概要

Solutions-oriented Information and Cyber Security Director with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives.


• Demonstrated capacity to implement innovative security programs that drive awareness, decrease exposure, and strengthen organizations. 


• Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts


 while managing, motivating, and leading project teams.


 • Adept at developing effective security policies and procedures, project documentation and


 milestones, and technical/business specifications.


 • Core information security Strong Technical, analytical skills, and communication skills.


 Comprehensive Knowledge of ISO27001:2022 Standard, ISO 20221, PCI-DSS, HIPPA, SOC II, SAP GRC, NIST Cyber Security, and Risk Management Framework. Knowledge of Security Solutions like NextGeneration firewalls, NG Endpoint Security, Secure Web Gateway solutions, WAF, Privileged Access Management, Application whitelisting solutions, and Encryption solutions.


项目

Disaster Recovery Plan (DRP)
Risk Management System (RMS)
IS Review Monitoring System
Askari Bank Ltd ISMS 27001 Certification

工作经历

公司标识
Director GRC (CISO)
Premier BPO
Dec 2022 - 代表 | Lahore, Pakistan

Act as independent executive primarily responsible for Premier BPO's compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentations required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive upgradation and technological compliances. Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:
Advise senior management on matters related to Information Security and compliance to enhance company’s overall security posture.
Lead Premier BPO to gain and maintain PCI, DSS, SOCII, and HIPAA Compliance certifications.
Leading the Information Security & compliance initiatives to meet Premier BPO's organization wide internal and external Information Security requirements. 
Development and implementation of information security policy across the organization.
Conduct companywide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit and code assessment.
Review and revise development process to implement SSDLC.
Develop and implement information security awareness and training programs.
Manage compliance and regulatory requirements concerning the information security department.

公司标识
Director IT Security and GRC (CISO)
Touchstone Communications
Oct 2021 - Dec 2022 | Islamabad, Pakistan

Act as independent executive primarily responsible for Touchstone Communications compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentations required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive upgradation and technological compliances Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:
Advise senior management on matters related to Information Security and compliance to enhance company’s overall security posture.
Lead Touchstone to gain and maintain PCI, DSS, SOCII, and HIPAA Compliance certifications.
Leading the Information Security & compliance initiatives to meet Touchstone organization wide internal and external Information Security requirements. 
Development and implementation of information security policy across the organization.
Conduct companywide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit and code assessment.
Review and revise development process to implement SSDLC.
Develop and implement information security awareness and training programs.
Manage compliance and regulatory requirements concerning the information security department.

公司标识
Information Technology Security & SAP GRC Specialist
United Nations Development Programme
Jun 2015 - Oct 2021 | Lahore, Pakistan

• Takes care of the day-to-day operations and data structures by overseeing operational performance.
• Takes care of cyber security projects and makes sure they meet cyber security objectives. Offers cyber security operations such as process re-engineering, automation, and documentation.
• Recognizes cyber security issues, devises, and drives effective mitigation. Actively searches for vulnerabilities and risks in hardware and software and conducts threat and risk analysis and provides essential suggestions for their mitigation.
• Assists with the configuration of anti-virus systems and consoles, having an in-depth understanding of vulnerabilities management systems and common security applications.
• Conducts software upgrades and explains performance criteria, documents configurations, and systems specifications.
• Manages and monitors any attacks and intrusions. Protects software and hardware from threats and identifies and manages incidents and mitigates risks.
• Assists in performing research, testing, evaluation, and deployment of security procedures.
• Designs security training materials and organizes training sessions for the users.
• Examines and evaluates security-related technologies. Resolves security issues and other data-related problems. Monitors network traffic and internet connectivity data and reports on risks.
• Responsible for collecting and analyzing data and assists in eliminating risk, performance and capacity issues. Handles any issues related to service providers and SLA’s.
• Regulates enterprise information assurance and security standards. Collaborates and evaluates security programs for the organization. Supports users in the development and implementation of policies.
• Creates own tools and actively takes part in the security architecture review of client technologies.
• Conducts risk assessments and business impact analysis on new systems and technologies.

公司标识
Manager Information Security and GRC
Askari bank Ltd
Nov 2004 - Jun 2015 | Islamabad, Pakistan

• Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) Plans for Askari
Bank Ltd.
• Drafted company policies and procedures governing corporate security, email and Internet usage, access control,
and incident response.
• Authored numerous ISO 27001 procedures and security policies in support of IT operations, participating in regular
audits to ensure regulatory compliance.
• Analyze security events across internal, perimeter and cloud security devices, including Email Gateway and Proxy,
Web Application Firewalls, Network Load Balancer, Privileged Identity and Access Management.
• Active participant for BCP/DRP testing, including testing Security and network components.
• Manage and fine tune Application Whitelisting and SIEM solutions.
Review projects of Information technology from Information security perspective.
• Review Security configuration and architecture, Implementation assistance in end point security products.
• Prepare hardening baselines for all IT services and devices and ensure compliance.
• Overall coordination and tracking of all internal and external related security incidents.
• Prepare information security incident reports as applicable and assume ownership for timely resolution of all
Information Security incidents as per SLAs.
• Set process to track and monitor the vulnerabilities on various information assets and track the same for closure. Ensure timely updates of risk register and liaise with internal teams on closure.
• Develop and improve processes and procedures around Information security to test patches before implementation.
• Perform Periodic risk & vulnerability assessment of IT infrastructure using various industry standard tools.
• Monitoring security logs and activities using log analysis tools.
• Ensure compliance with ISO27001:2013 standards and ensure relevant evidences are appropriately collected and maintained centrally.

学历

Preston Institute of Management Sciences and Technology
硕士, 工商管理硕士学位, Masters of Business Administration‎
CGPA 3.2/4
2002

技能

中级 Automated Testing
中级 DevOps
熟练 Project Manager
熟练 Computer Literacy
熟练 Planning
熟练 problem solving and organizi
熟练 selling to customer needs
熟练 SQL SERVER
中级 .Net
熟练 4 Knowledge of Taxation
中级 Ability to identify and research Target Markets
熟练 Access Networks
熟练 Accounting Records
熟练 Accounting+
熟练 Accounts / Manager
熟练 Accounts Managment Skills
中级 Active Directory
中级 Acunetix
熟练 Advisory Skills
熟练 Aesthetic Procedures Knowledge
中级 Agile
熟练 Agile Project Management
中级 Agile Scrum Testing
熟练 Analytical
熟练 Analytical Skills
熟练 Analytics
熟练 Annual Budget
初学者 App Development On IOS And Android
熟练 Apparel Experience
中级 Application Networking
熟练 Application Security
中级 Applications Software Development
中级 Architectural Designing Skills
熟练 Architectural Project Management
中级 ASP.NET Core
中级 Asp.Net MVC
熟练 Assertiveness
中级 Assess Network Threats
熟练 Attentiveness
中级 Audit Assignment Handling
熟练 Audit Management
熟练 Audit Reports Management
熟练 Auditing
熟练 Auditing Command
熟练 Auditing Skills
熟练 Audits
中级 AWS
熟练 Azure
熟练 Azure AD Management
熟练 Backup Restore

语言

中级 法语
熟练 乌尔都语
熟练 英语