Name: Mirza Abdul Rahim Date of Birth: **th July, 1983

Personal

Marital Status: Married Nationality: Pakistani

Languages: English, Urdu Place of Birth: Saudi Arabia

Email: acgcip@r.postjobfree.com Contact: +92-333-*******

IT Security Professional with over ten years of professional experience and proven ability to manage & implement enterprise level

Objectives

projects including Information Security Strategy Design, Security Process Framework and Policies Development based on ISO

27001, Information Security Awareness Programs, Information Security Risk Assessments, Implementation and Design of IT &

Security Systems, based on organizations requirements. Specializing in Access Controls, Business Continuity and Disaster Recover

Planning and Data Leak Prevention.

Masters in Information Systems (MBA-MIS) – MAJU, Karachi. 3.4CGPA 2015 (Expected)

Education

Bachelor of Commerce (B.Com) – University of Karachi. 2nd Division 2010

HSC Engineering, Board of Intermediate Education Karachi. 2nd Division 2005

VCA-Cloud: VMware Certified Associate – Cloud

CISSP: Certified Information System Security Professional

Accreditations

CISA: Certified Information System Auditor VCA-DCV: VMware Certified Associate – DCV

MCITP: Microsoft Certified IT Professional (Virtualization) VCA-WFM: VMware Certified Associate – WM

IBM-DB2A: IBM Certified DB2 9.7 Associate

MCSA: Microsoft Certified Systems Administrator-(Messaging)

Six Sigma: White Belt Certified

PMP: Due to write in December, 2014.

Professional Courses

Information Security and Risk Management in Context. University of Washington

Designing and Executing Information Security Strategies. University of Washington

Computer Networks. University of Washington

Cryptography. Stanford University

Introduction to Databases. Stanford University

Malicious Software and Its Underground Economy. University of London

Organization: TechnoChannels Consulting Designation: Head of Information Security & Compliance Tenure: June, 2014 – Current

Professional Experience

Review and interpretation of emerging laws, regulations and industry’s practices; related to IT security and compliance.

Identification and resolution of compliance issues and assurance of employee practices, adhering to security policies,

standards, guidelines and controls.

Identification, reporting and management of risk to senior management and coordination with operations department for

mitigation efforts.

Design, implementation and management of security controls, to support the information and data security requirements of

systems and networks.

Risk and vulnerability assessment for critical business systems, and fortification of the same via security controls.

Business continuity and disaster recovery planning and procedures for the organization, acting upon business impact

analysis and threat measurements.

Compliance and implementation of ISO27001:2005, 2013, throughout the organization and facilitation of external audits.

“Information Security Awareness Training” for the employees, to further strengthen organizational security posture and

capabilities, to effectively respond to incidents and accidental exposure to threats.

Conduct reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,

accuracy, and security under all conditions.

Organization: Mazars Consulting Pakistan Designation: Technology Consultant Tenure: Jan, 2013 – June, 2014

Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and

resource demands.

Lead the preparation and authorize the implementation of necessary information security policies, standards, procedures and

guidelines, in conjunction with internal departments and other agencies and organizations.

Identify and evaluate risks during review and analysis of System Development Life Cycle (SDLC), including design, testing/QA,

and implementation of systems and upgrades.

Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with

internal security policies etc. and applicable laws and regulations.

Develop risks mitigation plans, security threat risk assessments.

Provide leadership for the resolution of issues that impact or may impact the protection of confidential information includin g

personal health information.

Carry out duties in support of the operational activities, including training, incident management, compliance, and policy

development.

Conduct research and provide analysis and make recommendations regarding emerging information security trends, best

practices, and regulations and identify their impact on projects and operations

Organization: EFU Life Assurance Ltd Designation: Assistant Manager - IS Tenure: Oct, 2008 – Jan, 2013

Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.

Ensure that the information security standards comply with changes to regulatory, statutory and legislative requirements.

Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,

accuracy, and security under all conditions.

Reviewed systems for adequate management controls, efficiency, and compliance with policies, regulations, and accounting

principles. Made recommendations when necessary.

Internal audit for information system, including auditing entities against ISO\IEC 27000 series.

Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.

Business Continuity Planning/Disaster Recovery Procedures/BCP Audit and disaster recovery drills.

Information System, Risk and Vulnerability assessment procedures and planning.

Information security awareness trainings development and deliverance for organizations human resource.

Information Security Policy establishment, documentation and implementations throughout the organization.

Organization: Ephlux Designation: Systems Engineer Tenure: Apr, 2008 – Oct, 2008

Internal audit for information system, including auditing entities against ISO\IEC 27000 series.

Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.

Establishment of baselines and functional security testing for controls i.e. Firewall, IDS, IPS, Proxy, Router

Penetration testing and vulnerability analysis for clients and their infrastructure environments.

Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.

Business Continuity Planning/Disaster Recovery Procedures/BCP Audit.

Information System, Risk and Vulnerability assessment procedures and planning.

Information security awareness trainings development and deliverance for organizations human resource.

Designing and implementation of secure network segments i.e. Screened subnets, bastion hosts, honey pots.

Organization: ProtocolX Designation: Systems Engineer Tenure: May, 2005 – Dec, 2007

Develop and implement aspects of IT strategy relating to privacy, security and compliance assurance.

Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design,

testing/QA, and implementation of systems and upgrades.

Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability,

accuracy, and security under all conditions.

Prepared audit scopes, reported findings, and presented recommendations for improving data integrity an d operations.

Ensure that the information security standards comply with changes to regulatory, statutory and legislative requirements.

Internal audit for information system, including auditing entities against ISO\IEC 27000 series.

Penetration testing and vulnerability analysis for clients and their infrastructure environments.

Risk identification, analysis, classification and address. Including mitigation, transfer and risk avoidance.

Regular assessments and evaluations of Business Continuity Planning and Disaster Recovery Procedures.

Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided

recommendations on mitigation options.

Information security awareness trainings development and deliverance for organizations human resource.

Establishment of baselines and functional security testing for controls i.e. Firewall, IDS, IPS, Proxy, and Router.

Organization: Playdium Inc Designation: Systems Engineer Tenure: Feb, 2002 – May, 2005

Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design,

testing/QA, and implementation of systems and upgrades.

Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.

Provided consulting for Sarbanes-Oxley compliance with respect to the development and testing of SOX 404 IT controls.

Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided

recommendations on mitigation options.

Performed consulting for business in establishing IT compliance solutions based on company policies and standards, industry

best practices, industry standards, and regulatory requirements.

Defined and implemented IT operational practices and procedures and provided the practical background needed to

successfully adopt the control environment that is required to comply with government regulations.

Responsibilities included assessment of information technology internal controls based upon the CobiT framework: IT general

and application controls, information security, systems development, change management, business continuity, disaster

recovery, computer operations, risk management, SAS 70 assessments and regulatory compliance.

Liaise between in-house managers/IT department and external financial and operational auditors.

Ensure audit tasks are completed accurately and within established timeframes.

Coordinated with IT department and external auditors during SOX IT testing.

OWASP Tripwire Splunk Social Engineering

Technical Skills

Metasploit Snort CAAT’s SysInternals

IDS and IPS VMware Applications

Acunetrix Nmap

Microsoft Project Microsoft Hyper-V

Kaspersky Solutions Nessus

Microsoft Office TrueCrypt

Symantec Solutions GFI

Cain & Abel Microsoft VSS\TFS

Back Track Retina Network Comm

HPing MDaemon

Wireshark Iris Network Security

Ophcrack OpenVPN

Solarwind Orion Data Leak Prevention

Industry Exposure

Telecommunication Non-Government Organizations

Education

Hotel and Hospitality Textiles

Insurance

Government Sector Travel and Services

Security and Brokerage

Banking and Finance Fuel and Energy

Shipping

Chemical and Pharmaceuticals Public Sector

Transport and Communication

Safe Harbor CoBIT

CFAA

ISO\IEC 27000 Series

Standards

PIPEDA COSO

PCI-DSS

GLBA

Six Sigma SAS-70

FISMA

SOX

BASEL II ITIL

ECPA

HIPAA

Led several Information System Audits for clients, representing a variety of industries and sectors.

Projects

Crystal Box Testing’s for critical and high stake applications, for risk measurements and BIA.

Development of custom IDS solution for client, using open source architecture and custom hardware.

Mapped ISO27001:2005 to 2013, for several clients, and facilitated in complete ISO certification process.

Assisting in the deployment of “IBM Filenet P8” for “EFU Life Assurance Ltd”.

Research on open source firewall kernel and how to utilize it in commercial platforms.

Research on open source IPS and IDS system, with integrated content scanning engines.

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security

Professional Skills

and risk-related concepts to technical and nontechnical audience.

Proven track record and experience in developing information security policies and procedures, as well as successfully executing

programs that meet the objectives of excellence in a dynamic environment.

Exhibiting excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work

well in a demanding, dynamic environment and meet overall objectives.

Poise and ability to act calmly and competently in high-pressure, high-stress situations.

A critical thinker, with strong problem-solving skills.

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate

level of judgment and maturity.

High degree of initiative, dependability and ability to work with little supervision.

References will be furnished upon request.

Contact this candidate