INFORMATION SECURITY OFFICER (ISO)

ING Direct
Reading, United Kingdom

NOVEMBER 2004 – DECEMBER 2008

 
  • Responsible for the management and supervision of security measures to protect customer and company data.
  • Working with the business to ensure that information assets are protected at levels appropriate to its value and criticality.
  • Designed and implemented an Information Risk and Technology Risk framework within the bank – Information Security / Technology Risk Policy creation, Guidelines and policy implementation support.
  • Creation and maintenance of User Class Matrices for applications to map user roles [RBAC] to application and system functionality.
  • Created and defined a process to allow the encryption (PGP) of ad-hoc files being transferred to external parties.
  • Customer awareness – Designed and managed the structure and content of the customer security awareness area of the commercial website.
  • Cybercrime – Customer authentication – anti-malware prevention – design and implementation of Mouse based keypad using random image positions and server side digit identification in order to mask PIN digits from client side.
  • Implementation of real time fraud detection and prevention system within the bank.
  • Design and implementation of Joiners, Movers and Leavers [JML] user access process to ensure correct levels of access provided and revoked as employees change role.
  • Design and implementation of a User Access Review process to report to line managers the access [Roles] assigned to their staff to allow them to review and approve or change currently assigned roles and permissions.
  • Setup the Ethical Hacking framework and process in order to Detect, Assess and correct security vulnerabilities via Penetration Testing, Application Assessment and Code Reviews.
  • Part of project team implementing Mortgage services to the bank. Focusing on ensuring that the services are robust and comply with Information Risk requirements.
  • Implementation of Card services inline with PCI DSS, ensuring that anti-fraud and Card security rules are in place to match the card security strategy.
0