Manager Internal Audit
ELM Company
Total years of experience :17 years, 1 Months
Working as Manager Internal Audit reporting to Head of IT Audit. Responsible for planning, managing and conducting the audits.
Worked as Manager Information Technology Advisory (ITA) reporting to Executive Director ITA. Responsible for managing and guiding the team assigned for the project. Projects completed include black box penetration testing of a web application developed for government sector of Singapore. Internal and external penetration testing of a multi-national Tobacco company, in scope locations were Pakistan, Bangladesh and Sri Lanka. Forensics investigation assignment of leading bank of Pakistan, a reputed organization from Oil and Energy sector, and a multinational manufacturing company. Recently completed risk assessment of core banking application and its supporting infrastructure of one of the largest banks of Pakistan in line with ISO 27005 risk management standard.
Projects in Pakistan
Habib Bank Limited (HBL): Risk assessment of core banking application and its supporting infrastructure of one of the largest banks of Pakistan in line with ISO 27005 risk management standard. Core banking application was Misys and supporting operating system was OS400
Knowledge Platform: Black box penetration testing of a web application developed for government sector of Singapore
Confidential: Forensics assignment for one of the largest commercial banks in Pakistan.
Confidential: Forensics assignment for one of the largest Oil producing organization in Pakistan.
Confidential: Internal and external penetration testing of a multi-national Tobacco company
Confidential: Forensics assignment for one of the multinational manufacturing organizations in Pakistan.
PIFRA: External penetration testing and network security review.
BELTEXCO: Network Security Review and Operating System Review
International Projects
Confidential: Internal and external penetration testing of a multi-national Tobacco company's Sril Lanka office
Confidential: Internal and external penetration testing of a multi-national Tobacco company's Bangladesh office
Emirates College for Advanced Education (ECAE): Web application, internal and external penetration testing
Paris-Sorbonne University Abu Dhabi (PSUAD): Web application, internal and external penetration testing
Abu Dhabi Education Council (ADEC): Data Leakage Prevention Maturity Assessment, Web portal assessment, Scholarship Management System Assessment
Worked as an Information Security Officer reporting to Chief Information Security Officer. Responsible for penetration testing, vulnerability assessments, technical compliance audits, information security incidents response and investigation, implementation of ISO 27001 standard, organization wide information security awareness trainings, executing business continuity and disaster recovery drills. Some of the highlights at a glance include: • ISO 27001 in-house successful implementation.
• Developed baseline configuration for operating systems (AIX and Windows 2003), databases (Oracle and SQL), network devices (Cisco Routers, Switches and ASA) and MS Exchange 2003.
• Ensured IT infrastructure hardening in the light of baselines developed using CIS standards.
• Developed and periodically review TSCM policies.
• Initiated and developed custom collectors for TSCM using development interface provided by IBM to collect information from Windows/AIX servers and Oracle databases not available from default collectors and IBM support. Publishing of custom collectors on IBM Global Solutions Directory is in progress.
• Lead and mentored a team for TSCM collectors project.
• Developed policies and rules of TCIM. Developed rules are periodically reviewed for tuning.
• Proposed, tested, trained users and deployed True Crypt (encryption software) on organization wide laptops to minimize the exposure in case of theft/loss of laptops by encrypting the hard dives as part of Risk Treatment Plan of ISMS implementation.
• Development and periodic review of TSOM rules.
• Initiated and updated Technical Vulnerability Management procedure to include risk assessment in the form of penetration testing.
• IT infrastructure vulnerability assessment using Nessus, nipper and other open source software and ensure closure of vulnerabilities reported.
• Employed effective vulnerability management skills to decrease vulnerability count considerably
• Daily review of published vulnerabilities and assessment of their impact on CDC infrastructure.
• Periodic penetration testing of websites using Acunetix and other open source software and ensure closure of identified issues.
• Conducted organization wide training on Security Incident Management System.
• As Security Incident Response Team (SIRT) Lead participated in information security incident investigations to the maximum capabilities available at the organization.
• Review and update IS security policies and procedures and ensure implementation.
• Perform risk assessments in coordination with different departments of projects and ensure implementation of recommendations.
Worked as a Software Development Engineer responsible for software design, development, testing, maintenance and system administration.
Ontic Technologies (pvt) Ltd (from Aug 2004 to Dec 2004)
Worked as a Software Engineer responsible for software design, development, testing and maintenance.
Worked as a software developer internee.
Scholarship awarded on merit by the National University of Sciences and Technology for M.S.
Scholarship awarded on merit by the Ministry Of Science and Technology (MOST) for B.S.