SYED REFAT EQBAL SHUVRO

Professional Summary

Security and Governance expert with 15+ years of experience in a Fortune 500 multinational environment (MetLife), specializing in PCI DSS compliance, IT Risk Management, and Infrastructure Security. Certified CISM and PCI ISA, with deep expertise in bridging the gap between technical security controls (Azure, Guardium, WSUS) and regulatory frameworks. Proven track record in leading external audits, driving vulnerability remediation, and managing senior stakeholders globally.

Core Competencies

01. GRC

PCI DSS, ISO 27001, IT Risk Management, Third-Party Risk Assessment (TPRM).

02. Cloud Security

Microsoft Azure (AZ-900), Sentinel (SIEM), Defender for Cloud, VMware ESXi.

03. SecOps

Vulnerability Management (WSUS, EDR), Database Security (IBM Guardium).

04. AI Governance

AI use-policy mapping, Model risk considerations, Prompt injection risks.

05. Auditing

Internal/External Audit Leadership, Gap Analysis, Evidence Remediation.

root@refat:~/skills# view_details

Technical Arsenal

⚖️

GRC & AI Governance

AI Frameworks

> NIST AI RMF & ISO 42001
> LLM Prompt Injection Defense
> Vendor Due Diligence (AI Focus)

Risk Management

> Hallucination Guardrails
> Data Residency & Privacy

🛡️

SecOps & Automation

SIEM & Sentinel

$ Advanced KQL Hunting
$ Custom Detection Rules
$ UEBA Analytics

SOAR

$ Logic Apps Automation
$ Auto-Remediation Playbooks

☁️

GenAI & Cloud

Security Copilot

# Prompt Design for Audit
# Automated Policy Drafting

Cloud Defense

# Defender for Cloud (CSPM)
# Purview (DLP & Classify)
# Entra ID Governance

// PROFESSIONAL HISTORY Deployment Log

Assistant Director, Global Security, MetLife.

Bangladesh & Nepal | June 2010 – Present STATUS: ACTIVE

METLIFE.SEC

"Operate as the Regional Subject Matter Expert (SME) for Information Security Governance, orchestrating defense strategies for enterprise-grade infrastructure. Bridging the gap between CISO directives and local execution across Bangladesh and Nepal territories."

⚖️

Compliance & GRC Architecture

▹ Zero-Defect Audit Record: Led end-to-end PCI DSS certification cycles, achieving consecutive years of compliance with zero major non-conformities.
▹ Audit Lifecycle Optimization: Engineered a centralized evidence repository system, slashing external audit preparation time by 20%.
▹ Gap Analysis Authority: Acting as certified Internal Security Assessor (ISA) to conduct rigorous self-assessments and remediation planning.

🛡️

Threat Defense & SecOps

▹ Vulnerability Remediation: Reduced attack surface exposure by 30% within 12 months via automated WSUS workflows and EDR telemetry analysis.
▹ Data Fortress: Deployed IBM Guardium for real-time Database Activity Monitoring (DAM), ensuring visibility into critical financial data access.
▹ Endpoint Security: Managed Microsoft Defender for Endpoint ecosystem, coordinating rapid patching cycles against Zero-day threats.

☁️

Cloud & Infrastructure Governance

Identity & Access (IAM):

Enforced strict IAM policies across Azure (Entra ID) environments, aligning with Global CISO standards and SC-900 principles.

Third-Party Risk (TPRM):

Executed due diligence and security assessments for critical vendors, ensuring strict adherence to Data Privacy and SLA mandates.

Disaster Recovery (BCDR):

Developed and maintained local incident response plans and disaster recovery procedures to ensure business continuity.

Tech Stack Oversight:

Managed security configurations for VMware vSphere, Cisco networking core, and Microsoft 365 tenant hardening.

Certifications

CISM Certified Information Security Manager (ISACA)
Credential ID- CISM-2055447
PCI ISA Internal Security Assessor (PCI SSC)
Credential ID- 804-488
SC-900 & AZ-900 Microsoft Security & Azure Fundamentals
Credential ID- I499-4435 & I405-4041
Certified in Cyber Security Certification ISC2
Credential ID- 492342345
CEH v9 Certified Ethical Hacker (EC-Council)
ITIL® Foundation IT Service Management

Education

MBA (Finance)

Stamford University Bangladesh (2014)

GPA: 3.75/4

B.Sc in Computer Science & Engineering

RUET (2009)

GPA: 3.07/4

SYED REFAT
EQBAL SHUVRO

Senior Information Security Specialist
GRC & PCI DSS Specialist

Professional Summary

Core Competencies

01. GRC

02. Cloud Security

03. SecOps

04. AI Governance

05. Auditing

Technical Arsenal

GRC & AI Governance

AI Frameworks

Risk Management

SecOps & Automation

SIEM & Sentinel

SOAR

GenAI & Cloud

Security Copilot

Cloud Defense

// PROFESSIONAL HISTORY Deployment Log

Assistant Director, Global Security, MetLife.

Compliance & GRC Architecture

Threat Defense & SecOps

Cloud & Infrastructure Governance

Certifications

Education

MBA (Finance)

B.Sc in Computer Science & Engineering

Initiate Handshake

SYED REFAT EQBAL SHUVRO

Senior Information Security Specialist GRC & PCI DSS Specialist

Professional Summary

Core Competencies

01. GRC

02. Cloud Security

03. SecOps

04. AI Governance

05. Auditing

Technical Arsenal

GRC & AI Governance

AI Frameworks

Risk Management

SecOps & Automation

SIEM & Sentinel

SOAR

GenAI & Cloud

Security Copilot

Cloud Defense

// PROFESSIONAL HISTORY Deployment Log

Assistant Director, Global Security, MetLife.

Compliance & GRC Architecture

Threat Defense & SecOps

Cloud & Infrastructure Governance

Certifications

Education

MBA (Finance)

B.Sc in Computer Science & Engineering

Initiate Handshake

SYED REFAT
EQBAL SHUVRO

Senior Information Security Specialist
GRC & PCI DSS Specialist