Rishad Ashraf

As the in-house InfoSec Lead, I am responsible for everything InfoSec, as detailed below :
• Responsible for the complete ISO 27001 project and successfully obtained the certification.
• Created policies, standards, guidelines, procedures and plans in-line with the ISO standard.
• Performs the Gap Assessment and Risk Assessment activities.
• Established an Internal Audit Program and findings are reviewed with the InfoSec Steering Committee periodically.
• Responsible for conducting the Security Awareness programs for the employees.
• Complete management of the external SOC.
• Act as the SPOC for all the SOC escalations and ensure that corrective actions are taken promptly.
• Ensure the onboarding of log sources and creation of relevant use cases for SOC.
• Manages the Digital Forensics and Incident Response activities.
• Conduct annual Red Teaming and VAPT projects. Ensure the findings are mitigated in a prompt manner.
• Conduct annual Firewall Audits and ensure the recommendations are implemented accordingly.
• Performs routine Vulnerability Scans and ensure the findings are mitigated promptly.
• Ensure the endpoint management agents are deployed on all the machines, across all OS.
• Responsible for the end-to-end management and administration of the Endpoint Protection (EPP), EDR and DLP solutions.

Projects completed :
• Completed the ISO 27001 certification project successfully.
• Identified gaps in the old EPP, EDR and DLP solutions and got them replaced with robust and advanced solutions that has better features and more visibility on the endpoints.
• Completed the annual Red Teaming and VAPT projects for the past 2 years with clear improvements in the security posture.
• Established a Digital Forensics and Incident Response program with an external vendor.
• Successfully migrated from an old SOC provider to a new one with a much wider scope and coverage.
• Completed annual Firewall Audits for the past 2 years and implemented several improvements.

• Serve as SME for core IT Risk, Compliance, and Assurance with a good understanding of threats, vulnerabilities, risks and possible countermeasures.
• Serve as a primary SPOC for investigating security cases, performing root cause analysis, and offering in-depth solutions.
• Perform Business Impact Analysis within the business domain with an understanding of Confidentiality, Integrity and Availability.
• Contribute to the development and maintenance of ISMS including information security policies, procedures and guidelines based on industry standards such as ISO 27001, ISO 22301, CIS and NIST.
• Act as the primary point of contact within the organization for members of staff, regulators, and any relevant public bodies on issues related to Data Protection & Privacy, in-line with ISO 27001.
• Possess broad knowledge on data protection regulations such GDPR.
• Maintain and update the risk register to ensure the most accurate risk posture is reflected at any given time and conduct regular follow up with risk owners and ensure the closure of the open risks within the agreed timelines.
• Measure and ensure security baseline documents are defined, communicated, and updated covering critical IT assets.
• Attend and support internal and external Information Systems Audit engagements.
• Maintain audit tracker, conduct regular follow up with stake holders and ensure the closure of audit gaps within the agreed timelines. Ensure findings are not repeated in subsequent audits.
• Conduct security program assessments and build roadmaps to improve business’ security posture.
• Monitor and review reports/logs from Microsoft Windows Defender, Antivirus Solution, EDR, Firewalls, IPS, Vulnerability Assessment Tools, SIEM and other sources. Potential security threats are then triaged and mitigated.
• Configure and administer Antivirus solution with EDR to provide whitelisting, device control, web control, malware prevention, anomaly monitoring and real time metrics reporting.

• Analyze, troubleshoot and resolve technical issues for voice, internet or data installation, email clients, VOIP and connection issues for one of the largest Internet Services Provider in United States.
• Deliver service and support to end-users using and operating automated call distribution phone software, via remote connection or over the Internet.
• Accurately process and record transactions using a computer and designated tracking software.

• Assisting with implementing installation projects, maintenance and fault rectifications at customer sites.
• Providing first line technical and applications support to customers and distributors via email, telephone and team viewer sessions.
• Occasional on-site service support and maintenance of the Companys products.
• Assist in the documentation and organization of the internal systems.