Bayt.com
Adnan Fayyaz, Senior Manager Information Security & Privacy

Adnan Fayyaz

Senior Manager Information Security & Privacy

SS&C | Primatics Financial

Location
Pakistan - Karachi
Education
Bachelor's degree, Telecomm. and Networks
Experience
12 years, 4 Months

Share My Profile

Block User


Work Experience

Total years of experience :12 years, 4 Months

Senior Manager Information Security & Privacy at SS&C | Primatics Financial
  • Pakistan - Karachi
  • My current job since February 2019

Total Employees: 22, 600+

Who We Are:
SS&C EVOLV is a comprehensive, cloud-based, end-to-end accounting solution for financial institutions that integrate and automate all risk and finance processes relating to a loan portfolio, from data capture to back-end reporting and analytics. EVOLV streamlines loan accounting, increases efficiency, assures data integrity, strengthens compliance, and frees managers to focus on making better-informed decisions.

Duties & Job Responsibilities:
- Responsible to coordinate with Business executives and cross functions to deliver successful Information security operations by managing a business-wide security team.
- Responsible to oversee, manage, maintain, and improving business unit Information Security Policies, procedures, and controls.
- Responsible for delivering an integrated Governance, Risk, and Compliance (GRC) Program for group-wide GRC requirements.
- Responsible for managing routine security operations, SOC 1 Type II, SOC 2 Type II audits, IT Risk Management Program, Vulnerability Management Program, and Third-party Vendor Risk Management Program for business unit operations.
- Responsible to drive business-wide Information Security initiatives, new implementations, and upcoming projects.
- Responsible to oversee Information Security Training & Awareness activities and Business Continuity/Disaster recovery plan.

Manager Information Security at SS&C | Primatics Financial
  • Pakistan - Karachi
  • March 2016 to January 2019

Key Achievements:
- Initiated, tested, implemented, and rolled out Enterprise-grade Application for managing Third Party Open-Source code analysis and licensing management.
- Developed and implemented workflow-based automated mechanism for policies, procedures, programs, and processes annual review and final sign-off.
- Proposed, assessed, acquired, and implemented pre-populated Shared Assessments SRA SIG and Cloud Security Alliance CAIQ questionnaire bundled with tearsheets for clients' periodic security due diligence requests as the first line of response.
- Migrated AICPA SOC 2 Control sheet to TSP 2017 Criteria to align business reports with the latest market available standard.

Assistant Manager Information Security at Primatics Financial
  • Pakistan
  • August 2014 to February 2016

Key Achievements:
- Managed and delivered successful on-site client technology audits.
- Initiated and developed a risk management program and periodic risk assessment process for companywide verticals.
- Initiated and developed a separate internal audit management team, which is responsible for all internal and external audits including onsite client audit requests and periodic internal audits.
- Developed and rolled out a process and team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions.

Information Security Analyst at SS&C | Primatics Financial
  • Pakistan - Karachi
  • December 2012 to July 2014

Key Achievements:
- Closely worked with the Senior Management in the development of the Vulnerability management program. Managed and delivered semi-annual internal and external vulnerability assessments.
- Initiated and developed a due diligence Vendor management program, processes, questionnaires, risk assessment guide, and reporting templates for critical vendors and service providers.
- Managed and delivered successful SSAE 16 SOC I Type 2 service Audit.
- Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) plans for corporate offices in Karachi, Pakistan, and Mclean VA, USA.
- Initiated and developed a highly effective Information Asset register upgrade procedure to enable the latest information in risk assessment activity.

Information Security Analyst at Trillium Information Security Systems
  • Pakistan - Karachi
  • March 2012 to December 2012

Key Achievements:
- Assisted clients with architecting and implementing security solutions.
- Coordinated with parties to ascertain the requirements and execution of penetration testings, vulnerability assessments, and configuration audits.
- Carried out pre-project presentations and performed successful PoCs and technical demos of Rapid7 NeXpose, Rapid7 Metasploit, and CA Identity Minder with several banks and institutions in Pakistan.
- Led professional training team to deliver several successful EC-Council official training for clients.

Education

Bachelor's degree, Telecomm. and Networks
  • at Karachi Institute Of Economics And Technology
  • February 2010

Specialties & Skills

Information Security Management
+Endorse 0
Vulnerability Management
+Endorse 0
IT Audit
+Endorse 0
Risk Management
+Endorse 0
ISO 27001
+Endorse 0
CUSTOMER RELATIONS
+Endorse 0
DISASTER RECOVERY PLANNING
+Endorse 0
INFORMATION SECURITY
+Endorse 0
MANAGEMENT
+Endorse 0
POLICY ANALYSIS
+Endorse 0
PROCESS ENGINEERING
+Endorse 0
REPORTS
+Endorse 0
RISK ASSESSMENT
+Endorse 0
RISK MANAGEMENT
+Endorse 0
ACCOUNTANCY
+Endorse 0

Languages

English
Expert
Urdu
Native Speaker

Training and Certifications

ISC2 Certified in Cybersecurity (CC) (Certificate)
Date Attended:
October 2022
Certified Ethical Hacker (CEH) [v6] (02/2011 - 01/2015) (Certificate)
Date Attended:
February 2011
ITIL v3 Foundation Certified (12/2011 - 11/2014) (Certificate)
Date Attended:
December 2011
ITIL Intermediate (Operational Support & Analysis) (Certificate)
Date Attended:
April 2012
Information Security Foundation based on ISO/IEC (Certificate)
Date Attended:
May 2012
EC-Council Certified Security Analyst (ECSA) (Certificate)
Date Attended:
August 2012
Valid Until:
July 2015
CISSP (Certificate)
Date Attended:
August 2017
Valid Until:
July 2023

Hobbies

  • DIY Tech Projects
  • Traveling
  • Photography