Head of Information Security
Almajdouie Holding
Total years of experience :19 years, 4 Months
Heading the Information Security function at group level
Heading the Information Security Governance, Risk, Compliance and Trainings & Awareness Teams of NADRA Pakistan.
Responsibilities include:
ô Conducting ISO27001 Internal Audit for Financial Services - Mobile Banking (EasyPaisa)
ô Conducted TL9000 Internal Audit for Business Services, NOC
ô Conducted ISO14001 Internal Audit of Telenor Pakistan
ô Performing Business Impact Analysis for Business Services
ô Conducting Policy Compliance Reviews
ô Performing Incident Response activities
ô Conducting Application Security Reviews
ô Conducting Process Reviews
ô Coordinating with External Auditors
ô Coordinating with Tameer Bank
ô Ensruing regulatory compliance in Financial Services - Mobile Banking
Responsibilities included:
ô Managing the IT Advisory Service line & IT Audits of KPMG TH Islamabad Office
Major Projects include:
ô Integrated Banking System Selection Consultancy to Khushali Bank
ô Royal Bank of Scotland global KPMG assignment of conducting ISO27001 based security reviews of RBS vendors.
ô Conducted ISO27001 based security review of Ufone for RBS-Ufone co-branding project
ô Conducted ISO27001 based security review of Chanda Law Associates
Responsibilities include:
ô Leading the IT Advisory Section of KPMG TH Islamabad Office
ô Leading the Information Risk Management (IRM) Audit team of KPMG TH Islamabad Office
IRM clients audited belong to following sectors:
ô Hospitality
->Marriott Hotel Islamabad, Marriott Hotel Karachi, Serena Hotel Islamabad, Pearl Continental Hotel Rawalpindi, Hashwani Hotels Limited, Pakistan Services Limited
ô Manufacturing
-> AkzoNobel (formerly ICI Pakistan), Murree Brewery, Biafo Industries Limited, Bestway Cement Limited, Mustehkam Cement Limited, Fauji Cement Company Limited, Fauji Fertilizer Company Limited, Fauji Fertilizer Bin Qasim Limited
ô Telecom
-> Mobilink (PMCL), Diallog CDMA
ô Insurance (nonlife)
-> Askari General Insurance Company Limited
ô NGO
-> National Rural Support Program (NRSP), Sarhad Rural Support Program
ô Pharmaceutical
-> Ferozsons Laboratories Limited
ô Government
-> Pakistan Telecom Authority (PTA)
ô Oil & Gas
-> Halliburton, Oil & Gas Development Corporation Limited, Dewan Petroleum Limited
ô Stock Exchange
-> Islamabad Stock Exchange
ô Electricity Generation & Distribution
-> Islamabad Electric Supply Company Limited, Southern Electric Power Company, Uch Power, Saif Power Limited, Fauji Power Company (Dharki) Limited
ô Airline
-> Air Blue
ô Banking & Microfinance Institution
-> NRSP Bank, Khushali Bank Limited, First Microfinance Bank
ô Software House & IT Consulting
-> Landmark Resources (LMKR)
ô Construction
-> PakGulf Construction
ô Leading one of ISO/IEC 27001:2005 implementation team.
ô Maintaining Disaster Recovery Plan
ô Managing Information Security Group (ISG) in the absence of Manager
ô Member Incidence Response Team
ô Coordinating with Consultants, External Auditors & Pakistan Software Export Board (PSEB) Representatives
ô Creating and implementing information security policies and practices in DPS Inc.
ô Monitoring and Controlling the Information Security Management System (ISMS).
ô Implementing ISO/IEC 27001:2005 controls
ô Implementing Information Security related CMMI process areas.
ô Conducting internal audits of applications, processes and physical sites.
ô Conducting risk analysis
ô Providing Information Security Consultancy to the clients of DPS Inc.
ô Coordinating with other branches of DPS Inc. for acquisition and deployment of security hardware.
ô Conducting Information Security Awareness campaigns for all DPS Inc. employees
ô Administering Information Security Induction to newly hired employees in DPS Inc.
ô Preparing EOI and RFP documents for the projects DPS Inc. is interested in.
Responsibilities included:
ô Creating and implementing information security policies and practices in DPS Inc.
ô Monitoring and Controlling the Information Security Management System (ISMS).
ô Implementing ISO/IEC 27001:2005 controls
ô Implementing Information Security related CMMI process areas.
ô Conducting internal audits of applications, processes and physical sites.
ô Conducting risk analysis
ô Providing Information Security Consultancy to the clients of DPS Inc.
ô Coordinating with other branches of DPS Inc. for acquisition and deployment of security hardware.
ô Conducting Information Security Awareness campaigns for all DPS Inc. employees
ô Administering Information Security Induction to newly hired employees in DPS Inc.
ô Preparing EOI and RFP documents for the projects DPS Inc. is interested in.
ô Created Training Guides for TABS (Telecommunications, Administration, & Billing System) of ITS
Kuwait. Sites included Warid Telecom (Pakistan) & BanglaLink (Bangladesh).
Work responsibility included maintaining college website and computer laboratories.
Worked in the clearing section of the bank therefore I am familiar with the entire inward and outward
clearing procedures being followed in most of the well reputed banks. Also during my stay there I
prepared an interns manual for those doing internship in the clearing section of Union Bank.