Abdul Hakim Khan

• Successfully implemented enterprise-level IT governance frameworks mapped to COBIT, NIST, ITIL, ensuring business processes and underlined information systems are aligned with regulatory mandates (SOX, HIPAA, PCI-DSS), and organizational objectives, and information security requirements, significantly enhancing the operational resilience.
• Successfully resolved audit findings and significant control deficiencies through structured and collaborative risk mitigation strategies and risk remediation programs, significantly reducing 80% audit findings and control deficiencies. Led end-to-end audit remediation process educating risk owners and control owners.
• Managed and monitored all technological risks and business risks, spearheaded Risk assessments, developing risk mitigation strategies, led end-to-end audit remediation process educating risk owners and control owners on designing and implementing robust safeguards and IT controls, IT policies and industry standards, and guidelines.
• Managed end-to-end Information Security Management programs, implemented security governance frameworks aligning with ISO/IEC 27001, NIST; conducted comprehensive risk assessments, implementing information security controls mapping with NIST 800-53, ISO 27001, and SOC 2 standards, significantly enhancing security posture.
• Organized and managed internal and external IT Audits and regulatory audits, and developed audit program for information security audit. Executed IT control testing, evaluating the design and operating effectiveness of information security controls and IT Controls (ISAE 3402 and CAPA standards).
• Led the design and implementation of Control Objectives (baseline controls), designed and implemented IT controls and baseline security controls, aligning with regulatory compliance requirements (SOX, HIPAA, PCI-DSS) and information security frameworks (ISO 27001, NIST, SOC 2).

• Spearheaded Risk assessments, managed and monitored all technological risks, developing risk mitigation strategies, led end-to-end audit remediation process educating data owners and data custodians on designing and implementing robust safeguards and IT controls, IT policies and industry standards, and guidelines.
• Implementing compliance frameworks (ISO 27001, NIST 800-53, SOC 2). Designed and implemented robust safeguards, information security controls, IT policies, standards, and guidelines, mapping with information security and privacy frameworks (NIST 800-53, ISO 27001, SOC 2, PCI-DSS), enhancing security posture across the organization.
• Implemented IT governance frameworks mapping to COBIT, NIST, ITIL, ensuring alignment with regulatory mandates (SOX, HIPAA, PCI-DSS), significantly enhancing the operational resilience/ efficiency and establishing robust IT governance and IT control environment.
• Developed audit program for information security audit, managed internal and external IT Audits, and Executed IT control testing, evaluating the design and operating effectiveness of information security controls and IT Controls (ISAE 3402 and CAPA standards).

• Implemented IT governance frameworks mapping to COBIT, NIST, ITIL, ensuring alignment with regulatory mandates (SOX, HIPAA, PCI-DSS), significantly enhancing the operational resilience/ efficiency and establishing robust IT governance and IT control environment.
• Managed and monitored all technological risks and business risks, spearheaded Risk assessments, developing risk mitigation strategies, led end-to-end audit remediation process educating risk owners and control owners on designing and implementing robust safeguards and IT controls, IT policies and industry standards, and guidelines.
• Implemented security governance frameworks aligning with ISO/IEC 27001, NIST; conducted comprehensive information security risk assessments, implementing information security controls, and maintained SoA and risk treatment plans to ensuring ISMS effectiveness and significantly enhancing security posture across the organization.
• Developed and presented executive-level dashboards summarizing risk exposure, control effectiveness, compliance trends, and audit readiness, improving leadership visibility and decision-making. Delivering holistic & centralised dashboarding to senior management and leadership, and reporting to the head of technology (GRC).

• Assessed and managed the implementation of GRC process controls, delivered GRC automation solutions enforcing continuous control monitoring (CCM) features, automating RCSA, KRI’s, and, automated control testing mechanism and audit logs.
• Implemented security governance frameworks aligning with ISO/IEC 27001, NIST; conducted comprehensive information security risk assessments, implementing information security controls mapping with NIST 800-53, ISO 27001, and SOC 2 standards, and maintained risk treatment plans ensuring ISMS effectiveness.
• Led the design and implementation of Control Objectives (baseline controls), designed and implemented critical IT controls, baseline security controls, ITGC controls and IT application controls, aligning with regulatory compliance requirements (SOX, HIPAA, PCI-DSS) and information security frameworks (ISO 27001, NIST, SOC 2).
• Implemented IT governance frameworks mapping to COBIT, NIST, ITIL, ensuring alignment with regulatory mandates (SOX, HIPAA, PCI-DSS), significantly enhancing the operational resilience/ efficiency and establishing robust IT governance and IT control environment.
• Managed and monitored all technological risks and business risks, spearheaded Risk assessments, developing risk mitigation strategies, led end-to-end audit remediation process educating risk owners and control owners on designing and implementing robust safeguards and IT controls, IT policies and industry standards, and guidelines across multiple processes and information systems ensuring regulatory compliance requirements SOX, GDPR, and PCI-DSS.

• Assessed and managed the implementation of GRC Access Controls, delivered GRC automation initiatives enforcing access governance, enforcing compliance via automated compliance workflows for access management, user management, role management, emergency access & segregation of duties (SoD) review processes.
• Managed and monitored all technological risks and business risks, spearheaded Risk assessments, developing risk mitigation strategies, led end-to-end audit remediation process educating risk owners and control owners on designing and implementing robust safeguards and IT controls, IT policies and industry standards, and guidelines.
• Led the design and implementation of Control Objectives (baseline controls), designed and implemented critical IT controls, baseline security controls, ITGC controls and IT application controls, aligning with regulatory compliance requirements (SOX, HIPAA, PCI-DSS) and information security frameworks (ISO 27001, NIST, SOC 2).
• Delivering holistic & centralised dashboarding to senior management and leadership, and reporting to the head of technology (GRC). Developed and presented executive-level dashboards summarizing risk exposure, control effectiveness, compliance trends, and audit readiness, improving leadership visibility and decision-making.

• Developed an automated IT controls testing tool and vulnerability assessment tool reviewing SAP and Oracle system configurations, security configurations, reviewing User and Role access, and reviewing Identity and access management (IAM) processes.
• Executed IT control testing, evaluating the design and operating effectiveness of information security controls and IT Controls (ISAE 3402 and CAPA standards), identified compliance gaps, and recommended mitigation strategies. Executed IT audit engagements including information security audits, ITGC audits, vulnerability assessment.
• Conducted vulnerability assessment, reviewing SAP system configurations, security configurations, reviewing SAP transaction codes, User and roles access, reviewed security configurations and security architectures for multiple SAP ERP business applications and IT systems (ECC, S4 HANA, BW, HR).
• Analysed SAP authorizations at User and Role level, redesigned SAP authorization models and remediated SOD conflicts and mitigated SOD violations, addressing 80% SoD violation and SoD conflicts, developed and maintained SoD ruleset across all business processes.

• In the initial career years, designed and implemented robust SAP security authorization models, ensuring robust access control across SAP ECC, BW, and HR systems. Created and maintained multiple SAP roles ensuring only authorized users have appropriate access, strictly following the policy of least privilege and correct privilege.
• Analysed SAP authorizations at User and Role level, redesigned SAP authorization models and remediated SOD conflicts and mitigated SOD violations, addressing 80% SoD violation and SoD conflicts, developed and maintained SoD ruleset across all business processes.
• Designed and implemented GRC Access Controls, delivered GRC automation initiatives enforcing access governance, enforcing compliance via automated compliance workflows for access management, user management, role management, emergency access & segregation of duties (SoD) review processes.
• Conducted vulnerability assessment, reviewing SAP system configurations, security configurations, reviewing SAP transaction codes, User and roles access, reviewed security configurations and security architectures for multiple SAP ERP business applications and IT systems (ECC, BW, HR).