Faisal Ashraf
Vancouver, BC
Phone: 778-***-****
Email: ac178y@r.postjobfree.com
Profile
Performance driven and well rounded information security professional with over twelve years of experience. Lead multiple engagements and initiatives focusing on security, privacy, compliance, risk assessments, and technical security reviews. Developed and implemented a series of practical security assurance practices that have been aligned with the business objectives. Successfully completed and maintained the CISA, CRISC, CISM, CISSP, and CIPM designations.
Areas of Excellence
Team and Project Leadership
Business Analysis
Process Management
Performance Metrics
Project Management
Governance Management
Compliance Management
Privacy Management
Third Party Vendor Management
Security Risk Management
Disaster Recovery Management
DevOps Management
Cloud Security
SOC1, SOC2, SOC3
SOX and PCI Compliance
HIPAA
EU Data Protection
IT Audit Controls
Vulnerability Assessments
Technical Proficiencies
Platforms:
Windows 7/10, MacOS, Linux, MS Azure, Amazon AWS
Networking:
TCP/IP, OSI, VPN, Ethernet, SSL/TLS
Language/Tools:
LAN Manager (Lansweeper), Firewall (TrendMicro), Anti-Virus (Vipre, Symantec), Microsoft Office 365, Scanners (Veracode, Qualys, OWASP ZAP), Backups (Veeam), Server Automation (Chef, Terraform), Key Management (Hashicorp Vault), Logging (Kibana, ELK), Automation Pipelines (Go), IDS (Security Onion, Alienvault), GiT Hub (Repository), Network Traffic Analysis (Wireshark), MDM Solution (MS InTune), Two-Factor Authentication (Duo Security), HTML, Python (Novice), MS PowerShell (Novice), GRC (Archer, ZenGRC), SSO (OneLogin), ERP (SAP, Oracle, Netsuite), CRM (Salesforce), Change Management (Parature, JIRA, Mingle)
Employment History
April 2014 – Present
Information Security Risk & Privacy Manager, Vision Critical
Overview
Vision Critical® provides a cloud-based SaaS customer intelligence platform that allows companies to build engaged, secure communities of customers they can use continuously, across the enterprise, for ongoing, real-time feedback and insight. Designed for today’s always-on, social and mobile savvy customer, Vision Critical’s technology helps large, customer-centric enterprises discover what their customers want so they can deliver what they need.
Experience
Established and implemented new set of security policies, standards and processes for the Vision Critical
Lead and developed multiple workflows for security, privacy, and compliance functions
Lead and managed the compliance program against SOC2 which included all five trust principles (Common Criterial, Confidentiality, Processing Integrity, Availability, and Privacy) for both Type I and Type II reporting
Managed and supported multiple security programs across the organization enterprise wide that included security awareness, information classification, client security reviews process, security architecture and third party vendor management
Performed and assisted on regular security reviews configurations for network appliances such firewalls, network filtering, IDS, vulnerability management and email filtering
Reviewed and streamlined a series of controls and security practices available it the VC private cloud and Amazon AWS (EC2, S3, Trusted Advisor, etc) and MS Azure
Developed a security dashboard to identify for key risks and established key performance indicators for metrics
Currently leveraging Python and PowerShell scripts to automate security operations
Apr 2011 – Oct 2013
Corporate Security Analyst – Business Engagement, BlackBerry Ltd
Overview
BlackBerry Ltd, formerly Research In Motion Limited (RIM), is a world leader in the mobile communications market and has a history of developing breakthrough wireless solutions. RIM's portfolio of award-winning products, services and embedded technologies is used by thousands of organizations around the world and includes the BlackBerry wireless platform product line, software development tools and software/hardware licensing agreements.
Experience
Established a strong positive relationship with BlackBerry business units to promote Corporate Security requirements and services
Corroborated with internal BlackBerry Corporate Security teams and provided information on behalf of the BlackBerry business unit, advice on a wide variety of information security issues, concerns, and problems
Conducted reviews for the BlackBerry business unit systems, controls and procedures to determine whether controls and procedures are in compliance with laws, regulations, policies and standards
Lead multiple engagements as the lead security architect, while assessing the project scope and design that would include assessing the proposed network infrastructure design and application functionality against ISO 27001 and PCI certifications
Assisted in the design, development, and delivery of classroom training and/or other security awareness programs (videos, memos, computer-based training, etc.)
Performed multiple compliance audits assessing IT general controls, threat risk assessments that included physical security audits, and privacy audits assessing the collection and use of personal or sensitive information
Developed a business unit dashboard for multiple business leaders to understand high-level risks impacting the business unit
May 2010 – Feb 2011
Senior Internal IT Auditor, WestJet Airlines Ltd
Overview
Based on the client’s (WestJet) requirements, a SAS 70 and SOX ITGC audit controls framework was to be developed. Controls must be designed and implemented for audit testing.
Experience
Reviewed and examined IT General Computing Controls (SOX), PCI standards compliance requirements and controls supporting PCI
The first phase of the project involves a review for Design and Implementation (D&I) or the walkthrough of audit controls
Sept 2007- April 2010
Senior Consultant, Deloitte & Touche LLP
Overview
Deloitte & Touche LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance, advisory and tax services for public, private and government clients in all markets. The Enterprise Risk Services (ERS) division provides advice and assistance based on financial information, analytical and business process skills to companies, government bodies and intermediaries of all organizations in the implementation of their strategy.
Experience
Evaluated and examined General Computing Controls for various public and private clients, which involved a review of governance, change management, user access, disaster recovery and security configurations
Performed TRA (Threat and Risk Assessments), PIA (Privacy Impact Assessment), Automated Controls Review and IT Security Review, while evaluating the business impact and criticality of sensitive information
Reviewed and assessed business cycle controls for key business cycle operations, such as month end reporting, capital expenditures, accounts payable, etc.
June 2006 - Aug 2007
Senior Associate, PricewaterhouseCoopers LLP
Overview
PricewaterhouseCoopers LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance, advisory and tax services for public, private and government clients in all markets. The Advisory Services division provides advice and assistance based on financial information, analytical and business process skills to companies, government bodies and intermediaries of all organizations in the implementation of their strategy
Experience
Evaluated and examined ITGC (Information Technology General Controls) for various clients for SAP ERP’s and various OS environments (Windows, Unix, etc.)
Reviewed IT general controls applicable aligned to multiple compliance programs, such as CoBIT, SAS70/5970 Reports, and IT Sarbanes-Oxley (SOX) compliance
Performed threat and risk assessments, evaluating the business impact and criticality of sensitive information
May 2005 – June 2006
Information Systems Auditor, Investors Group Inc.
Overview
Investors Group Inc. is a subsidiary of the Power Financial group that provides personal financial planning services. These services include financial planning in mutual funds, investments, banking services and mortgages. General controls must be examined and reviewed for compliance purposes.
Experience
Examined and reviewed IT general controls for Investors Group and Mackenzie Financial. Investigated and examined key business applications to support business functions
The investigations required evidence gathering (i.e. documentation, samples, and observations) and interviewing stakeholders involved and end users
Education
2015
Certified Information Privacy Manager (CIPM)
2012
Certified Information Security Manager (CISM)
2011
Certified in Risk and Information Systems Control (CRISC)
2009
Certified Information Systems Security Professional (CISSP)
2007
Certified Information Systems Auditor (CISA)
2010
Canadian & International Industrial Security Clearance (CIISD)
Level 3 Top Secret (expired March 2017)
2003
Bachelor of Commerce (Hons), I.H. Asper School of Business, University of Manitoba
Major: Management Information Systems (MIS)
1999
Bachelor of Arts, University of Winnipeg
Major: Psychology
References Available