Anan Sony
Senior Director
CISSP, CISA, CISM, CEPAS DPO
Anan Sony has over 14 years of working experiences. Prior to joining ACIS, he started his career as a system analyst in commercial industry. He also had experience in software development. Since 2008, he has joined ACIS during which he has been involved in a number of information security related projects such as ISMS implementation, ITSMS implementation and maturity assessment. He is proficient in the areas of information security management, IT service management and business continuity management.
- Master of Science, Chulalongkorn University
- Bachelor of Engineering, Chiangmai University
- Part-time Lecturer, Chulalongkorn University
- Committee, IT Service Management Forum
- Certified Information Systems Security Professional (CISSP)
- Certified in the Governance of Enterprise IT (CGEIT)
- ITIL Expert Certificate in IT Service Management
- ISMS Auditor/Lead Auditor (Transition to ISO/IEC 27001:2013) Training
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- PECB Certified ISO/IEC 27001 Lead Implementer
- Certified Information Systems Auditor (CISA)
- BSI Document Control Training
- Established information security management system (ISMS) or part of information security management program in accordance with international standard and leading practice such as ISO 27001 which key components including risk assessment process, risk treatment process, control design and implementation.
- Established IT service management system (ITSMS) or part of IT service management in accordance with international standard and leading practice such as ISO 20000 and IT Infrastructure Library (ITIL) which key components including service delivery processes, relationship processes, resolution processes and control processes.
- Performed compliance review of existing management systems, processes or frameworks, identified gap and made pragmatic recommendation to meet the requirement of international standard or leading practice such as ISO 27001, ISO 20000 and ISO 22301.
- Conducted training to clients in the areas of information security or related (e.g., assurance, cloud computing and big data, forensics, governance risk and compliance, information security, project and program management and software security).