خلاصہ

Solutions-oriented Information and Cyber Security Director with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives.


• Demonstrated capacity to implement innovative security programs that drive awareness, decrease exposure, and strengthen organizations. 


• Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts


 while managing, motivating, and leading project teams.


 • Adept at developing effective security policies and procedures, project documentation and


 milestones, and technical/business specifications.


 • Core information security Strong Technical, analytical skills, and communication skills.


 Comprehensive Knowledge of ISO27001:2022 Standard, ISO 20221, PCI-DSS, HIPPA, SOC II, SAP GRC, NIST Cyber Security, and Risk Management Framework. Knowledge of Security Solutions like NextGeneration firewalls, NG Endpoint Security, Secure Web Gateway solutions, WAF, Privileged Access Management, Application whitelisting solutions, and Encryption solutions.


پراجیکٹس

Disaster Recovery Plan (DRP)
Risk Management System (RMS)
IS Review Monitoring System
Askari Bank Ltd ISMS 27001 Certification

تجربہ

کمپنی کا لوگو
Director GRC (CISO)
Premier BPO
دسمبر ۲۰۲۲ - موجودہ | Lahore, Pakistan

Act as independent executive primarily responsible for Premier BPO's compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentations required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive upgradation and technological compliances. Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:
Advise senior management on matters related to Information Security and compliance to enhance company’s overall security posture.
Lead Premier BPO to gain and maintain PCI, DSS, SOCII, and HIPAA Compliance certifications.
Leading the Information Security & compliance initiatives to meet Premier BPO's organization wide internal and external Information Security requirements. 
Development and implementation of information security policy across the organization.
Conduct companywide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit and code assessment.
Review and revise development process to implement SSDLC.
Develop and implement information security awareness and training programs.
Manage compliance and regulatory requirements concerning the information security department.

کمپنی کا لوگو
Director IT Security and GRC (CISO)
Touchstone Communications
اکتوبر ۲۰۲۱ - دسمبر ۲۰۲۲ | Islamabad, Pakistan

Act as independent executive primarily responsible for Touchstone Communications compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentations required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive upgradation and technological compliances Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:
Advise senior management on matters related to Information Security and compliance to enhance company’s overall security posture.
Lead Touchstone to gain and maintain PCI, DSS, SOCII, and HIPAA Compliance certifications.
Leading the Information Security & compliance initiatives to meet Touchstone organization wide internal and external Information Security requirements. 
Development and implementation of information security policy across the organization.
Conduct companywide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit and code assessment.
Review and revise development process to implement SSDLC.
Develop and implement information security awareness and training programs.
Manage compliance and regulatory requirements concerning the information security department.

کمپنی کا لوگو
Information Technology Security & SAP GRC Specialist
United Nations Development Programme
جون ۲۰۱۵ - اکتوبر ۲۰۲۱ | Lahore, Pakistan

• Takes care of the day-to-day operations and data structures by overseeing operational performance.
• Takes care of cyber security projects and makes sure they meet cyber security objectives. Offers cyber security operations such as process re-engineering, automation, and documentation.
• Recognizes cyber security issues, devises, and drives effective mitigation. Actively searches for vulnerabilities and risks in hardware and software and conducts threat and risk analysis and provides essential suggestions for their mitigation.
• Assists with the configuration of anti-virus systems and consoles, having an in-depth understanding of vulnerabilities management systems and common security applications.
• Conducts software upgrades and explains performance criteria, documents configurations, and systems specifications.
• Manages and monitors any attacks and intrusions. Protects software and hardware from threats and identifies and manages incidents and mitigates risks.
• Assists in performing research, testing, evaluation, and deployment of security procedures.
• Designs security training materials and organizes training sessions for the users.
• Examines and evaluates security-related technologies. Resolves security issues and other data-related problems. Monitors network traffic and internet connectivity data and reports on risks.
• Responsible for collecting and analyzing data and assists in eliminating risk, performance and capacity issues. Handles any issues related to service providers and SLA’s.
• Regulates enterprise information assurance and security standards. Collaborates and evaluates security programs for the organization. Supports users in the development and implementation of policies.
• Creates own tools and actively takes part in the security architecture review of client technologies.
• Conducts risk assessments and business impact analysis on new systems and technologies.

کمپنی کا لوگو
Manager Information Security and GRC
Askari bank Ltd
نومبر ۲۰۰۴ - جون ۲۰۱۵ | Islamabad, Pakistan

• Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) Plans for Askari
Bank Ltd.
• Drafted company policies and procedures governing corporate security, email and Internet usage, access control,
and incident response.
• Authored numerous ISO 27001 procedures and security policies in support of IT operations, participating in regular
audits to ensure regulatory compliance.
• Analyze security events across internal, perimeter and cloud security devices, including Email Gateway and Proxy,
Web Application Firewalls, Network Load Balancer, Privileged Identity and Access Management.
• Active participant for BCP/DRP testing, including testing Security and network components.
• Manage and fine tune Application Whitelisting and SIEM solutions.
Review projects of Information technology from Information security perspective.
• Review Security configuration and architecture, Implementation assistance in end point security products.
• Prepare hardening baselines for all IT services and devices and ensure compliance.
• Overall coordination and tracking of all internal and external related security incidents.
• Prepare information security incident reports as applicable and assume ownership for timely resolution of all
Information Security incidents as per SLAs.
• Set process to track and monitor the vulnerabilities on various information assets and track the same for closure. Ensure timely updates of risk register and liaise with internal teams on closure.
• Develop and improve processes and procedures around Information security to test patches before implementation.
• Perform Periodic risk & vulnerability assessment of IT infrastructure using various industry standard tools.
• Monitoring security logs and activities using log analysis tools.
• Ensure compliance with ISO27001:2013 standards and ensure relevant evidences are appropriately collected and maintained centrally.

تعلیم

Preston Institute of Management Sciences and Technology
ماسٹرز, ماسٹرز ان بزنس ایڈمنسٹریشن, Masters of Business Administration‎
CGPA 3.2/4
2002

پیشہ ورانہ مہارتیں

متوسط Automated Testing
متوسط DevOps
ماہر Project Manager
ماہر Computer Literacy
ماہر Planning
ماہر problem solving and organizi
ماہر selling to customer needs
ماہر SQL SERVER
متوسط .Net
ماہر 4 Knowledge of Taxation
متوسط Ability to identify and research Target Markets
ماہر Access Networks
ماہر Accounting Records
ماہر Accounting+
ماہر Accounts / Manager
ماہر Accounts Managment Skills
متوسط Active Directory
متوسط Acunetix
ماہر Advisory Skills
ماہر Aesthetic Procedures Knowledge
متوسط Agile
ماہر Agile Project Management
متوسط Agile Scrum Testing
ماہر Analytical
ماہر Analytical Skills
ماہر Analytics
ماہر Annual Budget
ابتدائی App Development On IOS And Android
ماہر Apparel Experience
متوسط Application Networking
ماہر Application Security
متوسط Applications Software Development
متوسط Architectural Designing Skills
ماہر Architectural Project Management
متوسط ASP.NET Core
متوسط Asp.Net MVC
ماہر Assertiveness
متوسط Assess Network Threats
ماہر Attentiveness
متوسط Audit Assignment Handling
ماہر Audit Management
ماہر Audit Reports Management
ماہر Auditing
ماہر Auditing Command
ماہر Auditing Skills
ماہر Audits
متوسط AWS
ماہر Azure
ماہر Azure AD Management
ماہر Backup Restore

زبانیں

متوسط فرانسیسی
ماہر اردو
ماہر انگریزی