Faisal Ashraf

***-**** ******** ****

Vancouver, BC

Phone: 778-***-****

Email: ac178y@r.postjobfree.com

Profile

Performance driven and well rounded information security professional with over twelve years of experience. Lead multiple engagements and initiatives focusing on security, privacy, compliance, risk assessments, and technical security reviews. Developed and implemented a series of practical security assurance practices that have been aligned with the business objectives. Successfully completed and maintained the CISA, CRISC, CISM, CISSP, and CIPM designations.

Areas of Excellence

Team and Project Leadership

Business Analysis

Process Management

Performance Metrics

Project Management

Governance Management

Compliance Management

Privacy Management

Third Party Vendor Management

Security Risk Management

Disaster Recovery Management

DevOps Management

Cloud Security

SOC1, SOC2, SOC3

SOX and PCI Compliance

HIPAA

EU Data Protection

IT Audit Controls

Vulnerability Assessments

Technical Proficiencies

Platforms:

Windows 7/10, MacOS, Linux, MS Azure, Amazon AWS

Networking:

TCP/IP, OSI, VPN, Ethernet, SSL/TLS

Language/Tools:

LAN Manager (Lansweeper), Firewall (TrendMicro), Anti-Virus (Vipre, Symantec), Microsoft Office 365, Scanners (Veracode, Qualys, OWASP ZAP), Backups (Veeam), Server Automation (Chef, Terraform), Key Management (Hashicorp Vault), Logging (Kibana, ELK), Automation Pipelines (Go), IDS (Security Onion, Alienvault), GiT Hub (Repository), Network Traffic Analysis (Wireshark), MDM Solution (MS InTune), Two-Factor Authentication (Duo Security), HTML, Python (Novice), MS PowerShell (Novice), GRC (Archer, ZenGRC), SSO (OneLogin), ERP (SAP, Oracle, Netsuite), CRM (Salesforce), Change Management (Parature, JIRA, Mingle)

Employment History

April 2014 – Present

Information Security Risk & Privacy Manager, Vision Critical

Overview

Vision Critical® provides a cloud-based SaaS customer intelligence platform that allows companies to build engaged, secure communities of customers they can use continuously, across the enterprise, for ongoing, real-time feedback and insight. Designed for today’s always-on, social and mobile savvy customer, Vision Critical’s technology helps large, customer-centric enterprises discover what their customers want so they can deliver what they need.

Experience

Established and implemented new set of security policies, standards and processes for the Vision Critical

Lead and developed multiple workflows for security, privacy, and compliance functions

Lead and managed the compliance program against SOC2 which included all five trust principles (Common Criterial, Confidentiality, Processing Integrity, Availability, and Privacy) for both Type I and Type II reporting

Managed and supported multiple security programs across the organization enterprise wide that included security awareness, information classification, client security reviews process, security architecture and third party vendor management

Performed and assisted on regular security reviews configurations for network appliances such firewalls, network filtering, IDS, vulnerability management and email filtering

Reviewed and streamlined a series of controls and security practices available it the VC private cloud and Amazon AWS (EC2, S3, Trusted Advisor, etc) and MS Azure

Developed a security dashboard to identify for key risks and established key performance indicators for metrics

Currently leveraging Python and PowerShell scripts to automate security operations

Apr 2011 – Oct 2013

Corporate Security Analyst – Business Engagement, BlackBerry Ltd

Overview

BlackBerry Ltd, formerly Research In Motion Limited (RIM), is a world leader in the mobile communications market and has a history of developing breakthrough wireless solutions. RIM's portfolio of award-winning products, services and embedded technologies is used by thousands of organizations around the world and includes the BlackBerry wireless platform product line, software development tools and software/hardware licensing agreements.

Experience

Established a strong positive relationship with BlackBerry business units to promote Corporate Security requirements and services

Corroborated with internal BlackBerry Corporate Security teams and provided information on behalf of the BlackBerry business unit, advice on a wide variety of information security issues, concerns, and problems

Conducted reviews for the BlackBerry business unit systems, controls and procedures to determine whether controls and procedures are in compliance with laws, regulations, policies and standards

Lead multiple engagements as the lead security architect, while assessing the project scope and design that would include assessing the proposed network infrastructure design and application functionality against ISO 27001 and PCI certifications

Assisted in the design, development, and delivery of classroom training and/or other security awareness programs (videos, memos, computer-based training, etc.)

Performed multiple compliance audits assessing IT general controls, threat risk assessments that included physical security audits, and privacy audits assessing the collection and use of personal or sensitive information

Developed a business unit dashboard for multiple business leaders to understand high-level risks impacting the business unit

May 2010 – Feb 2011

Senior Internal IT Auditor, WestJet Airlines Ltd

Overview

Based on the client’s (WestJet) requirements, a SAS 70 and SOX ITGC audit controls framework was to be developed. Controls must be designed and implemented for audit testing.

Experience

Reviewed and examined IT General Computing Controls (SOX), PCI standards compliance requirements and controls supporting PCI

The first phase of the project involves a review for Design and Implementation (D&I) or the walkthrough of audit controls

Sept 2007- April 2010

Senior Consultant, Deloitte & Touche LLP

Overview

Deloitte & Touche LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance, advisory and tax services for public, private and government clients in all markets. The Enterprise Risk Services (ERS) division provides advice and assistance based on financial information, analytical and business process skills to companies, government bodies and intermediaries of all organizations in the implementation of their strategy.

Experience

Evaluated and examined General Computing Controls for various public and private clients, which involved a review of governance, change management, user access, disaster recovery and security configurations

Performed TRA (Threat and Risk Assessments), PIA (Privacy Impact Assessment), Automated Controls Review and IT Security Review, while evaluating the business impact and criticality of sensitive information

Reviewed and assessed business cycle controls for key business cycle operations, such as month end reporting, capital expenditures, accounts payable, etc.

June 2006 - Aug 2007

Senior Associate, PricewaterhouseCoopers LLP

Overview

PricewaterhouseCoopers LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance, advisory and tax services for public, private and government clients in all markets. The Advisory Services division provides advice and assistance based on financial information, analytical and business process skills to companies, government bodies and intermediaries of all organizations in the implementation of their strategy

Experience

Evaluated and examined ITGC (Information Technology General Controls) for various clients for SAP ERP’s and various OS environments (Windows, Unix, etc.)

Reviewed IT general controls applicable aligned to multiple compliance programs, such as CoBIT, SAS70/5970 Reports, and IT Sarbanes-Oxley (SOX) compliance

Performed threat and risk assessments, evaluating the business impact and criticality of sensitive information

May 2005 – June 2006

Information Systems Auditor, Investors Group Inc.

Overview

Investors Group Inc. is a subsidiary of the Power Financial group that provides personal financial planning services. These services include financial planning in mutual funds, investments, banking services and mortgages. General controls must be examined and reviewed for compliance purposes.

Experience

Examined and reviewed IT general controls for Investors Group and Mackenzie Financial. Investigated and examined key business applications to support business functions

The investigations required evidence gathering (i.e. documentation, samples, and observations) and interviewing stakeholders involved and end users

Education

2015

Certified Information Privacy Manager (CIPM)

2012

Certified Information Security Manager (CISM)

2011

Certified in Risk and Information Systems Control (CRISC)

2009

Certified Information Systems Security Professional (CISSP)

2007

Certified Information Systems Auditor (CISA)

2010

Canadian & International Industrial Security Clearance (CIISD)

Level 3 Top Secret (expired March 2017)

2003

Bachelor of Commerce (Hons), I.H. Asper School of Business, University of Manitoba

Major: Management Information Systems (MIS)

1999

Bachelor of Arts, University of Winnipeg

Major: Psychology

References Available

Contact this candidate