Irfan Feroze

Act as independent executive primarily responsible for Touchstone Communications compliance and security including conducting the overall IT Audit for Compliance and security of overall touchstone technology systems throughout all centers. Proactive formulation and maintenance of documentation required for the implementation of the strategies and implementations for information technology security and compliance. Develop budget and schedules renewal of product and software licenses. Anticipate & Recommend new technological advancements to overcome business, security, and compliance problems. Identify business, security, and compliance opportunity requirements and recommend the market competitive up-gradation and technological compliances Supervise IT team to meet department goals. Develop and monitor KPIs and test drives to carry out offensive and defensive attacks on systems to ensure the facilities are secured & compliant all the time. Monitor and communicate project status to leadership on a regular basis. Keep the leadership abreast with any and all offensive and defensive anticipated threats.
Principal Accountabilities:

1. Advise senior management on matters related to Information Security and compliance to enhance the company’s overall security posture.
2. Lead Touchstone to gain and maintain PCI, DSS, SOCII, NIST, and HIPAA Compliance certifications.
3. Leading the Information Security & compliance initiatives to meet Touchstone organization-wide internal and external Information Security requirements.
4. Development and implementation of information security policy across the organization.
5. Conduct company-wide security assessment including but not limited to risk analysis, penetration testing of existing infrastructure including mobile applications, environment audit, and code assessment.
6. Review and revise the development process to implement SSDLC.
7. Develop and implement an information security awareness and training programs.
8. Manage compliance and regulatory requirements concerning the information security department.

needs in each office in the region.
•Supervise the implementation of the ICT operations plan and thereafter ensures that all
•equipment is in good working conditions at all times as to meet the ICT needs of the
•offices in the region.
•Discuss infrastructure needs with the Head of offices in the Area of Responsibility (AOR)
•and provide input for the budget submission.
•Monitor and coordinate the work of other ICT staff as directed by the Head of Offices in
•accordance with the standards set by Headquarter.
•Maintain an up-to-date inventory of all infrastructure equipment under AOR.
•Assist and advise offices in the recruiting, provide coaching, and training to ICT staff and
•users.
•Draft procedures and instructions to promote a better understanding of the use of the ICT
•equipment.
•Participate in the assessment of security related projects in coordination with the Field
•Security Advisor and assists in the formulation of recommendations for security.

Assisted in establishing and managing enterprise-wide information-security program. Oversee organization wide efforts to identify and evaluate all critical systems. Design and implement security processes and procedures and perform cost benefit analysis on all recommended strategies. Collaborate with external auditors to conduct in-depth compliance audits and penetration testing, presenting all results to senior management. Develop curricula and facilitate awareness training for management and employees.

Key Contributions:

•Instrumental in implementing Business Continuity and Disaster Recovery (BCP & DRP) Plans for Askari Bank Ltd.
•Assisted in creating company policies and procedures governing corporate security, email and Internet usage, access control, and incident response.
•Assisted authoring numerous ISO 27001 procedures and security policies in support of IT operations, participating in regular audits to ensure regulatory compliance.
•Active participant for BCP/DRP testing, including testing Security and network
•components.
•Review projects of Information technology from Information security perspective. Overall coordination and tracking of all internal and external related security incidents. Prepare information security incident reports as applicable and assume ownership for timely resolution of all Information Security incidents as per SLAs.
•Set process to track and monitor the vulnerabilities on various information assets and track the same for closure. Ensure timely updates of risk register and liaise with internal teams on closure.
•Perform Periodic risk & vulnerability assessment of IT infrastructure.
•Ensure compliance with ISO27001:2005 standards and ensure relevant evidences are appropriately collected and maintained centrally.
•Track and analyze Change Management and Security Incident response reports.
•Manage day-to-day Information Security related Operations.
•Create management reports with respects to Identity & Access management.
•Perform internal audits and physical reviews, and conduct application Security review.
PROJECTS
•INFORMATION SECURITY MANAGEMENT SYSTEMS - ISMS (ISO 27001)
•BUSINESS CONTINUITY PLAN (BCP) - Askari Bank LTD
•Disaster Recovery Plan (DRP) - Askari Bank LTD
•IS Review Monitoring System - Askari Bank LTD
•Risk Management System - Askari Bank LTD