Summary
Overview
Work History
Education
Skills
Certification
Technical Skills
Security Clearance
Timeline
Generic

Syed Naqvi

Lead Cyber Security Compliance Manager
London,Essex

Summary

To progress my career in Information security within a progressive and growing organization where my enthusiasm, capability, and performance can make an impact on the organization’s growth.

Overview

23
23
years of professional experience
5
5
Certifications

Work History

Lead Cyber Security Compliance Manager

PostOffice
03.2019 - Current
  • Lead PCI DSS, ISO27001, and Cyber Essential Plus compliance program for the business (Retail and Digital platforms)
  • Review PCI-related projects (ATM, Ecommerce, Mobile Application, Moto, P2PE, AWS) architecture designed and proposed changes to ensure compliance requirements were not breached and support project teams during the planning, technical review, and deployment phase
  • As PCI subject matter expert leads the PCI improvement and P2PE implementation projects throughout the PostOffice complex (11500 branches and back office) environment to manage banking and retail services
  • Working closely with relevant internal and external stakeholders (Head of Functions, CISO, DPO, SOC, Finance, Legal, Procurement, Suppliers, etc.) to ensure that compliance is maintained as a BAU process
  • Liaised with external QSA to ensure that proposed changes would not break existing compliance levels
  • Analysed and evaluated work performed by 3rd party merchandisers to ensure compliance with the contractual agreement
  • Reviewed cloud-based cardholder data (AWS) environment to validate security controls comply with PCI DSS standards
  • Analysed end-to-end security boundaries and made recommendations based on services provided/agreed (PaaS)
  • Conducting data security controls assessment (data encryption, access controls, monitoring and alerting, Incident management, etc.)
  • Working with the support team on daily basis to achieve PCI DSS compliance requirements.

Information Security Officer / Manager

HireRight
03.2016 - 03.2019
  • Designed and implemented enterprise-level international programs to reduce information security risks fulfill regulatory and legal obligations and developed and implemented strategies for information protection
  • Maintains the security policies, standards, procedures and supporting documentation, taking account of current best practices, legislation and regulation as well as ensuring adoption across the directorate
  • Lead and achieve ISO27001 implementation and certification projects for EMEA and APAC
  • Developed monthly and quarterly scorecards to provide leadership timely and accurate information reflecting the state of the business
  • Design and maintain the third-party information security prog to ensure that appropriate assurance is obtained from all third parties processing data
  • Working with the client’s management and technical teams, undertaking risk, compliance, privacy, and third-party supplier assessments
  • Monitor information security systems to effectively protect the availability, integrity, and confidentiality of all corporate and customer data and to ensure compliance with all information security policies, procedures, and best practices
  • Working with cross-functional teams to implement and deployed security solutions to ensure the overall objectives of the enterprise-wide security program were met or exceeded
  • Monitors the development within application security and ensures that the development processes are consistent with standard industry practices, such as OWASP and ISO27034
  • Perform day-to-day administration and management of security related activities as necessary - ensuring security controls in place within the firm's (Forcepoint, Proof Point, McAfee SIEM, NIPS, Netwrix and McAfee ePos) technology estate are providing satisfactory protection
  • Conducted internal controls assessments and audits to ensure operations met company standards while minimizing risk
  • Actively identifies emerging vulnerabilities, evaluates the associated risks and threats and provides countermeasures where necessary, including revising configuration standards and operational procedures.

Information Security Consultant

Trustwave
03.2015 - 03.2016
  • As a PCI consultant (QSA) manage the15 globally recognized clients and assess their payment process and card-holders data protection process and procedures
  • Sharing expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security
  • Identify client security risks within their operational environment and determine appropriate remediation based on business risk appetite that protects information assets from loss, misuse, leakage or corruption
  • Perform compliance activity on client systems and business processes to assess the levels of security control and identify gaps to address
  • Build successful working relationships with team members, key customers and stakeholders that improves the value of the security services being performed.

Security and Compliance Analyst

Truphone Ltd
08.2012 - 02.2015
  • Responsible for Enterprise Information Security Risk Management and Compliance by performing gap analysis, understanding business issues and concerns, determining business and security requirements, designing architecture and applying Information Security Technologies to mitigate risk and ensure compliance
  • Lead ISO27001 implementation and certification process within Truphone-wide (EMEA)
  • Monitor the output of our security tools that identify security incidents and breaches, allocating to resolution teams and escalating for management attention if appropriate
  • Arrange for external resources to carry out penetration testing and third-party assessments
  • Review, update and create corporate policies and standards as dictated by compliance programs and reviews security controls from third party vendors that will be hosting sensitive data
  • Responsible for managing business information security risks; ensuring that adequate controls are defined, owned and implemented to reduce risks to an acceptable level
  • Monitoring the effectiveness of Truphone’s information security arrangements; coming up with improvement plans where necessary and reporting to senior executive management, on the effectiveness of information security arrangements in the business
  • Responding to information security incidents including internal events and targeted threats
  • Conducted internal controls assessments and audits to ensure operations met company standards while minimizing risk
  • Support of the Business Continuity Manager by: Being an active Business Continuity representative tasked with the role in proposing and developing risk mitigation strategies designed to protect Truphone information assets during an event
  • Providing the coordination of Business Continuity response to the requirements outlined in the ISO 27001 standard.

Information Security Consultant

Axone System Ltd
10.2011 - 08.2012
  • Design and Implement security policies, controls and against the ISO27001 standards
  • Provide assistance on information security risk and control throughout the organisation and promoting the commercial advantages of managing information security risks
  • Engage directly with the Projects team to review new projects and initiatives, ensuring security requirements are captured and managed through to implementation
  • Conduct IS Audit to ensure company's assets, compliances, data processing methods and security controls in function.

Information Security Consultant

Tax Direct Ltd
05.2010 - 09.2011
  • Reported to Head of Compliance, and provided leadership and oversight of ISO 27001 and PCI project including planning, implementation, budgets and project closure
  • Managed information security program that ensured security became engrained in planned and ongoing IT and processes
  • Developed the Information Security - Regulatory and Assurance Management function which coordinated a central response capability for all Information Security related compliance, such as the ISO27001, ISO 27005 SOC-II and Internal/External Audit
  • Developed information security policies and procedures in compliance with corporate security requirements.

IS Consultant (PCI DSS)

Registration Transfer Ltd
02.2010 - 04.2010
  • Provided consultancy to Registration Transfer Ltd in order to design and implements PCI DSS policies and procedures
  • Input and co-ordination on high severity incidents across RTL including engaging with key stakeholders in the incident handling process
  • Conduct penetration testing to monitor and improved compliance security
  • (Web Application)
  • Established security policies and procedures according to the PCI standard, and conducted security education for business-wide.

Information Security Administrator

London Borough of Southwark
10.2008 - 01.2010
  • Carry out annual operation Risk Assessment Process and analyzing, account provisioning, system logging, and monitoring management and update of the Risk Control Assessment within the LBS’s
  • Optimized change management resulting in a 100% reduction in major outages, increased customer confidence and faster delivery of solutions
  • Implemented a new engagement model that drives better integration of security services with business objectives
  • Changed perception of security being a hindrance and increased customer satisfaction
  • Established security policies and procedures, and conducted security education for executive management, operations, finance and IT staff.

Security Supervisor

Coca-Cola Enterprise
01.2005 - 10.2008
  • Implemented a new engagement model that drives better integration of security services with business objectives
  • Changed perception of security being a hindrance and increased business partners’ satisfaction
  • Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks
  • Established policies, SOPs, and security standards by International Security (ISO 27001, NIST) standards
  • Conducted security audits and implemented improved controls and processes.

Network Engineer

Cisco Ltd
12.2000 - 09.2003
  • Planning, designing, and implementing network devices (Cisco Firewalls and Switches)
  • Monitoring the network firewall, assessing the functionality of the network routers, and ensuring all Internet security software is updated regularly
  • Improved network performance by 50% through monitoring and app prioritization
  • Developing and implementing company email policies by the IT Manager.

Education

M.Sc in Broadband and High-Speed Data Communication - undefined

University of Westminster, London
01.2006 - 1 2007

Diploma in Business Administration - undefined

London College of Science and Technology
01.2003 - 1 2004

Bachelor of Computer Science - undefined

Allama Iqbal Open University
01.1997 - 1 2000

Skills

Good experience in internal and vendor risk managementundefined

Certification

CISSP trained

Technical Skills

  • Good Understanding of Applications development / OS / Database / Network.
  • IT Governance, Risk Management, Internal / External Audit, 10 Years
  • ISO27001 (ISMS) designing and Implementation, 10 Years
  • PCI DSS Implementation, 10 Years
  • PCI P2PE, 5 Years
  • AWS Security 3 Years
  • SIEM, Email Gateway, Force Point, Proof Point, Netwrix, NIPS, 2 Years
  • HSM (PKI), 1 Year

Security Clearance

CTC cleared and used to work as a Volunteer with Met Police

Timeline

Lead Cyber Security Compliance Manager

PostOffice
03.2019 - Current

Information Security Officer / Manager

HireRight
03.2016 - 03.2019

Information Security Consultant

Trustwave
03.2015 - 03.2016

Security and Compliance Analyst

Truphone Ltd
08.2012 - 02.2015

Information Security Consultant

Axone System Ltd
10.2011 - 08.2012

Information Security Consultant

Tax Direct Ltd
05.2010 - 09.2011

IS Consultant (PCI DSS)

Registration Transfer Ltd
02.2010 - 04.2010

Information Security Administrator

London Borough of Southwark
10.2008 - 01.2010

M.Sc in Broadband and High-Speed Data Communication - undefined

University of Westminster, London
01.2006 - 1 2007

Security Supervisor

Coca-Cola Enterprise
01.2005 - 10.2008

Diploma in Business Administration - undefined

London College of Science and Technology
01.2003 - 1 2004

Network Engineer

Cisco Ltd
12.2000 - 09.2003

Bachelor of Computer Science - undefined

Allama Iqbal Open University
01.1997 - 1 2000

Similar Profiles

CREATE PROFILE
Syed NaqviLead Cyber Security Compliance Manager