Alapan Arnab
Dublin,OH
Summary
An experienced technology executive with a notable track record in operational resilience, cybersecurity, and technology risk management. Led high-performance, multinational teams within major banking institutions globally, particularly those classified as D-SIB (Domestic Systemically Important Banks). Specializing in the design and execution of resilient operations, with reach expanding across digital banking, cloud computing, DevOps, agile transformation, operations technology, and security operations.
Their approach to technology resilience is comprehensive, incorporating a full array of practices and foundational strategies essential for the secure and robust deployment of technology across various stacks. Proficient in employing security principles, they ensure that organizations are equipped not only to handle technological challenges and infrastructural compromises, but also to minimize the frequency of significant incidents and recover more swiftly from such occurrences.
Beyond traditional operational contingencies like disaster recovery and performance scaling, this executive focuses on diagnosing and rectifying the root causes of incidents in regular business operations. This emphasis on fundamental problems facilitates the enhancement of procedures, training, and the creation of more efficient technology solutions, thus strengthening overall operational durability and security.
Overall, their career is distinguished by an ability to spearhead teams in the deployment of advanced technology resilience and risk management strategies. This expertise is crucial in securing and maintaining the operational integrity of large, multi-national banking organizations against the evolving challenges of the modern digital landscape.
Overview
16
16
years of professional experience
1
1
Certificate
Work History
Vice President
Bank of Nova Scotia
01.2023 - Current
- The portfolio consolidated Technology Resilience and Reliability practices under one team (in the 1st line), and in- cludes the overall strategy for technology resilience, governance elements including associated policies and standards, reporting and being the effective product owner for reliability across the various technology teams
- The portfolio also plays a significant role in service management activities in support of resilience and reliability goals
- Key initiatives include new resilience related technology standards, managing the mapping and analysis of critical technology processes, and co-owning (with 2nd line) the FY23 operational risk enterprise scenario analysis (based on a large technology disruption)
- Team Size: Approx 150
Vice President and Global Head
11.2020 - 01.2023
- In addition to managing Technology Risk (1st line) for the Global CIO portfolio, I managed the Technology Resilience portfolio across all of the Technology business unit
- This was a new portfolio, aiming to create a centre of excellence on improving Technology’s operational resilience, including the overall strategy for resilience, governance elements including policies and standards, reporting on status of resilience
- In addition, the portfolio worked closely with
- Technology’s service reliability engineering organisation and the group’s Operational Resilience teams to support enablement of various resilience goals
- Key initiatives included significant upgrades to the bank’s disaster recovery management program, introduction of a technology resilience policy and standard framework, successful embedment of resilience reviews for new projects (incl
- Third parties) and a comprehensive review of the Technology business unit’s BCM plans
- Team Size: Approx 120
Director and Global Head of Technology Risk
11.2018 - 10.2020
- I managed the 1st line of defence technology risk portfolio for the Global CIO portfolio across the bank
- This included the overall strategy for the establishment of the unit (including associated staffing) and managing a team spanning across 8 countries
- The role encompassed the full risk management lifecycle - identification, assessment, tracking and monitoring, and reporting
- I also managed the Technology unit’s response of COVID 19 pandemic and the associated business continuity plan invocations
- Team Size: Approx 80
Group Head of Technology
Absa Group
08.2017 - 10.2018
- Reporting to the Bank’s Head of Technology, I managed the operational risk posture of technology division for the group
- The role included the tracking and assessment of risks related to the division, managing assurance activities for the 1st line of defense, governance of processes and standards of the division, and reporting and related engagements with the wider risk and assurance community in the bank and management forums
- Key initiatives included groupwide risk remediation programs, embedment of a new development lifecycle process, and the development and embedment of a new third party assurance framework
- Team Size: Approx 60
Head of Technology Risk
Infrastructure Services, ce of CTO
02.2017 - 07.2017
- I managed all the technology related risks (cyber-security, information, resilience, operational) for Infrastructure
- Services portfolio
- This was an expansion of my previous mandate and portfolio to encompass all shared technology services for Barclays Africa
- I managed risk for both new services (change the bank initiatives) and existing services in production (run the bank activities)
- The portfolio of services included traditional infrastructure services (such as platforms, databases and networks) and new technologies such as cloud services (such as Amazon Web Services
- Microsoft Azure and Microsoft Office 365)
- Key initiatives included the development and implementation of a robust framework for evaluating the risk of cloud and other third party service providers
- Team Size: Approx 15
- Head of Technology Risk for Offi
10.2015 - 07.2017
- I managed all the technology related risks (cyber-security, information, resilience, operational) for the Office of Chief
- Technology Office (CTO), which enabled a number of shared technology services for the bank (such as big data platforms and security operations) and technology transformation (such as AI and DevOps)
- Key initiatives included development of the risk framework for the technology transformation initiatives, redesign of the bank’s System Development Lifecycle (SDLC), and the refresh of the Technology and Cyber control library.
Chairperson
08.2014 - 05.2017
Lead Security Consultant
04.2013 - 09.2015
- As an individual contributor, I provided security consultancy and support (including security requirement specification, security architecture, design reviews, threat modeling, risk analysis and security assessments) throughout the system development life-cycle to various projects and ad hoc engagements as required
- I also represented information security and technology risk at enterprise architecture governance forums
- Notable successes in my role included projects for online and mobile banking channels, the Apple Watch banking application, the deployment of the first cloud service in the group with customer data, and a brand new credit card offering.
Adjunct Lecturer
Rhodes University GRAHAMSTOWN
03.2013 - 02.2015
Director
Western Province Badminton Association
08.2013 - 07.2014
Acting
T-Systems South Africa MIDRAND
11.2012 - 03.2013
Security Architect and Consultant
03.2008 - 03.2013
Education
Mini Certificate Course in Real World Risk Management -
Real World Risk Institute
Barclays Africa COO Excellence Program -
Duke Corporate Education
Leadership Development Program -
Gordon Institute of Business Science (GIBS)
Ph.D - Computer Science
University of Cape Town (UCT) CAPE TOWN
2007
Skills
Operational Resilience
Security Operations & Fusion Center
Product Security
Service Reliability Engineering
Technology Architecture & Strategy
Policy Compliance, Control Frameworks and Libraries
Product Ownership
Disaster Recovery & Business Continuity
Threat Modeling & Risk Management
Cyber Risk Intelligence & Quantification
Risk/ Threat Scenario Analysis
DevSecOps
Identity & Access Management (IdAM)
Data Protection & Privacy Frameworks
Vulnerability & Remediation Management
Regulatory Guidelines (SEC, OCC, NIST, OSFI, SOX, GDPR, DORA, etc)
Stakeholder Collaboration & Comms
Cloud Infrastructure (AWS, Azure)
Additional Information
TBD
Affiliations
TBD
Certification
Key Competencies: Business Continuity Management, Control Frameworks and Libraries, Cyber Security, Disaster Re-
covery Management, Operational Resilience, Operational Risk, Service Reliability Engineering, Technology Architecture,
Technology Strategy, Threat Modeling, Risk Management
Technology Focus Areas: (non-exhaustive and in alphabetical order) Access Control, Cloud Services, Critical Infras-
tructure, DevSecOps, Identity Management, Information Archiving, Information Classification, ITIL Processes, Network
Security, Policy Compliance, Rights Management, SIEM, Technology Control Libraries (ISO, PCI-DSS, NIST etc.), Threat
Management, Vulnerability Management
Timeline
Vice President
Bank of Nova Scotia
01.2023 - Current
Vice President and Global Head
11.2020 - 01.2023
Director and Global Head of Technology Risk
11.2018 - 10.2020
Group Head of Technology
Absa Group
08.2017 - 10.2018
Head of Technology Risk
Infrastructure Services, ce of CTO
02.2017 - 07.2017
10.2015 - 07.2017
Chairperson
08.2014 - 05.2017
Director
Western Province Badminton Association
08.2013 - 07.2014
Lead Security Consultant
04.2013 - 09.2015
Adjunct Lecturer
Rhodes University GRAHAMSTOWN
03.2013 - 02.2015
Acting
T-Systems South Africa MIDRAND
11.2012 - 03.2013
Security Architect and Consultant
03.2008 - 03.2013
Mini Certificate Course in Real World Risk Management -
Real World Risk Institute
Barclays Africa COO Excellence Program -
Duke Corporate Education
Leadership Development Program -
Gordon Institute of Business Science (GIBS)
Ph.D - Computer Science
University of Cape Town (UCT) CAPE TOWN
Accomplishments
TBD
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Career Achievements
TBD
Quote
There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins
Security Leadership Perspective
TBD