Roshan Jacob

• Led information security and cybersecurity across the UAE branches (Dubai, Abu Dhabi, and Doha), reporting to Head Office (Italy) and Top Management.

• Chaired the quarterly cyber security and business continuity steering committee and presented the state of cyber security and future plans with the Top Management and Committee Members.

• Defined and implemented cyber security and business continuity objectives aligned with the Head Office's regulatory framework.

• Developed, implemented, and updated cybersecurity policies, rules, processes, and procedures. Conducted regular assessments to ensure adherence to security policies, procedures, and regulations.

• Developed and executed cyber security and business continuity training programs.

• Oversaw user access management processes to ensure security and compliance.

• Coordinated incident response activities to mitigate the impact of security breaches.

• Conducted regular business impact analyses to identify critical functions and dependencies.

• Worked closely with business units and IT teams to identify and address security risks.

• Collaborated with the Head Office to ensure alignment with corporate security standards and initiatives.

• Collaborated with project teams (Australia and UAE) to deliver SIS comprehensive service offerings, including OT security assurance and testing, threat and risk assessments, architecture design, governance implementation, OT-SOC monitoring, implementation, research, and training.

• Cultivated relationships with senior management to enhance their ability to deliver premium consulting services and solidify SIS as the leading industrial cyber specialist in Asia Pacific and the Middle East.

• Conducted high-level and detailed risk assessments of OT assets for a Train Operator in Australia, an Energy provider in Australia, and an Oil and Gas company in UAE, in accordance with IEC 62443 3-2 standard. Also developed detailed Contextual, Conceptual, and Logical Security Architecture for OT environments aligned with the SABSA framework.

• Cyber Security Governance: Developed cyber security strategies and implementation roadmap for multiple clients across various industries to ensure alignment of security objectives with the business goals and vision. Led the establishment of a Cyber Security Target-Operating Model (centralized risk based cyber security governance office) for a Global Industrial Manufacturing company, which included defining the cyber security services and capabilities, manpower, workforce planning using NIST NICE framework, FTE analysis, reporting structure, governance and interaction model, impact assessment. Led the establishment of the National Cyber Security Agency of Qatar which included benchmarking, threat, and target entity assessments. Developed the national cyber security strategy, the target operating model (including functional and positional org structure), target technology architecture, and supporting manuals.

• Cyber Security Risk Assessments: Led multiple Information Security Risk Assessments across various clients in line with international standards such as ISO27005, ISF IRAM, NIST, OpenFair. This included strategic prioritization of information security risks across people, process, technology while ensuring an asset-based methodology. Provided recommendations and treatment options including quick-wins and strategic needs to achieve client's 'to-be' vision.

• Cyber Security Compliance assessments and audits: Performed information security current state assessment to map the current infrastructure against ISO27001:2013, ISO27002, NESA, NIST CSF, ADSIC to identify gaps for clients across Middle East.

• Policies, Procedures and Standards: Developed multiple policies and procedures for clients across the region, in line with international best practices (sector based). Developed Security Standards ensure implementation of appropriate security controls in accordance with CIS Critical Security Controls, ISO27K, ISF Standards.