Senior Information Security Analyst
Confidential Company
Total years of experience :17 years, 6 Months
Responsibilities:
The person will support IT Control and Information Security processes of the organization.
• Management of Vendor Information Security Assessments
• Provide feedback to Clients on our IS compliance status as per their defined formats
• Support Internal Control unit develop tools for automating control processes
• Management of IT/IS Risk assessment process
• Management of User Entitlement Reviews
• Management of Internal Reviews and IT Audits
• Management of Information Security Administration activities and review
• Facilitate Information Security Training & Awareness activities
• Support CISO in filing and investigating Security Incidents
• Provide support to IT and Business units on control processes: Risk and Control Self-Assessment, Business continuity/Disaster recovery and Vendor Management
o Control Assurance Services (Internal and External IT Audit)- involved in providing IT Internal Audit Services, IS Audit support
o Conduct IT General Controls review.
o Perform System and Internal Control Reviews of ERPs to identify weakness and make recommendations for improvements
o Application Control Testing of several ERPs such as (SAP, Oracle financials, Sidat hyder financials etc)
o Data Analysis of GL Data using EY Global Analytics Tool, Audit Analytics Module and EY Eagle.
o Development and Review IT security policies and procedures.
o Develop Proposals for several client in commercial banking sector.
o Audited Business Cycle Controls of Commercial Bank.
o Various aspects of internal audit including developing the annual IT audit plan,
o Development of Audit programs, execution of the audit program, creating audit working papers and review of working papers.
o Involved in Audit process review / improvement in accordance with EY Audit Methadology,
o Support financial audits conducted by external audit team from the IT perspective,
o Develop scope of work in coordination with the financial auditors.
o Follow-up of audit reports.
o Prepare formal written reports expressing an overall opinion on the function being reviewed, and providing value-added recommendations in accordance with Auditing standards and guidelines.
o Performed system and Internal control over Financial reporting and identify weaknesses and assess financial implications, plan and conduct closing meetings.
o Reviewed IT /business transformation, program and project delivery, design, architecture and solution design, information management, implementation, operations, and management of IT infrastructure
o Reviewed Process of Information systems security assessment, design, architecture, implementation
o management and reporting on several clients
o Conducted reviews of technical or security infrastructure of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems.
o Involved in security testing and techniques including network, operating and application system configuration review
Following are the few Clients that I have worked at
Muller & Phipps Pakistan (Pvt.) Ltd.
EFU General Insurance (Pvt) Ltd.
Allianz EFU Health Insurance (Pvt) Ltd.
Pak Libya Holding Company Pvt Ltd.
Pak Brunei Investment Company Ltd.
National Institutional Facilitation Technologies (Pvt.) Limited.
Alfalah GHP Investment Management Pvt Ltd.
TPL Trakker (Pvt) Ltd.
First Women Bank (Pvt) Ltd.
Tameer Micro finance Bank (Pvt) Ltd.
Telenor Easy Paisa (Pvt) Ltd.
o EY Global Asset Management tool deployment and management in EY Pakistan.
o Deployment and Management of Point sec Encryption Tool in EY Pakistan.
o Deployment and Management of Symantec Endpoint Security in EY Pakistan.
o Deployment and Management of Global Core Load set 4.0 in EY Pakistan.
o Deployment and Management of EY Global Analytical tool for Client Data Compilation Country Wide
o Up gradation and Management of Data Centre of EY Pakistan from MS 2003 servers to MS 2008 Servers Environment.
o Procurement of Information assets country wide and managed them.
o Managing and Maintaining Microsoft Internet Security Management Server 2006 & Treat management gateway 2010
o Troubleshooting and maintaining Lotus Notes servers and clients Country wide.
o Troubleshooting & Maintaining GAMX and Groove server
o Managing & Maintaining CISCO based networks at users end as well as server end.
o Daily Offsite backup on DR site.
o Responsible for network cleaning from virus, malwares using report generated.
o Provide day to day support for application deployment and system build process.
o Management of System Management Server (SMS)
o Security review and vulnerability testing of all client machines in EY Pakistan.
o Network Bandwidth Management of all offices in EY Pakistan.
o Implementation and management of EY IT Security Policy and Procedures.
Develop, design and maintain Microsoft based Network
Checking and maintaining Mdeamon mail server