Cyber Security

• Sri Lanka’s flagship telecommunications service provider in the country’s largest mobile network and being the first and only company in Sri Lanka to achieve a market capitalization of USD 1 billion.
• Be responsible for governing the implementation of Cyber Security Strategy of Dialog Group in line with Axiata Cyber Security Road map as outlined by the Axiata Group CISO/ GCRC / Board.
•  Ensure to maintain the maturity of NIST CSF framework and ISO 27001, PCI DSS within the Dialog.
•  24x7 delivery across global Security Operations Centres (SOC) with SIEM solution and ensure all SOC activities are in line with cybersecurity governance framework.
• Directs global team of senior security investigators/ Forensic professionals to hunt threats using advanced threat intelligence, security telemetry, and advanced analytics.
•  Technical consultation of procuring, evaluating, and implementing the cybersecurity solutions such as IAM, GRC tool, DLP, TVM risk prioritization, Minimum security baseline, EDR, etc.
•  Architecture review board to represent the cybersecurity governance approvals.
•  Risk Management/ assessments including Vendor and Third-party risks.

• AHL Business Solution is a subsidiary of Goodhope Asia Holdings Singapore Incorporated in Singapore, is a holding company with investments in Indonesia, Malaysia & India.
• Strategic Guidance and planning on Information Security strategy & risk management for the Group.
•  Successfully Implemented and certified the ISO 27001, ISO 2000 for the Group Data centre, DR Location and the Business Process Outsourcing unit at Colombo & Planning for regional office in
  Singapore , Malaysia , Indonesia and India.
•  Information security reviews and audits for ERP systems such as JD Edwards, Oracle Finance, Oracle HRM, Hyperion, OBIEE, and bespoke applications.
•  Penetration testing, host-based security assessment, firewall, wireless and mail server security reviews and network infrastructure security reviews across the group.
•  IT security liaison for various regional functions covering Risk Management, and Data Protection
•  Product evaluation (i.e. wireless solution, firewall, IPS/IDS ,SCADA , data archival etc).
•  Advisor to a continuous improvement program in group-wise information security.
•  IT security liaison for various regional functions covering Risk Management and Data Protection.

KPMG is a professional services firm, providing Audit, Tax & Advisory services to both public and private sector clients. During my tenure, I worked in the IT Advisory team and some of the key responsibilities and tasks included,

• Managing teams which conducted Information Security Reviews and IS Audits which include Application & Post Implementation, Network and Architecture, ERP Systems, and Project Risk Management in various industry segments with may IT and systems projects.
•  Review of KPMG Sri Lanka’s policies and procedures in-line with KPMG Global IT security requirements as well as local government regulatory requirements.
•  Consultation, development support and reviews on IT Governance Frameworks, IT security strategy, policies, procedures and DRP.
•  Implementation support and deployment of ISO 27001 framework for clients (E.g. Review all deliverables such as ISMS policies , procedures and standards, risk assessment, user training, DRP/BCM.
•  Performed internal network security evaluations, internal and external penetration testing and Database and application(oracle,DB2 etc) reviews.
•  Performed firewall security reviews for Cisco Fix and ASA, Net screen and Checkpoint, etc.
•  Hands-on experience with information security tools such as CORE Impact, Qualiys Guard, Symantec ESM, Nessus, GFI Land Guard etc
•  Represented KPMG at meetings with client senior management on IT security review findings.
•  Develop and review deliverables (e.g. Management letters with practical recommendations).

• Technology leadership and security management consultation in multiple Projects and development and deployment of business continuity planning (BCP) and Disaster Recovery Planning (DRP).

• Provided technical and information security expertise in the management, administration, implementation and maintenance of the organizations’ IT Infrastructure, business applications.

• Installation, Configuring, Troubleshooting and Problem Solving of Networks, Firewall, Operating systems and Anti-Virus IPS/IDS products.

• Worked as an administrator for OS, software, hardware, Firewall and Anti-Virus products.