant

EY India Technology Consulting
04.2021 - 11.2022

Lead – Risk & Compliance

AGS Transact Technologies Ltd.
02.2019 - 04.2021

Information Security Consultant

Ernst & Young LLP
09.2013 - 01.2019

IS Consultant

Sify Technologies Ltd.
10.2008 - 08.2013

Post - Graduate Diploma in Management - Business Administration

Welingkar Education

BE in Electronics & Telecommunications - Engineering

Advanced Institute of Engineering & Management

Diploma in Computer Engineering - Engineering

M.H.Saboo Siddik Polytechnic
Nasrin Sayed