Anan Sony

Anan Sony has over 14 years of working experiences. Prior to joining ACIS, he started his career as a system analyst in commercial industry. He also had experience in software development. Since 2008, he has joined ACIS during which he has been involved in a number of information security related projects such as ISMS implementation, ITSMS implementation and maturity assessment. He is proficient in the areas of information security management, IT service management and business continuity management.

Professional Qualification

  • Master of Science, Chulalongkorn University
  • Bachelor of Engineering, Chiangmai University
  • Part-time Lecturer, Chulalongkorn University
  • Committee, IT Service Management Forum
  • Certified Information Systems Security Professional (CISSP)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • ITIL Expert Certificate in IT Service Management
  • ISMS Auditor/Lead Auditor (Transition to ISO/IEC 27001:2013) Training
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • PECB Certified ISO/IEC 27001 Lead Implementer
  • Certified Information Systems Auditor (CISA)
  • BSI Document Control Training

Experience

  • Established information security management system (ISMS) or part of information security management program in accordance with international standard and leading practice such as ISO 27001 which key components including risk assessment process, risk treatment process, control design and implementation.
  • Established IT service management system (ITSMS) or part of IT service management in accordance with international standard and leading practice such as ISO 20000 and IT Infrastructure Library (ITIL) which key components including service delivery processes, relationship processes, resolution processes and control processes.
  • Performed compliance review of existing management systems, processes or frameworks, identified gap and made pragmatic recommendation to meet the requirement of international standard or leading practice such as ISO 27001, ISO 20000 and ISO 22301.
  • Conducted training to clients in the areas of information security or related (e.g., assurance, cloud computing and big data, forensics, governance risk and compliance, information security, project and program management and software security).

© Copyright 2019. Powered by ACIS Professional Center | Privacy Policy

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy