Shereef K.

Abbas
P.O. Box # 50000 | Dubai | UAE Mobile: +971 508 335 335 | Email: shereef@shereef.com | www.shereef.com

Manager - Information Security, Risk Management, Assurance & Compliance

Strong track record of generating extraordinary performances in a competitive scenario Qualified Information Security professional with prestigious CISSP, CISA, CRISC and SCSP credentials offering over 13 years of well rounded progressive experience entailing: 12+ years IT Infrastructure Setup and Management, Technology Resource Administration, IT Security and Operations 2+ years supporting banking systems and network 5+ years Enterprise Security and Project Management 4+ years in setting up and managing BS7799/ISO27001, EMV, VISA & MasterCard compliant IT Infrastructure and Information Security Management System (ISMS). Possess an effective combination of business, IT and Information Security skills. Currently spearheading functions as Information Security Officer with Electronic Documents Centre LLC, Dubai. Hands-on experience in leading all stages of Information Security Management System across Scope Development, Risk Assessment, Policy and Procedure Development, Implementation, Training/Awareness, Auditing, Corrective/Preventive Actions. Proficiency in developing Information Security Policies, Standards, Guidelines, Technical Controls, Cryptographic Key Management Policies and Procedures. Performed Information Security Audits, Risk Assessments and Risk/Information Classifications. Proficiency in wide variety of IT systems and network applications. Rich corporate experience in securing and troubleshooting systems and networks. Superior communication and interpersonal skills, multitasking with an ability to interact with a wide range of people Areas of specialization include: Plan-Do-Check-Act Policy & Procedure Development Vendor/Client Negotiation IT Operations Incident Management Disaster Recovery Planning Strategic Planning Risk Management Internal Audit & Vulnerability Scans Information System Control Evaluation BS7799/ISO27001 Standards Change/Configuration Management Training & Awareness Development Project Management Business Impact Analysis Cryptographic Key Management Information Security Budgeting VISA, MasterCard, EMV Standards Business Continuity Planning Team Development Cross Functional Coordination

Skills Summary: Secure multi-vendor systems & network design, implementation, integration and support; standards based Physical/Logical Security Compliance & Auditing; Technical Controls & Process Development.

Standards: EMV, VISA & MasterCard Card Personalization; BS7799/ISO27001, Acquaintance with PCI DSS, HIPAA, COBIT, ITIL/ITSM Platforms: Microsoft Windows, UNIX, Linux, Solaris, Netware, Cisco IOS/ASA, Symantec, McAfee, Juniper ScreenOS, HP Procurve, Proliant, TippingPoint IDS/IPS Applications: Microsoft Exchange, SQL, ISA, System Centre Operations Manager, Data Protection Manager, Configuration Manager, Citrix, Oracle, Lotus Domino & Notes, Automate Business Process Automation (BPA), WS_FTP, SFTP, FTPS, BackupExec, SafeGuard, and Windows Certificate Authority (CA). Networking: TCP/IP, ISO/OSI, Ethernet, IPSec/SSL VPN, SSH, PGP, PKI, RADIUS, SNMP Tools: Network/Performance Monitoring, Configuration Managers, Network Management and Support Products, GFI/McAfee Vulnerability Scanning Tools, Patch Management, HIPS, McAfee/Symantec Enterprise Security

Awards & Accolades: Received Appreciation letter from Electronic Documents Centre LLC CEO Rated as Excellent and promoted 2 times in 4 years at Electronic Documents Centre LLC Appreciation by external auditors from VISA and MasterCard Appreciated by Universal Aviation and Sharjah Airport Free Zone for the excellent troubleshooting of systems and recovery of critical data while working at Emitac Seeking a challenging career at a Management level in the field of Information Security, Risk Management, Assurance & Compliance within reputed organizations

Executive Highlights

Shereef K. Abbas

Responsible for the implementation and certification of BS7799/ISO27001, EMV, VISA and MasterCard standards at Electronic Documents Centre LLC, Dubai Strong IT/business experience and knowledge in clarifying business requirements and designing IT Processes and system improvements to increase productivity and reducing cost, thereby improving the ROI of the organization. Adept in Designing Security Solutions with experience of establishing vendor networks, forging strategic alliances & partnerships and ensuring SLA`s are met with both internally and from external agencies Track record and a strong sense of dedication driven towards accomplishing challenging goals with "persistent commitment" in secure network design, systems integration and support. Rated excellent in performance reviews throughout the career Chief security architect designing state of the art technologies enabling business requirements to meet compliance, and maintain 24 x 7 operations. Developed security frameworks, architectures and solution blue prints for emerging technologies and standards to support business objectives Accurately mapped business requirements; successfully executed Corporate Security Policy, Awareness and Training programs and developed Incident Response, Disaster Recovery and Continuity of Business plans Acknowledged for efficiently managing security projects worth 8 million that centralized access management, monitoring, control and reporting, improved both physical and logical security, compliance and productivity while reducing administrative overhead and unwanted expenditure

Career Progression
Information Security Officer Aug 2006 Present Electronic Documents Centre, Dubai: Subsidiary of Emirates Post Group Holding, offering variable data printing, magnetic and chip card personalization and fulfilment. Key Responsibilities: Maintain EMV, VISA, MasterCard and BS7799/ISO27001 standards compliance and related certifications. Entrusted to lead a team of 7. Reports to CEO on the health of the ISMS. Function as consultant to the management in aligning business requirements with IT and Information Security requirements; prepare and manage budgets average AED1.2 million Develop Security Policies and Procedures. Conduct periodic Reviews of Systems, Network devices, Access Control System Logs, CCTV and business processes. Review of security rules and policies on network and security devices Conduct internal vulnerability scans and lead auditing, analyse root cause, create reports for management with suggestions for preventive/corrective actions. Evaluate controls before and after implementation to ensure effectiveness. Lead Information Security Council, assign tasks, coordinate risk assessment, policy implementation, training, audit, preventive and corrective actions; follow up to ensure completion of tasks within the specified time and cost. Liaison with vendors, service providers, external vulnerability/penetration testers and oversee MasterCard, VISA, ISO and other external audits. Responsible for cryptographic keys; select and train key custodians, ensure confidentiality, integrity and availability of keys. Coordinate customer key ceremonies and maintain records, logs and reports Key Achievements: Fast track promotions through a series of responsible positions, performance based, promoted 2 times in 5 years. Compliance with VISA and MasterCard requirements for card personalization within 4 months and EMV and BS7799/ISO27001 compliance within a year of joining. Redesigned the entire physical & logical infrastructure to comply with the above standards, cut 8% of costs and to simplify management, monitoring and control of Information Processing Systems with minimal impact on business. Achieved 14% reduction in operational and management costs by effectively managing IT Operations, Information Security Management System, redesigned IT infrastructure, and access control system, frequent training, well negotiated service contracts and strict SLAs. Improved the efficiency of IT Operations by initiating the development of operations manual, asset inventory, problem tracking, scheduled maintenance and training Merged and simplified policies and procedures to ease distribution, implementation, review and management; Merged individual audit programs to increase efficiency of VISA, MasterCard and ISO27001 compliance audits Developed Risk Management Framework, Incident Response Plan and Cryptographic Key Management documents that were appreciated by VISA and MasterCard auditors as one of the best they have seen. Managed CCTV, Access Control System, Storage, Virtualization, e-statement and EMV projects worth $1.2m
Shereef K. Abbas 2

Sr. System Engineer Emitac: HP Authorized Service Partner

Aug 2004 Aug 2006

Key Responsibilities: Accountable for providing solutions, pre-sales, project implementation and support. Key Achievements: Supported corporate clients such as SEWA, Sharjah Islamic Financial Services, United Aviation, Sharjah Airport Free Zone, WS Atkins, Belhoul, Dubai Sports City and DFM. Managed projects worth up to 6 million in areas such as share brokerage, hospital, government and construction. Secured over 3 million in business within the first year. Highly appreciated by management of SAIF Zone, United Aviations for successful data and application recovery using innovative methods. Promoted to Sr. System Engineer within a year Independently designed & installed High Availability Clusters for Messaging, Database & Web Successfully implemented Centralized Management and Security of Users, Resources and Access using Active Directory & Group Policy. Designed Multi Domain, Multi Forest, Multi OS, Multi Vendor Networks Auditing and Evaluation of Systems, Network and Users. Security/Awareness Training for Users and Management. Helped develop Security Policies to meet Customers Business Requirements Prior Experiences IT Support Engineer, United Arab Bank Jan 2002 Aug 2004

Actively involved in the Migration of Lotus Domino/Notes to Exchange 2000/Outlook and SQL Server 7.0 to 2000. Designed and Executed NT 4.0 to Windows 2000 Active Directory migration Efficiently setup replication of SQL data from H.O. to branch offices which helped improve overall network performance and cut leased line costs Extended support to the Audit department in finalizing Information Security Policies and Procedures for the bank Initiated inventory of IT Systems/Resources across the bank branch offices & HO in an attempt to cut down the overall IT expenditure and to further improve the Return of Investment (ROI). Involved in IT Budgeting Apr 1998 Aug 2001

Systems & Network Engineer, Nortech Infonet Pvt. Ltd

Educational Qualifications
Masters in Computer Security University of Liverpool, UK Pre-Degree (+2), M.G. University, Kerala, India 3 Years Diploma (Fulltime) in Mechanical Engineering State Board of Technical Education, Kerala, India 2009 - Present 1993 1995 1995 1999

Professional Certifications: CISSP, CISA, CRISC, SCSP, MCSE: Security, CIW Security Analyst, MCSE: Messaging, MCDST, MCDBA, Oracle OCP DBA, Cisco CCNP, CCDP & WLAN Design Specialist, Citrix CCEA, Solaris SCSA/SCNA, HP AIS/ASE, RABQSA Certified Competent Lead Auditor for ISO27001, ISO9001, ISO20000 & BS25999 Training & Seminars: VISA PIN Security, VISA Physical Security, ISO27001, ISO9001, ISO20000 & BS25999 Lead Auditor iSAFE 2010, McAfee Change/Application Control (SolidCore) VISA PCI BS25999: Business Continuity Implementation Workshop PMP Secure Middle East (SecuME) Windows 2003 Security Implementing ISA Server 2004 Windows 2003 Active Directory Affiliations: (ISC)2, ISACA, PMI

Personal Details
Date of Birth: Nationality: Marital status: Languages Known: Licence Details:
Shereef K. Abbas

30th May 1978 Indian Single English, Hindi & Malayalam Valid UAE Residence VISA and Driving License
3

References available on request

Shereef K. Abbas