Senior Information Security Officer
Central Power Purchasing Agency Limited
Total years of experience :8 years, 9 Months
• Provided comprehensive on-going leadership and support for a variety of information security-related projects including sole leadership and strategic direction for information security management while reporting directly to the CIO, contributed to the cyber assessment metrics and GRC reporting to senior management to influence risk-based results. • Developed comprehensive policies, security controls and procedures to safeguard organizational assets, ensure data integrity, availability and confidentiality, which seamlessly integrate with existing operations and ensures adoption of best practices to improve IT service delivery, and security of classified data belonging to CPPA-G and policies that supported the objectives, requirements and business continuity in-line with organization information security plans and ensured compliance with all government, industry regulations.
• Created and launched Information Security Awareness program at various organizational levels in collaboration HR&A functions, increasing Information Security by E-Learning (LMS) that allows employees to access material from anywhere, at any time and gives the ability to take training courses during lower production periods, instead of attending in-person seminars and reduced company capital on professional trainers.
• Developed and implemented the Information Security risk management program and conducted thorough risk assessment of all IT and non-IT assets that identified gaps and areas for improvement of risk posture, developing solutions for remediating or mitigating risks, assessing the residual risk and monitor progress towards plan implementation.
• Introduced a comprehensive reporting system, which ensures ease of reporting any issues faced by employees, and their timely resolution through investigations by dedicated teams.
• Introduced a Monitoring system to ensure 24/7 physical and environmental security, with periodic checks to verify integrity of each security control adopted, under the authority of Human Resource Department.
• Adoption of IT Service Desk Management System to initiate an automated ticketing system, asset management, incident & problem management, configuration management and knowledge management resulting in improved operational efficiency, increased staff productivity, improved accountability within business functions through standardization.
• Ensured adoption of best practices to improve the quality of in-house application development. These best practices ensure baseline security and extensive quality checks, ensuring a better control over the problems faced during development of multi-layered solutions.
• Elaborated a comprehensive business continuity plan for established IT services, customized data backup policies, based on the type of data being processed and retained. Ensuring extremely reduced downtime to avoid disruption of business-critical services and mitigate financial risks.
• Budgeting and cost control for the Information Security’s Project by reducing IS capital expenditure and operating expenditure costs through consolidation and re-negotiation of key contracts.
• Drive & delivered the internal initiative to certify CPPA-G’s Information Security Management System and Information Technology Service Management System to be vetted by ISO27001 and ISO20000.
• Planned, deployed, and administered DARKTRACE DETECT & RESPOND Network Threat Detection and Response System to detect and respond autonomously to unpredictable and novel cyber-threats for containment and disarmament.
• Lead deployment and administered Infoblox’s BloxOne Threat Defense Advanced Secure Recursive DDI system to protect corporate users and roaming users from DNS based Threat Vectors and to provide visibility on DNS protocol.
• Deep Security Management to protect protect enterprise applications and data from breaches and business disruptions without requiring emergency patching.
• Conducted audits on information technology (IT), operating systems (OS)platforms and operating procedures in accordance with established standards for efficiency, accuracy, security, and risk mitigation.
• Identified control gaps in processes, procedures, policies and systems through in-depth research and assessment and suggested methods for improvement
• Evaluated IT infrastructure in terms of risks to the organization and established controls to mitigate loss. Determined and recommended improvements to enterprise risk management controls
• Supervised engagements by planning audits, reviewed work papers, and prepared audit reports
• Demonstrate ability to identify control weaknesses, follow up on potential issues and document high quality audit issues with clear description of the finding, risk, and management action plans.
• Identified management control flaws and made value-added recommendations for improvement
• Managed project status: facilitated audit status meetings to communicate findings, issue, and areas for improvement to senior management and executive leadership.
• Created final audit reports, and oversee implementation of corrective action plans, while maintaining communications with all levels of management and prepare draft reports for review by department management.
➢ Postfix Mail Server: Configure a mail server to exchange mails within the organization employees.
➢ ElasticSearch / Logging-Server: Configure the Logging Server to store and monitor logs.
➢ Nagios Monitoring Server: Keeping an inventory of servers, and making sure critical services are up and running.
➢ Zentyal Server: Creating Zentyal server to add multiple domains and add multiple users for each domain, configuring Odoo Server to use Zentyal LDAP user and to make sure they logged in into Zentyal virtual domains.
Thesis ZeuS Malware : Analysis & Detection
UET Taxila - June, 2013 Bachelors: B.E IT (Information Technology)