SR. SECURITY PROGRAM MANAGER
BOOKING.COM
Skills
RSA, ServiceNow, data security, Workday HCM, SoX, Information Security, Data protection, encryption, PIA, software tool, Cloud, Cloud Security, RSA Archer, Symantec CCS, Privacy management, One Trust Venderopedia, Data Mapping etc, Shell Project Delivery Framework (PDF), ADM, Accenture Delivery Methods, Accenture Client, NIST Cybersecurity, ISO27k, COBIT, PCI/DSS, RMF 2.0, OWASP, Agile, JIRA, DevOps methodologies, MS Office tools, LAN, WAN
Project history
04/2021
-
12/2021
Managing the program in implementation of Cybersecurity controls covering EBA, Payment Services
Directive 2 ("PSD2") and Electronic Money Directive 2 ("EMD2") legislative requirements, in order to
apply for an E-money license for UK, Ireland and US markets.
Worked closely with Booking.com and BHFS CISOs, CTOs and other senior stakeholders implementing
security controls and requirements.
Directive 2 ("PSD2") and Electronic Money Directive 2 ("EMD2") legislative requirements, in order to
apply for an E-money license for UK, Ireland and US markets.
Worked closely with Booking.com and BHFS CISOs, CTOs and other senior stakeholders implementing
security controls and requirements.
07/2020
-
03/2021
GLOBAL P&O - DATA PRIVACY AND SECURITY LEAD
MARS.COM
* Responsible for monitoring and remediation of all security and privacy risks for the whole of HR
portfolio (90 applications) using RSA Archer and ServiceNow GRC modules.
* Ensure compliancy in implementing , Monitoring, Control & Test control effectiveness in line with
Mars Risk and controls management framework
* In addition - global implementation of workday solution covering 50+ countries, responsible for
data privacy by design for this project, covering all the topics from Data transparency, data
retention, data security etc.
* Designing the Workday HCM Security and access role assignments for all HR functions, in
collaboration with delivering partners and organization's Security team.
portfolio (90 applications) using RSA Archer and ServiceNow GRC modules.
* Ensure compliancy in implementing , Monitoring, Control & Test control effectiveness in line with
Mars Risk and controls management framework
* In addition - global implementation of workday solution covering 50+ countries, responsible for
data privacy by design for this project, covering all the topics from Data transparency, data
retention, data security etc.
* Designing the Workday HCM Security and access role assignments for all HR functions, in
collaboration with delivering partners and organization's Security team.
07/2018
-
06/2020
GDPR AND APPLICATION REMEDIATION SPECIALIST
SHELL
* Led the operations of a near shore and offshore team size of 20 resources
* Line of Defense 1 (LOD1) - Validated remediation gaps against L&R requirements, primarily
focusing on Data Privacy and security for the HR, Finance, Legal and Corporate applications
portfolio.
* Perform end-to-end duties including security and privacy risk assessments of all Lightly managed
IT applications in GF, remediation keeping GDPR Data Privacy, and Shell IRM requirements
* Led efforts to apply risk management processes in the business projects to identify and track
risks and recommend solutions. Extensive hands on to eGRC Archer tool, utilized to define
processes using Finding management, Compliance, and ITGC controls management use cases
* Conduct In-depth assessment of Legal & Regulatory requirements by working collaboratively with
business, IT and central IRM teams to assess, apply baseline & relevant IT Controls Risk Profile
for applications in scope for Competitively Sensitive information, Records Mgmt. & Data Privacy
(Privacy impact assessment, and E-Discovery)
* Line of Defense 1 (LOD1) - Validated remediation gaps against L&R requirements, primarily
focusing on Data Privacy and security for the HR, Finance, Legal and Corporate applications
portfolio.
* Perform end-to-end duties including security and privacy risk assessments of all Lightly managed
IT applications in GF, remediation keeping GDPR Data Privacy, and Shell IRM requirements
* Led efforts to apply risk management processes in the business projects to identify and track
risks and recommend solutions. Extensive hands on to eGRC Archer tool, utilized to define
processes using Finding management, Compliance, and ITGC controls management use cases
* Conduct In-depth assessment of Legal & Regulatory requirements by working collaboratively with
business, IT and central IRM teams to assess, apply baseline & relevant IT Controls Risk Profile
for applications in scope for Competitively Sensitive information, Records Mgmt. & Data Privacy
(Privacy impact assessment, and E-Discovery)
03/2018
-
06/2018
SME / LEAD CONSUTANT
LEASEPLAN
* Served an integral role as an SME/Lead Consultant in an GDPR privacy policies and remediation
implementation.
* Conducted ROPA Article 30 register, PIA's. Implemented Subject Access Rights implementation by
utilizing One Trust privacy Management software tool.
* Provided guidance to complete pre-implementation risk assessments and made resulting
recommendations to business and IT partners.
* Communicate findings with internal Management to ensure a comprehensive evaluation of business
and compliance risk.
implementation.
* Conducted ROPA Article 30 register, PIA's. Implemented Subject Access Rights implementation by
utilizing One Trust privacy Management software tool.
* Provided guidance to complete pre-implementation risk assessments and made resulting
recommendations to business and IT partners.
* Communicate findings with internal Management to ensure a comprehensive evaluation of business
and compliance risk.
06/2017
-
06/2018
Data Privacy Program Manager
GDPR
* Delivery and stakeholder management of this end to end of Privacy Management program set up.
* Project involved defining DP strategy to implement the Privacy program. Conducted ROPA, Privacy
Impact assessment, and DPIA's.
* Developed effective compliance processes by performing Data Privacy Protection risk assessments
and procedures such as subject access request and breaches & complaints.
* Worked in partnership with client's legal team, contacts, procurement team to maintain precise
and up-to-date records demonstrating clients GDPR compliance. Joint ventures & third-party
contracts were reviewed for adequacy of Data protection & privacy clauses in contracts.
* Project involved defining DP strategy to implement the Privacy program. Conducted ROPA, Privacy
Impact assessment, and DPIA's.
* Developed effective compliance processes by performing Data Privacy Protection risk assessments
and procedures such as subject access request and breaches & complaints.
* Worked in partnership with client's legal team, contacts, procurement team to maintain precise
and up-to-date records demonstrating clients GDPR compliance. Joint ventures & third-party
contracts were reviewed for adequacy of Data protection & privacy clauses in contracts.
09/2011
-
06/2018
Risk Management and Data Privacy Manager
FONTEM VENTURES (IMPERIAL TOBACCO)
03/2005
-
06/2018
SoX Compliance Analyst to Information Security and Data Privacy Manager
ACCENTURE
01/2018
-
04/2018
Project Manager
BOOKING.COM
Team size of 3, Conducted the Privacy/GDPR article 30 assessments
09/2016
-
05/2017
Lead Consultant: Cloud Vendor Risk Assessments
ABB
* Lead the assessment and evaluated gaps in Cloud Adoption framework including vendor risk
assessments process and recommended improvements.
* Developed the Cloud Security Vendor Risk Assessments Controls Framework and process, using best
practices from based on Cloud Security Alliance, ISF and NIST frameworks.
* Managed multiple tasks concurrently to meet the targets and priorities set in conjunction with
management.
assessments process and recommended improvements.
* Developed the Cloud Security Vendor Risk Assessments Controls Framework and process, using best
practices from based on Cloud Security Alliance, ISF and NIST frameworks.
* Managed multiple tasks concurrently to meet the targets and priorities set in conjunction with
management.
03/2016
-
07/2016
Lead consultant
BASF
Delivered top-notch design of Archer Security and RM Capabilities by performing Enterprise & Asset
Management, Policy Management, Vulnerability Management, Risk Management, Compliance Management,
Security Operations Management. Project focused on streamlining client's Risk Management and
Security Processes with incorporation of eGRC solutions.
* Defined the project's direction and plan, module stakeholders and target audiences and documented
interfaces with relevant systems
* Ensured alignment with security platform and PoC work stream activities
* Documented approach and expected time for implementation of the modules, and alignment with
overall transformation plan
Management, Policy Management, Vulnerability Management, Risk Management, Compliance Management,
Security Operations Management. Project focused on streamlining client's Risk Management and
Security Processes with incorporation of eGRC solutions.
* Defined the project's direction and plan, module stakeholders and target audiences and documented
interfaces with relevant systems
* Ensured alignment with security platform and PoC work stream activities
* Documented approach and expected time for implementation of the modules, and alignment with
overall transformation plan
06/2013
-
03/2016
Information Security & Client Data Protection Officer: BSS, Online & BPO services
KPN BV
* Ensured end-to-end security assurance, including compliance with Client data protection program
based on ISO 27001 framework, focused risk-assessment and ensuring timely resolutions of issues.
* Adhered to guidelines in contract covering security (domain agreement), with special focus on the
Statement of Applicability (SoA), the ISO controls defined in this SoA and the compliance by
Accenture BSS
* Conducted Joint venture, third party information sharing & Cloud Risk assessments by engaging
with Company sponsors and Contracts/procurement
* Delivered Data Protection training and awareness programs through face to face, CBT and other
means
* Oil and Gas, Resources
* Telecommunications
* Financial Services
* IT Services
* Products, Retailers
based on ISO 27001 framework, focused risk-assessment and ensuring timely resolutions of issues.
* Adhered to guidelines in contract covering security (domain agreement), with special focus on the
Statement of Applicability (SoA), the ISO controls defined in this SoA and the compliance by
Accenture BSS
* Conducted Joint venture, third party information sharing & Cloud Risk assessments by engaging
with Company sponsors and Contracts/procurement
* Delivered Data Protection training and awareness programs through face to face, CBT and other
means
* Oil and Gas, Resources
* Telecommunications
* Financial Services
* IT Services
* Products, Retailers
03/2005
-
08/2011
SoX Compliance Analyst to Information Security and Data Privacy Manager
Netherlands Information Security
Local Availability
Only available in these countries:
Netherlands
