زيشان Tariq Jaffery

Responsible for managing all security requirements for the core network including IGW, EPC, NGN, IMS and 3G, in line with
internal and international standards. Responsible for assessing threats to network security and managing the set-up of risk
management frameworks within the Network Sector. Carry out duties in accordance with the stipulated business policies
and procedures.
Network Compliance and Governance:
 Covers all security requirements of IGW, EPC, NGN, IMS and 3G networks within the core network.
 Coordinates with the Network Design Department to align security issues related to network technologies.
 Promotes a culture of security within STC's broadband network.
 Manages network security assessment activities.
 Promotes a culture of security within STC network
 Ensures total quality control over all the security activities within the STC network
 Adheres to STC's quality standards for network security and ensure compliance to STC & international Security
standards and Ensures that STC's security framework complies with international security standards (ISO 27001,
eTOM, ITU).
Threat/Risk Assessment:
 Assesses threats to network security and performs vulnerability tests.
 Manages the set-up of risk management framework within the Network Sector.
People Management Responsibilities:
 Defines goals and key performance indicators for each member of the team and ensures effective application of the
STC performance management process.
 Directs planning and selection of manpower in the Network Compliance and Governance Section, in line with the
business and operational plans.
 Ensures high level of employee engagement and capability development by providing on-going feedback and
coaching team members within the Network Compliance and Governance Section
Bank AL Habib Limited - Pakistan (400+ branches Network

Plans and executes audits of client/server technology platforms and evaluates IT internal controls and works
collaboratively with management to identify actions need.
 Acts as liaison with IT department to ensure full understanding of data flow, data integrity, and system security.
 Assesses information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and
availability of business information.
 Performs audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing
evidence.
 Conducts interviews, reviews documents, develops and administers surveys, composes summary memos.
 Identifies, develops, and documents audit issues and recommendations using independent judgment concerning
areas being reviewed.
 Communicates or assists in communicating the results of audit and consulting projects via written reports and oral
presentations to management and the audit committee.
 Provides or assists in providing training to new staff about IT audit.
 Conducts data extraction, analysis, and security reviews utilizing software tools.
 Adheres to all organizational and professional ethical standards.
 Manages the overall program of IT audits and works closely with Banking Operations Audit to ensure coordinated
effort/reviews.
 Plans and organizes resources (in-line with audit entity risk assessments) to achieve overall audit goals and
objectives.
 Reviews and approves working papers to ensure professional audit standards/ divisional requirements are
adhered to.
 Ensures that the Internal Audit Manual relating to I.T Audit is kept up to date for the purpose of implementing
appropriate standards and procedures.
 Exercises management control, over audit assignments / special investigations for ensuring its successful
completion.
 Reviews and provides input on proposed new policies, systems procedures and operating Manuals, in order to
ensure adequacy and acceptability (from an IT perspective).
 Deals with the external auditors of the Bank on matters related to I.T. Audit in order to maintain appropriate audit
requirements (under advice to the head of Audit)

Serves as an internal information security consultant to the organization
 Documents security policies and procedures created by the Information Security Committee
 Provides direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties,
ensuring proper information security clearance in accordance with established organizational information security
policies and procedures
 Initiates, facilitates, and promotes activities to create information security awareness within the organization
 Perform information security risk assessments and serves as an internal auditor for security issues
 Implements information security policies and procedures for the organization
 Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information
Systems
 Monitors compliance with information security policies and procedures, referring problems to the appropriate
department manager
 Coordinates the activities of the Information Security Committee
 Advises the organization with current information about information security technologies and related regulatory
issues
 Monitors the internal control systems to ensure that appropriate access levels are maintained
 Prepares the disaster recovery plan.
 Real Time & continuous follow-up with global support teams for Critical incident resolution
 Manage and coordinate activities during overall ticket life cycle
 Ensure that the Incident record is fully updated prior to Problem Management handover
 Responsible for sending all Incident notifications as per agreed process
 Chair bridge calls for effective coordination, incident resolution, service restoration
 Continuously follow-up with support team for relevant notification updates per SLA, and drive resolution
 Follow the global Service Restoration Management Process
 Ensure Incident Time line Report is created immediately after resolution
 Contribution to ongoing process & operational improvements
 Uses professional expertise to integrate work and make operating decisions on escalated issues
 Accountable for objectives where goals and operational processes are defined
 Interacts daily with subordinates and peer groups
 Provide input to and coordinate the development of the Network Incident Report (NIR) and the Root Cause
 Analysis (RCA), including initial recommendations to prevent the re-occurrence of a similar incident.
Seeks the cooperation of others concerning specific projects or deadlines

Evaluates and resolves user problems; identifies and obtains appropriate resources for the resolution of complex
problems; corrects routine problems by making minor repairs to computer equipment and/or entering specialized
commands or data into systems; contacts appropriate resources for additional assistance.
 Instructs computer system users in the use of computer equipment and of computer applications; answers
questions and assists in resolving problems regarding the methods and procedures for using computer
applications.
 Coordinates installation of new hardware/software; installs, tests, and monitors the operation
 Administers LANs/WANs; establishes procedures to back up data stored in computers and to maintain efficient
operation of LANs/WANs;
 Provides server support and maintenance; uses various utilities to trouble-shoot, repair, and check configuration
of servers.
 Adapts existing database software, of computer hardware and software; configures hardware and software to
meet departments' needs.
 Evaluates needs for new and revised systems; identifies possible improvements in computer systems; makes
recommendations for purchase of new information systems hardware and software, and other programs to best
meet departmental or end user needs.