Farrukh Raza

• Develop, implement and manage portfolio of information security governance, risk
and compliance for client organizations.
• Develop, Implement, and manage the Personal Data Protection Law and its
associated regulations for clients within KSA.
• Conducted regular data protection impact assessments (DPIAs) and maintained
records of processing activities to ensure compliance with PDPL and GDPR.
• Drafted and updated data processing agreements, privacy notices, and cookie
policies to ensure compliance with evolving regulations.
• Led privacy and information security awareness and training programs.
• Develop and provide awareness and training sessions to clients based on ISO 27001,
PDPL, PCIDSS and various standards.
• Monitored and tracked regulatory changes, implementing necessary amendments to
maintain compliance.
• Conduct cyber security gap assessments against various standards, benchmarks
and frameworks, which include KSA PDPL, SAMA CSF, NCA ECC, DCC, CSCC, CCC,
OSMACC, ISO 27001, CSC, PCIDSS.
• Developed Information Security policies, procedures, processes and standards
based on KSA PDPL, ISO 27001, NCA, SAMA CSF, CITC, CSA, PCI-DSS and other
regulatory requirements.
• Conducts vulnerability assessment by leveraging multiple tools such as Nexpose,
Nessus, Appspider.
• Manage vulnerability assessment programs for multiple clients to meet the
regulatory and business partners requirements.
• Review compliance with applicable regulatory requirements, international standards
and best practices.
• Conduct security configuration reviews of network components, application security
reviews for multiple clients.
• Continuously monitor and maintain the PCI DSS program for multiple clients.
• Conducted compliance assessments on multiple clients from different industries
including Government organizations, FinTechs, Cloud service providers,
pharmaceutical company, and insurance sector etc.

• Periodic security and Vulnerability Assessment of assets.
• Perform security review/ assessments of web application, Network Architecture, on
an annual basis or on ad-hoc basis as suggested by senior management or as per
business need.
• Perform periodic reviews of Information security policies compliance and prepare
reports for management. Design of Technical Documents/Guidelines/SOPs.
• Interact with and liaison with internal and external auditors as per audit
requirements.
• Evaluate effectiveness of security tools and testing methods related to information
security
• Oversee the user application/databases access documentation with information
owners for approval & periodic review of user access rights.
• Stay up-to date with the latestthreat landscape for threats, discover potential threats
in organization and provide mitigation.
• Ensure that information security is adequately addressed in the development stage
of any new products/portals.
• Facilitate in the development of cyber security policies, standards, guidelines for
regulating the financial sector.
• Implement, manage and operate Data loss prevention tool based on the
requirements of data classification and protection.

Information Security projects including Vulnerability Assessment, Network Designing and
Implementation, Configuration Review, Risk Assessment, PCI- DSS and PA-DSS Compliance
Testing and Assessment. Further responsibilities are mentioned below:
• Information Security Governance and Compliance
• PCI-DSS Compliance Testing
• PA-DSS Compliance Testing
• Actively participated in understanding of clients requirement and advises them on
solutions which fulfills their requirement.
• Determined cybersecurity threats including description of risk scenarios.
• Conducted series of interviews with Business and Technology to understand selected
processes and the associated technology.
• Vulnerability Assessment.
• Network Infrastructure Design and Configuration Review
• Enterprise Level solution (Such as SIEM, SYSLOG Server) Deployment

• Conduct Cyber Security review with core focuses on IT network Infrastructure on
different engagements
• Conduct network security assessments and infrastructure assessments.
• Assess Information Security Policies, Procedure, and Frameworks etc. Identify gaps in
existing IS frameworks of different clients.
• Conduct vulnerability assessments and secure configuration reviews of network
infrastructure.
• Assess effectiveness of security controls implemented for the protection of IT &
Information Assets.
• Review security infrastructure and security monitoring systems. Such as SIEM
Solutions.
• Review compliance with applicable regulatory requirements, international standards
and best practices.

• Managing overall Network Security operations and providing network related support
(Including Internet/Extranet/ADC/DMZ Segments, Payment Systems and Access Control
System).
• Configuration, Management, Maintenance, Implementation & Troubleshooting of
Multi-vendor core Network Security Devices (Paloalto and Cisco Firewalls, Routers,
Switches, IPS, ACS).
• Periodic analysis of security controls of multiple network segment and report
vulnerabilities and weakness to the senior management.
• Design & Maintenance of Extranet Segment including 1Link, SMS Gateway Service, Payment
Service (Master Card, Union Pay) & IPsec VPN with International sites.
• Co-ordinate with vendors and consultants for all network related projects, support and
maintenance of network devices.
• Play a vital role in the deployment of Fireeye, QRadar at HBL Primary site HOK and HBL DR
Site LHR.
• Perform and document system operations process and procedures including the installation
testing of network upgrades, failover, and configuration, DR Plans, Change Management and
updating Network Topologies.
• Interact with Senior Management and the user community to analyze current operations,
suggest improvements and implement systems according to their requirements.

• Establishing networking environment by designing network configuration, defining,
documenting, and enforcing system standards.
• Manage multi-vendor networks that include HP and Cisco devices.
• Basic configuration of firewalls. Assist in building up and running a strong technical
network for the organization.
• Network Management including configure and maintain Cisco Juniper, & HP devices such
as routers, switches (L2 & L3) & Wi-Fi Devices.
• Troubleshooting technical problems and implementing solutions.
• Researches, analyzes, monitors, troubleshoots and resolves data network problems.
• Responsible for the fast and accurate troubleshooting of reported faults.
• Communicate with end users to understand their technical need and troubles faced while
operating the equipment.