AVP Information Security Governance Risk and Compliance
National Bank of Pakistan
Total years of experience :11 years, 2 Months
Implementing security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances the Bank’s business objectives.
Leading the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Conducting periodic risk assessments for Domestic and Int's branches to identify, assess and treat the risk, and document cyber and third-party risks in corresponding risk registers in-line with defined
policies and procedures.
Evaluating risks and develops security standards, procedures, and controls to manage risks. Improves PCC’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Creating and maintaining tools like risk register, information assets register and security maturity etc.
Conducting insider threat and third parity risk assessments and documenting in detail current states,
improvement opportunities, and proposed action plans.
Working with Internal Audit, State Board of Regents, Auditor General's Office and outside consultants as
appropriate on required security assessments and audits.
Responsible for Compliance gap assessments (GDPR, CCPA, ISO 27001 and SBP).
Responding to, investigating and remediating any breach and/or potential security issues.
Implementing processes, such as GRC (governance, risk and compliance), to automate and continuously monitor
information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence
artifacts.
Reviewing and updating all Risk Management documentation to ensure all documentation matches the current
operating posture.
Updating security controls and provides support to all stakeholders on security controls covering internal
assessments, regulations, protecting Personally Identifying Information (PII) data, Payment Card Industry Data
Security Standards (PCI DSS) and Cyber Security Frameworks.
Assisting other staff in the management and oversight of security program functions.
Responsible to carry out Continuous Audit throughout Telenor Group across the Globe
Responsible to develop high level policies and procedures
Adherence to ISO 27001, GDPR and CCPA.
Ensuring the implementation of guidelines and strategies
Ensuring the adherence to processes
Conducting Privacy risk assessments and documenting in detail current states, improvement opportunities, and
proposed action plans
Responding to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by
evaluating or recommending the initiation of investigative procedures
Ensuring that compliance Issues/concerns within the IT are being appropriately evaluated, investigated, and
resolved.
Conducting insider threat and third-party risk assessments and documenting in detail current states, improvement
opportunities, and proposed action plans.
Identifying potential areas of compliance vulnerability and risk; develops/ recommends corrective action plans for
resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in
the future.
Developing, maintaining, and revising policies and procedures for the Information Security, Business Continuity
and Quality assurance operation of the IT Compliance Program and its related activities to prevent illegal,
unethical, or improper conduct.
Collaborating with other departments (e.g., Risk Management, Internal Audit) to direct compliance issues to
appropriate existing channels for investigation and resolution.
Providing reports on a regular basis, and as directed or requested, to keep the IT Steering Committee or
Information Security Steering Committee and senior management informed of the operation and progress of compliance efforts.
Responsible to carry out all the policies, standards, guidelines and procedures of ISMS Program across organization.
Safeguarded information system assets by identifying and solving potential and actual security problems
Responsible to handle detailed operational process and procedures to appropriately analyse, escalate, and assist in
remediation of critical information security incidents.
Performed information control reviews to include system development standards, operating procedures, system
security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
Continuously updated the company’s incident response and disaster recovery plans
Performed general and application control reviews for simple to complex computer information systems
Analyzed risks and opportunities using SWOT (Strength, Weaknesses, Opportunities and Threats) Analysis
Conducted IS Auditing and ISMS Policies, Standards, Procedures and Baselines
Performed both internal and external security audits
Conducted security assessments through vulnerability testing and risk analysis
Analyzed security breaches to identify the root cause
Follows up on audit findings to ensure that management has taken corrective action(s).
Interpreted, built upon, and complied with company quality assurance standards.
Liaised with clients to identify and define project requirements, scope and objectives.
Performed IT Systems risk management.
Monitored computer networks for security issues.
Build trusted and effective relationships working with project managers to ensure they deliver on-time, on-budget,
on benefit and on-quality (and intervening to resolve i
Installed security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
monitored, managed, and configured security tools, review incidents to assess their urgency, and escalate incidents if necessary.
Responsible to handle possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
Identified, assesses and mitigate risks above the org risk appetite, issued and provide solutions where applicable.
Analyzed events using the Splunk, Log Rhythm and QRadar SIEM tool to detect IT security incidents.
Documented and disseminate information security policies, procedures, and guidelines
Ensured related compliance requirements are addressed, e.g., privacy, security, and administrative regulations
associated with federal and state laws.
Conducted operational, compliance, and investigative audits, as assigned.
Suggested enhancements in controls, policies and procedures using NIST CSF and ISO 27001-2 ISMS
Coordinated technology governance methodologies and frameworks.
Assessed technology risk and developed audit and advisory plans.
Researched and implemented best practices in help desk and IT support also ensured policies and procedures are
followed.
Ensured appropriate risk mitigation and control processes for security incidents as required
Recommended information technology strategies, policies, and procedures by evaluating organization
Conducted IS Auditing and ISMS Policies, Standards, Procedures and Baselines
Ensured the highest levels of systems and infrastructure availability
Monitor logs across Microsoft platforms like Sentinel, Defender, ATP etc.
Created new policies and procedures for IT Service Management, Service Delivery and Compliance
Installed security measures and operate software to protect systems and information infrastructure, including
firewalls and data encryption programs
Monitored and tested application performance for potential bottlenecks, identify possible solutions, and work with
developers to implement those fixes
identifying areas that need improvements or overhauls and implementing these changes
Installed security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs
Provide strategic advice on using technology to achieve goals
Evaluated risk, document processes and systems in flowchart and narrative form and design audit programs.
Change Management strategist, designer, and implementer. Created workflow to follow ITIL change types, change
models, and approvals.
Documented security breaches and assess the damage they cause.
Developed company-wide best practices for IT security using ISO 27001 ISMS
Conducted IS Auditing and ISMS Policies, Standards, Procedures and Baselines
Liaised with clients to identify and define project requirements, scope and objectives
Created Polices, Procedures in compliance with HAAD (Department of Health- Abu Dhabi)
Conducted efficient and effective IT audit procedures
Performed regular audit testing and provided recommendations
Safeguarded assets by planning and implementing disaster recovery and back-up procedures and information
security and control structures
Carried out Hospital Electronic Health Record Implementation process as well as planned, coordinated, directed,
and designed all operational activities of the Hospital IT department.
Created new policies and procedures for IT Service Management and Service Delivery
Fixed detected vulnerabilities to maintain a high-security standard
Refreshed and maintained data center infrastructure, managed procurement life cycle and ensured asset
maintenance
Responsible for the complete flow of the Identity and Access Management.
Administrating computer management systems and active directory in creating objects, groups, giving permissions
and to approved users to access the network
Managed the launch and implementation of the IT Service Management organization, defining objectives,
scope and deliverables for the project
Provided product development, database administration, and application support to support all users
Sustained information systems results by defining, delivering, and supporting information systems;
auditing application of systems.
Conducted IS Auditing and ISMS Policies, Standards, Procedures and Baselines
Assessed information systems results by auditing application of systems
Safeguarded assets by planning and implementing disaster recovery and back-up procedures and
information security and control structures
diagnosing and solving problems that develop in their operations.
Managed Domain Controller, Active Directory and DHCP Server.
Managed & simplify software distribution, Patch management, control of remote desktops of all OS,
Maintained log and/or list of required repairs and maintenance.
Responds to queries, runs diagnostic programs, isolates problem, and determines and implements solution.
Completed Email systems Management in Microsoft Exchange Server 2010
Designed and implemented organization’s network and server infrastructure
Database (SQL, Access & Oracle) update & maintenance.
System Protection with Kaspersky, Symantec Endpoint Antivirus protection.
CS
courses: Nowshera,
courses: Certification ✓ ITIL Foundation V3 R750429580IK ✓ Cisco Certified Network Associate CCNA (R&S) CSCO13334081 ✓ Microsoft Certified Solution Expert MCSE Server Infrastructure
URL removed due to policy violation. Please contact support for further information.