Name: Mirza Abdul Rahim Date of Birth: **th July, 1983
Personal
Marital Status: Married Nationality: Pakistani
Languages: English, Urdu Place of Birth: Saudi Arabia
Email: acgcip@r.postjobfree.com Contact: +92-333-*******
IT Security Professional with over ten years of professional experience and proven ability to manage & implement enterprise level
Objectives
projects including Information Security Strategy Design, Security Process Framework and Policies Development based on ISO
27001, Information Security Awareness Programs, Information Security Risk Assessments, Implementation and Design of IT &
Security Systems, based on organizations requirements. Specializing in Access Controls, Business Continuity and Disaster Recover
Planning and Data Leak Prevention.
Masters in Information Systems (MBA-MIS) – MAJU, Karachi. 3.4CGPA 2015 (Expected)
Education
Bachelor of Commerce (B.Com) – University of Karachi. 2nd Division 2010
HSC Engineering, Board of Intermediate Education Karachi. 2nd Division 2005
VCA-Cloud: VMware Certified Associate – Cloud
CISSP: Certified Information System Security Professional
Accreditations
CISA: Certified Information System Auditor VCA-DCV: VMware Certified Associate – DCV
MCITP: Microsoft Certified IT Professional (Virtualization) VCA-WFM: VMware Certified Associate – WM
IBM-DB2A: IBM Certified DB2 9.7 Associate
MCSA: Microsoft Certified Systems Administrator-(Messaging)
Six Sigma: White Belt Certified
PMP: Due to write in December, 2014.
Professional Courses
Information Security and Risk Management in Context. University of Washington
Designing and Executing Information Security Strategies. University of Washington
Computer Networks. University of Washington
Cryptography. Stanford University
Introduction to Databases. Stanford University
Malicious Software and Its Underground Economy. University of London
Organization: TechnoChannels Consulting Designation: Head of Information Security & Compliance Tenure: June, 2014 – Current
Professional Experience
Review and interpretation of emerging laws, regulations and industry’s practices; related to IT security and compliance.
Identification and resolution of compliance issues and assurance of employee practices, adhering to security policies,
standards, guidelines and controls.
Identification, reporting and management of risk to senior management and coordination with operations department for
mitigation efforts.
Design, implementation and management of security controls, to support the information and data security requirements of
systems and networks.
Risk and vulnerability assessment for critical business systems, and fortification of the same via security controls.
Business continuity and disaster recovery planning and procedures for the organization, acting upon business impact
analysis and threat measurements.
Compliance and implementation of ISO27001:2005, 2013, throughout the organization and facilitation of external audits.
“Information Security Awareness Training” for the employees, to further strengthen organizational security posture and
capabilities, to effectively respond to incidents and accidental exposure to threats.
Conduct reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,
accuracy, and security under all conditions.
Organization: Mazars Consulting Pakistan Designation: Technology Consultant Tenure: Jan, 2013 – June, 2014
Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and
resource demands.
Lead the preparation and authorize the implementation of necessary information security policies, standards, procedures and
guidelines, in conjunction with internal departments and other agencies and organizations.
Identify and evaluate risks during review and analysis of System Development Life Cycle (SDLC), including design, testing/QA,
and implementation of systems and upgrades.
Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with
internal security policies etc. and applicable laws and regulations.
Develop risks mitigation plans, security threat risk assessments.
Provide leadership for the resolution of issues that impact or may impact the protection of confidential information includin g
personal health information.
Carry out duties in support of the operational activities, including training, incident management, compliance, and policy
development.
Conduct research and provide analysis and make recommendations regarding emerging information security trends, best
practices, and regulations and identify their impact on projects and operations
Organization: EFU Life Assurance Ltd Designation: Assistant Manager - IS Tenure: Oct, 2008 – Jan, 2013
Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.
Ensure that the information security standards comply with changes to regulatory, statutory and legislative requirements.
Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,
accuracy, and security under all conditions.
Reviewed systems for adequate management controls, efficiency, and compliance with policies, regulations, and accounting
principles. Made recommendations when necessary.
Internal audit for information system, including auditing entities against ISO\IEC 27000 series.
Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.
Business Continuity Planning/Disaster Recovery Procedures/BCP Audit and disaster recovery drills.
Information System, Risk and Vulnerability assessment procedures and planning.
Information security awareness trainings development and deliverance for organizations human resource.
Information Security Policy establishment, documentation and implementations throughout the organization.
Organization: Ephlux Designation: Systems Engineer Tenure: Apr, 2008 – Oct, 2008
Internal audit for information system, including auditing entities against ISO\IEC 27000 series.
Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.
Establishment of baselines and functional security testing for controls i.e. Firewall, IDS, IPS, Proxy, Router
Penetration testing and vulnerability analysis for clients and their infrastructure environments.
Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.
Business Continuity Planning/Disaster Recovery Procedures/BCP Audit.
Information System, Risk and Vulnerability assessment procedures and planning.
Information security awareness trainings development and deliverance for organizations human resource.
Designing and implementation of secure network segments i.e. Screened subnets, bastion hosts, honey pots.
Organization: ProtocolX Designation: Systems Engineer Tenure: May, 2005 – Dec, 2007
Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.
Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design,
testing/QA, and implementation of systems and upgrades.
Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,
accuracy, and security under all conditions.
Prepared audit scopes, reported findings, and presented recommendations for improving data integrity an d operations.
Ensure that the information security standards comply with changes to regulatory, statutory and legislative requirements.
Internal audit for information system, including auditing entities against ISO\IEC 27000 series.
Penetration testing and vulnerability analysis for clients and their infrastructure environments.
Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.
Regular assessments and evaluations of Business Continuity Planning and Disaster Recovery Procedures.
Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided
recommendations on mitigation options.
Information security awareness trainings development and deliverance for organizations human resource.
Establishment of baselines and functional security testing for controls i.e. Firewall, IDS, IPS, Proxy, and Router.
Organization: Playdium Inc Designation: Systems Engineer Tenure: Feb, 2002 – May, 2005
Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design,
testing/QA, and implementation of systems and upgrades.
Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.
Provided consulting for Sarbanes-Oxley compliance with respect to the development and testing of SOX 404 IT controls.
Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided
recommendations on mitigation options.
Performed consulting for business in establishing IT compliance solutions based on company policies and standards, industry
best practices, industry standards, and regulatory requirements.
Defined and implemented IT operational practices and procedures and provided the practical background needed to
successfully adopt the control environment that is required to comply with government regulations.
Responsibilities included assessment of information technology internal controls based upon the CobiT framework: IT general
and application controls, information security, systems development, change management, business continuity, disaster
recovery, computer operations, risk management, SAS 70 assessments and regulatory compliance.
Liaise between in-house managers/IT department and external financial and operational auditors.
Ensure audit tasks are completed accurately and within established timeframes.
Coordinated with IT department and external auditors during SOX IT testing.
OWASP Tripwire Splunk Social Engineering
Technical Skills
Metasploit Snort CAAT’s SysInternals
IDS and IPS VMware Applications
Acunetrix Nmap
Microsoft Project Microsoft Hyper-V
Kaspersky Solutions Nessus
Microsoft Office TrueCrypt
Symantec Solutions GFI
Cain & Abel Microsoft VSS\TFS
Back Track Retina Network Comm
HPing MDaemon
Wireshark Iris Network Security
Ophcrack OpenVPN
Solarwind Orion Data Leak Prevention
Industry Exposure
Telecommunication Non-Government Organizations
Education
Hotel and Hospitality Textiles
Insurance
Government Sector Travel and Services
Security and Brokerage
Banking and Finance Fuel and Energy
Shipping
Chemical and Pharmaceuticals Public Sector
Transport and Communication
Safe Harbor CoBIT
CFAA
ISO\IEC 27000 Series
Standards
PIPEDA COSO
PCI-DSS
GLBA
Six Sigma SAS-70
FISMA
SOX
BASEL II ITIL
ECPA
HIPAA
Led several Information System Audits for clients, representing a variety of industries and sectors.
Projects
Crystal Box Testing’s for critical and high stake applications, for risk measurements and BIA.
Development of custom IDS solution for client, using open source architecture and custom hardware.
Mapped ISO27001:2005 to 2013, for several clients, and facilitated in complete ISO certification process.
Assisting in the deployment of “IBM Filenet P8” for “EFU Life Assurance Ltd”.
Research on open source firewall kernel and how to utilize it in commercial platforms.
Research on open source IPS and IDS system, with integrated content scanning engines.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security
Professional Skills
and risk-related concepts to technical and nontechnical audience.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing
programs that meet the objectives of excellence in a dynamic environment.
Exhibiting excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work
well in a demanding, dynamic environment and meet overall objectives.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
A critical thinker, with strong problem-solving skills.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate
level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision.
References will be furnished upon request.