1. 1
Napaporn Umsuriya
Mobile Phone: 6681-694-9003
Internet e-mail: punimka@yahoo.com
PERSONAL PROFILE
Address: 63/11 M.Sammakorn Ratchapruk Road
Aom-Kred, Park-kred, Nonthaburi 11120
Date of birth: 4 June, 1980
Nationality: Thai
CAREER SUMMARY
16 years experienced in IT Security consultancy to provide the best IT Security Services to
the customer environments and IBM internal environment. Advice team to conduct security
awareness program, practices and maintain continuous improvement. Also, implement the
security processes and programs to the all commercial accounts and IBM Internal account
both in Thailand and ASEAN countries that exceed client expectations.
MAJOR ACHIEVEMENTS
• IBM Recognition award on 2014
• IBM Excellent Award on 2013
• IBM Excellent Award on 2012
• IBM Excellent Award on 2011
• IBM ITD Star Award on 2009
• IBM BRAVO Award or Excellent award on 2007
• IBM BRAVO Award or Excellent award on 2006
• IBM BRAVO Award or Excellent award on 2005
• IBM BRAVO Award or Excellent award on 2004
EDUCATION
(1998 – 2001) Bachelor of Computer Engineering with second honor
King Mongkut Institute of Technology Ladkrabang (GPA 3.3)
PROFESSIONAL EXPERIENCE
September 2015 – Present. IBM Solutions Delivery Company
• As the Country IT Security Manager with 12-19 reporting team, to manage the
resource to support the commercial accounts on IT Security Service.
• Monitored team to ensure that they deliver the IT Security service to customer as
per contract scope which focus on Security Policy, Security Processes.
Additionally, advised team to solve any problem when they escalated or faced
with the obstacle.
2. 2
• Reported the Risk & Compliance Matrix Report to Country Executive and
ASEAN Leader on status and non-compliance items which below the target.
Coordinated with other competencies to establish the action plan and
commitment. Also, tracking until all those items were complete.
• Reviewed the IT Security scope and estimated effort for all new deals in IBM.
2015 – Highlight (Additional role for GTS Business Control – 3 months)
• As the GTS Business Control, to ensure that all Customer Relationship
Management (CRM) process are complied with their defined process. This is
cover Procurement, Finance, Revenue Recognition, Accounts Receivable,
Contract preparation/acceptance, Asset, Quality Assurance and Pricing.
o Work with team in high level to ensure that all process is compiled
o Support team to identify and solve the issues.
o On a quarterly basis, consolidate and review all the rating
(SAT/MAR/UNSAT) provided by each function team. And then preparing
all information to Executive for review and approve.
2005 – 2015: IBM Thailand Company Limited (Country Compliance Manager)
• As the Country Compliance & Control, regularly reviewed and tracked all non-
compliance issues status for all TH Strategic Outsourcing accounts to ensure that
all were completed on time and be addresses appropriately. This would bring
account team ready for audit all times.
• For all audits, led the team during audit preparation, conduct the lesson learnt,
do/don’t session and identified potential issues including tracking until closure.
During audit period, as an audit interface to track and respond the auditor’s
request including review the artifact for all data requests before responding back
to auditor.
• Supporting ASEAN Compliance & Regulatory team, to develop testing script,
mentoring the new team members on how to test and summarize the issues
including tracked until those issues were closed.
• Led for Monthly Lesson Learned Proactive Testing in country. Plan and run
through this program. To review all IT processes area based on issues from
Global audit/review to ensure that it would not be repeated issues in country.
Furthermore, reviewing and advising team on the corrective action.
• Joined Global Review Team in Japan for 2 weeks. To understand the Japan SO
environment and obtained the knowledge from experienced reviewer in order to
adopt and apply within country.
• Supported SAS70 audit in Singapore to prepare for audit readiness.
• Rollout IBM global security processes within country and also be ASEAN
process owner for some processes e.g. Userid Administration, Shared ID
Management, Quarterly Employment Review, Annual userid continued business
need revalidation, privileged ID revalidation, System Health Check, Patch
Management, Physical Security Access Control, System Inventory management,
Risk Management, Root cause analysis.
3. 3
• For compliance view, to advise all account team on ITIL processes (e.g., Change
Management, Incident Management and Problem Management) and other
relevant processes (e.g., Portable Storage Media, Service Activation &
Deactivation) to ensure that they strictly follow the process without any security
exposure.
• As an ASEAN PM for subsystem/inventory project to lead all ASEAN strategic
outsourcing accounts to ensure that they have a subsystem baseline (using IBM
tool to obtain subsystems baseline for each server) under IBM responsibility and
then registered all of them over IBM tool and tracked all security activities. Also,
ensure that all information for each device are completed and tracked over IBM
tool.
April 2001 – 2005 IBM Thailand Company Limited
• Design, set up and implement the Tivoli Storage Manager (TSM), centralized
backup solution on Window and Unix platform. To implement this product, it can
be reduced the archived data restore time, system down time and the staff who
manage the backup solution.
• Selecting the properly hardware machines and accessories to meet with the
customer’s requirements under the budget limitation.
• For TSM on-going support, providing the operation procedure manual document,
conducting to operator team for on-going monitoring/support.
• Install and configure the Ondemand Application server and client on
UNIX/Window platform. This application is used to load/unload report sent from
mainframe platform and users can view the report from ondemand client. Using
this application will reduce the paper amount and view report as the electronic
report.
• Develop the Ondemand’s operation procedure manual and educate team to
understand and familiar with this application.
• Provided technical support of AIX and Window platform to IBM customers and
solve problem related with AIX and Window platform.
• Wrote Shell script menu in order to control operation activity for operator.
• Installed tools on AIX & Window to monitor the properly security parameter
setting, login/logout threshold, CPU utilization. And develop shell script for
operator to reduce the input-key human error.
• Setup RAS (Remote Access System) on Window 2003 Server for customer
network to dial-in to their network via modem. And promptly support the
customer when problem is taken.
• Conduct the AIX system Administrator class to educate the AIX basic concept,
how to organize and setup the AIX system and how to recovery the system when
disaster occurred, as soon as business needs.
• Design and customize the “Security Notes Database” by using Lotus Domino
Designer based on notes script language programming. Security Notes Database is
4. 4
used to track the asset, patches/APARs and automatically remind the owner to
response patches/APARS, when it’s released. This Security Notes Database can
be used to show to the auditor as the audit trail and easy to track all asset and
patches/APARs.
SKILLS
Languages:
• Thai : Mother tongue
• English : Fluent written and spoken
PROFESSIONAL CERTIFICATES
• Certified in Risk and Information Systems Control (CRISC) certification, 2011
• Information Security Management Systems (ISMS) certification, 2008
• Information Security Management Systems (ISMS) re-certification to
27001:2013, 2015
• Certified Information Security Manager (CISM) certification, 2008
• Certified Information Systems Auditor (CISA) certification, 2007
• IT Infrastructure Library (ITIL) certification, 2007
• Cisco Certified Network Associate Specialist, CCNA 2003.
• AIX Certified Specialist, pSeries AIX System Administration, December 2002
TRAININGS
Technical skill
• AIX Basics
• AIX System Administration I: Implementation
• AIX System Administration II: Problem Determination.
• Cisco Certified Network Associate Specialist, CCNA 2003
• IBM AP Security Conference 2003
• IBM AP Security Conference 2004
• IBM AP Security Conference 2005
• Window 2003 Security Hardening
• CISSP class on 2005
Soft skill
• IT Service Project Management Method
• Presentation Skill.
• Sales Skill.
• Negotiation to “YES” Skill.
• 7 Habits Class.
• Agile
REFERENCES
2 months notice in advance.