Abin Marydasan

Experience in handling the UAE reputed clients in UAE as a Virtual CISO, Strategizing the organization governance and information security program. Creating and Reviewing the policies and procedures for Information security program in the organization. Governing the entire program by managing a team Cyber Security Red Team assessment, Cloud Assessment. Implementing the policy, process documents for BCMS and perform through BIA by understanding the business critical process. Restructuring the process as per the UAE regulatory best practice following the NCEMA, NESA, ADHICS, CB UAE IA, and compliance. Training the internal Business development team and the marketing team about the technology services. Creating the proposals and communicating with the client on our services. etc.

Handled Clients in UAE Dubai Insurance, Mubadala M42, Mawarid Finance, Borouge, etc.

Multiple UAE project delivery manager, managing start to finish, including planning, scheduling, risk management, resource allocation, communication with stakeholders. Developed the Risk management framework NIST, ADHICS and ADGM compliance regulations. Penetration testing, application vulnerability assessment, network vulnerability assessment and exploitations, offensive security, Configuration Review, Application End to End Review, O365 audit, and Application compliance audit. Develop and implement Information Security Framework that includes policies, standards and processes based on international standards like ISO27001, ISO 27701, HIPPA as well as legal and regulatory requirements (e.g. NESA, GDPR, ADGM, ADHICS) ensuring its policies and procedures are adopted. Customer-focused approach on consulting and advising to improvise their Information security controls, standards and process by ensuring business is not impacted. Define and implement clear success metrics to monitor and evaluate program performance, ensuring that outcomes align with intended objectives and goals. Handled Clients in UAE Emaar, NBF, xCube, Lulu Hypermarket, Orient Insurance, DFM, etc.

Vulnerability and penetration testing for all regions Networks, Systems, Applications, ATM Terminals, Swayam Kiosk. Develop and implement programs aimed at teaching company staff about security protocols. Performed application security architecture review and provided the approved on the change request. Reporting the non-conformity of the products specifications with the ISO requirements. Understanding of cyber security risks and threats. ISO 27001 Vulnerability, SIEM Security Tools. Preparing Incident report of all critical findings closed the points as per policy Web application Security Assessment by OWASP 10, SANS Top 25. Test Methodology as Grey, White and Black Test approach with Proof of Concept of the attack. Following the approach quarterly scanning both Internal External Assets.