rajiisrael

Managed comprehensive information asset identification, classification, and dependency mapping program, resulting in significant improvements in cyber resilience and risk mitigation. Key achievements and benefits include enhanced security posture, proactive risk management, regulatory compliance, incident response optimization, resource optimization, stakeholder communication, and third-party risk management. ● Oversaw the migration of physical servers to a virtualized environment for a Tier II National bank, prioritizing cybersecurity considerations to ensure the integrity and confidentiality of data throughout the transition process. ● Conducted a comprehensive IT Infrastructure and Information Security Audit for an IPTV start-up, specifically evaluating the cybersecurity posture of the existing infrastructure. Identified security gaps, challenges, and areas of improvement and proposed recommendations for infrastructure and technology upgrades to ensure robust cybersecurity control measures are in place. ● Conducted vulnerability assessments and penetration testing for clients in the oil and gas sector, proactively identifying and recommending security vulnerability remediation plans to enhance the organizations’ cybersecurity resilience. ● Conducted an IT infrastructure and operations management audit for a major healthcare service provider, emphasizing the importance of cybersecurity. Consolidated technology and infrastructure assets across the network and data center, implementing security controls and safeguards to protect sensitive data (PHI and PII) and critical systems. compliance. Additionally, I oversaw the comprehensive audit process, identifying areas for improvement and recommending necessary measures to enhance industry-wide cybersecurity. ● Led the team in selecting an SD-WAN technology solution (Fortinet) for the financial service industry, with a strong focus on security. Conducted a thorough evaluation of vendors' cybersecurity capabilities and ensured the chosen solution met stringent security requirements. ● Conducted IT security audits on deployed private and public cloud (IAAS, PAAS) services using ISO and NIST frameworks, identifying and addressing any security gaps or non-compliance issues to ensure a robust and secure cloud environment.

● Responsible for remediating identified vulnerabilities and ensuring patches and updates are applied to network devices and systems. ● Responsible for all aspects of information systems, data availability, integrity, authentication, confidentiality, and non-repudiation implementation. ● Ensured Information system security principles are applied as roll out to all systems before deployment. ● Maintained a comprehensive inventory of all hardware, software, supplies, and documentation for the IT infrastructure assets [servers, network, wireless access points]. ● Led the implementation of ISO 27001 policies and standards across the data centre’s complex IT infrastructure, ensuring compliance across the enterprise, employees and clients including change management and access control, to maintain security and operational integrity. ● Developed and documented security policies, procedures, and guidelines aligned with ISO 27001 and NIST 800-41 requirements, resulting in improved clarity and consistency in security practices. ● Hardening of Checkpoint firewall and network security posture leveraging NIST 800-41. ● Facilitated training sessions and workshops to raise awareness of information security best practices, resulting in increased compliance and improved employee adherence to security policies. ● Worked with the GRC team on implementing Technology Risk Management leveraging NIST 800-53, identifying, assessing, and managing risks across the technology estate and third-party vendors, this resulted in a 50% reduction in security incidents. ● Maintained ongoing ISO standards compliance through regular internal audits, reviews, and updates to adapt to evolving security threats and regulatory requirements. ● Deployed and implemented observability across the IT infrastructure by using elastic SIEM, this improved visibility and performance monitoring by monitoring and analysing data from 100+ systems and applications, resulting in a 20% increase in incident detection rate and achieving a 99.9% uptime for critical services through proactive monitoring and early detection of potential issues.

Played a pivotal role as a Pioneer Team member of the University's ICT team, contributing to the deployment of a Tier I infrastructure to support University services. This infrastructure enhancement resulted in significant improvements in cybersecurity, strengthening the University's defence against cyber threats. ● Designed, implemented, and maintained the University Campus LAN and WAN, integrating robust cybersecurity measures, Juniper SRX firewall hardening to protect network resources and sensitive data. ● Utilized VMware vSphere ESXi to virtualize servers, improving the flexibility, scalability, and resilience of the University's infrastructure while implementing appropriate security measures to mitigate virtualization-related risks. ● Set up, configured, and administered a range of servers for various purposes, emphasizing cybersecurity best practices. This included Linux (Ubuntu Server OS) and Microsoft Windows Server 2008 environments, implementing security measures leveraging NIST controls to protect against unauthorized access and vulnerabilities. ● Deployed critical network services such as routing and switching technologies, VLANs, Inter VLANs routing, VPN (IPSec, PPTP), routing protocols, web caching/proxy, hotspot, QoS, DNS, NATs, PAT, and automation of services, ensuring robust security measures were implemented to mitigate cybersecurity risks. ● Administered, monitored, and supervised the University's LAN and WAN services, continuously monitoring for potential security incidents, and promptly responding to and mitigating any cybersecurity threats and incidents. ● Design and implementation of threats and incident playbook leveraging NIST and CIS controls. ● Provided comprehensive training to university staff members on various IT-related courses, emphasizing cybersecurity awareness, best practices, and incident response protocols.