Sign in

Security Management

November 30, 2017

Contact this candidate


Muhammad Najam Iftikhar

*** Hollingsworth Circle • Brampton, ON, L7A 0J5 • 416-***-**** •


Enthusiastic, detail orientated and organized Information Security Analyst with extensive experience (10+ years) in IT Security, PCI Compliance, Vulnerability Management, Vulnerability Remediation, Control Testing and support of large scale organizations. Able to Implement forward thinking strategies by providing cost effective solutions.

Summary of Skills

Experience with vulnerable scanning for revalidation for privilege ID management

Review client IT Policies and procedures to ensure compliance with best practice

Research and document security recommendations and outline a roadmap for implementation

Worked on multiple Identity and Access Management Projects to improve security compliance issues for multiple clients on various platforms (Mainframe, Unix, Archer)

Adhering and complying to clients existing change/incident/problem management process

Communicate with various clients to process reports related to access management for internal, external audits and compliance related queries

Technical Skills

Active Directory, Exchange Management, Windows Server 2008, LDAP, AS400, Mainframe, RACF, Unix, Linux, Cryptography

McAfee ePolicy Orchestrator (ePO), FireFlow AlgoSec, Motorola AirDefense Service Platform, Arbor Pravail APS (DDOS), TrustWave (PCI Compliance), Websense TRITON Security Center, QualysGuard, Splunk, Rapid7, Symantec Data Loss Prevention (DLP), AlienVault, DELL SecureWorks and other various applications and systems that are used within the Information Technology

TCP/IP, DNS, Routing, Fortigate, Switching, Fortinet, VPN, ISO27001, FSTP, ICR, KCar, MPLS, COBIT Frameworks, Remedy, Clarity, ELM (Employee Lifecycle Management)

Certifications & Trainings

Completed Fortinet Fortigate I & Fortigaate II Training

Completed AlienVault Sourced Computer Security Training

IRCA ISO 27001 Lead Auditor Training

CISSP – Certified Information Systems Security Professional

Microsoft Certified Professional

Microsoft Exchange Enterprise Messaging Support Professional

Security Clearance

Standard Security Clearance

Professional Experience

Senior Cybersecurity Analyst

Compass Group Canada. Mississauga, Ontario. (November 2016 – Present)

Complete internal PCI Self-Assessment Questionnaires (SAQ’s) and the requirements to comply with PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Reports, and PCI AOC (Attestation of Compliance)

Deliver key PCI Program components such as scope determination, gap assessments and remediation strategy

Develop security configuration standards for infrastructure technology assets

Plan, test and implement technology required for PCI DSS compliance such as Symantec DLP, Splunk event logging/alerting, firewall rule compliance toolset, vulnerability assessments, etc.

Work with Legal and Development teams to provide guidance for managing risk with third party service providers

Lead incident response activities during technology security incidents

Manage vulnerability scanning of all relevant Canadian assets in Qualys and create remediation plan

Identify action vulnerabilities in Qualys and ensure remediation efforts are taken

Review change management requests for security concerns

Make recommendations to senior management on results of analysis and work closely with other Information Technology groups to refine and enhance security controls

Interact with client IT to ensure proper controls and segmentation are in place per PCI DSS standards

Muhammad Najam Iftikhar

Senior Security consultant

Capgemini Canada. Etobicoke, Ontario. (February 2016 - November 2016)

Provide advice and guidance about Security matters to one or more significant accounts or to a large delivery center, Vulnerability Management, Risk Assessment, Remediation and Compliance and Cyber Security consultancy

Vulnerability Management (VM) in real time of the Ontario Power Generation (OPG) environment

Prime for external vulnerability management and responsible for managing monthly vulnerabilities scans, assessing the results in accordance with the common Risk Framework (CRF) and working with the business and other technical stakeholders to ensure timely remediation

Conduct vulnerability assessments including Microsoft Tuesday monthly patch management, Oracle, Adobe, Java and Zero Day in-the-world vulnerability monitory and advisories

Act as a primary contact, communicate findings and develop resolutions with audit management and business clientele

Support remediation, implementation and maintenance of Security related policies, standards, and procedure

Experience interpreting client needs, assessing full requirements and identifying solutions to non-standard task queries

Experience identifying key issues and patterns from partial/conflicting data and coming up with new less obvious solutions to problems

Provide assistance to project teams to use the Information Security methods, guidelines and standards

Studied and attended Information Security courses and material and then applied that knowledge to keep the infrastructure and data secure

Security Analyst, IT Security & risk Manage

Moneris Solutions. Etobicoke, Ontario. (April 2015 – February 2016)

Assist in the design, implementation and maintenance of security monitoring, intrusion detection/prevention and escalation within Moneris security architecture for the purpose of minimizing risks against internal and external threats. This includes performing vulnerability assessments, reviewing of firewall change requests and investigating and handling of security incidents

Conduct vulnerability assessments for all types of Critical Infrastructure systems, networks and applications

Assisting in running monthly scans along with keeping the appropriate lines of business informed about the needed patches

Provide business and application owners with clear information about current situation regarding detected vulnerabilities

Coordinate between vendors, project team, and network team in order to implement vulnerabilities patches to meet PCI Audit

Conduct Risk assessments of various technology changes in the area of cloud base application, Firewall, web controls and Secure file management methodologies

Manage all product and program risks, including risk associated with fraud, data management, and technology. Decide on what to remediate and what to risk accept based on business risk appetite and security requirements

Assist with internal/external security audits and risk assessments to ensure compliance with security policies, standards and procedures, and work with business/technical/operational areas in taking corrective actions on any identified security exposures

Security reviews of software, process, protocols, use of cryptography, etc.

Support attaining compliance for Moneris Payment Card Industry Data Security Standards

Designed and established rules for the Dragon Network Intrusion Prevention System (Dragon 7.1), McAfee ePolicy Orchestrator, FireFlow AlgoSec, Arbor Pravail APS DDoS and McAfee DLP. These capabilities included the ability to generate session busting traffic and instantiate firewall blocking rules in response to an attack

Senior Consultant, Technology Control Operations

IBM Canada. Toronto, Ontario. (November 2014 – January 2015)

Managing IT security projects in terms of risk analysis, cost budgeting, communication, control and monitoring, workload balancing, resource leveling, and status reporting

Analysis performed of dormant accounts within the various servers and domains, and coordinating the disabling of these accounts

Provided consulting services related to IT audit, risk & governance, process improvement, program delivery, project management, and project audit, including IT general computer & application controls (ITGCC & ITAC), risk mitigation, BCP/DRP compliance and vendor/project audit

Attended Access Review Board (ARB) meetings to ensure that changes requested do not expose to excessive risk

Muhammad Najam Iftikhar

Access assessment, discovery, analysis and remediation related to infrastructure

Coordinate with IT Audit team to review processes, post implementation issues and actions, quality reviews and findings

Examined mainframe, AS-400, LAN and financial software for risk potential and SOX

Designed and recommending security controls for data field validation, strong password implementation/2 factors authentication

Controls Tested user provisioning, password configuration, logical access, logging, SOD, etc. for Windows and SOX Applications

Participated in the assimilation of security information for a large Data Privacy and protection project to assess the processes and procedures for safeguarding the integrity of confidential, proprietary, restricted, and highly sensitive identifiable information

Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided recommendations on mitigation options

Responsible for documentation and cross training needed to ensure seamless introduction of new technologies and security changes within existing operational models

Worked closely with other operational teams including network operations, controls division, and external operational points of contact

Information Security Specialist (Technology Governance Risk & Control (Consultant)

CIBC Bank. Toronto, Ontario. (April 2014 – October 2014)

Documented in-scope SOX processes such as risk overlays, flowcharts, procedure narratives, process risk assessments, hand offs and test plans

Responsibilities included assessment of information technology internal controls based upon the CoBIT framework, ICR, KCar, IT general and application controls, information security, systems development, change management, business continuity, disaster recovery, computer operations, risk management and regulatory compliance.

Assessed and tested effectiveness of the general controls environment and key IT and Non IT controls inside that environment

Managed relationships with the business units

Monitored, Reviewed and Ensured that 80+ ITGC controls are enforced and proper evidences are generated based on frequency for Audits

Communicated any violation of controls to appropriate team members and ensure compensating controls were implemented

Developed and improve multiple processes in the areas of IT Security like User Access Management and Program Change Management

Managed and Monitored day to day IT Logical and Physical Security operations including, user provisioning, password configuration, logical access, logging, New Hire, Termination and Transfer processes

Threats, vulnerabilities and violations were reviewed with outsourced partner by doing in depth scrutiny and come up with best0020solution

Responsible for oversight of CIBC & FCIB security and compliance Policies, Processes, Procedures and Standards

Engaged with IT Security, IT Infrastructure, IT operation, IT Architecture, to ensure ITGCC compliance

Performed consulting for business in establishing IT compliance solutions based on company policies and standards, industry best practices, industry standards, and regulatory requirements

Sr. Security Analyst (Information Security Risk Management (ISRM)

Loblaw Companies Limited. Brampton, Ontario. (May 2010 – March 2014)

Provide privileged access on multiple platforms for Loblaw’s client\vendor such as Active Directory, Mainframe, Unix/AIX/Linux

Developed/modified security policies and procedures for Security and Risk Management to align with established procedures/policies set by Loblaw’s existing Global Security Document

Administer Office 2010 and Office 365 corporate mailboxes and distribution lists through Exchange Management Console

Acquire and retain approvals in preparation for audits

Responsible for technology direction and execution of identity & access management systems for internal and external users

Communicate and document change of process to larger team

Provide maintenance activities for RACF profiles (UsersID, group, dateset & general resource)

Monitor RACF profiles for continued validity, accuracy & access privileges

Provided access to various resources on the network like printers, shares on file servers, mailboxes, applications etc

Responsible for oversight and support the overall security related activities related to multi-level secure architecture to include overall threat/risk assessment, and audit compliance activities

Created and administered user and shared mailboxes, distribution groups, contacts etc. in EMC

Monitor security tools (Web application firewalls, bluecoat device, and web application security)

Muhammad Najam Iftikhar

Identity and access Management Administrator

Rogers Cable. Brampton, Ontario. (January 2009 – May 2010)

Provided Base and Privileged Access to Rogers employees and contractors on multiple platforms such as Active Directory, Mainframe, Unix/Linux and other applications as per the Rogers Security Policies

Responsible for managing Wireless Security; create and maintain WIPS policies in Motorola Air Defense, and perform investigation of rouge wireless devices and suspected breaches

Administered and configured Network consisting of Windows 2003, 2008, Small Business Servers, Active Directory database, Backup on local and remote NAS storage

Provision on servers (UNIX, LINUX & Windows), Resource creation, deletion and management in active directory

Provide exceptional customer-service to business users by making the process more effective using ITIL concepts

Review/initiate processes document, complete/validate knowledge documentation, training, reporting and other duties as required

Preparing Excel workbooks and reports for the resources in stores and presenting a study report on previous month’s details of resources

Experienced in provisioning, creation, deletion and management in Exchange Management Console 2010

Documenting Facts and results after Root Cause Analysis of escalated cases of previous month and suggesting improvement plans

Provided access through folder/share permissions as well as group/local policies using Active Directory

Managing Resource Authentication and Authorization to applications in the environment

Sr.Technical Specialist/Consultant

Bell Mobility. Mississauga, Ontario. (February 2008 - January 2009)

Participating in security risk assessments where new applications are being implemented and/or business processes are changing that could affect the roles defined in the access governance tool

Developed a high level design which supports a robust technology solution, taking into account the user requirements, technical requirements, etc

Responsible for creating new documentations for various projects

Assist technology architecture and infrastructure design activities and supervising technology build, test and deployment activities

Monitored information security system, ensured that there were no Internet frauds and hackers on site

Monthly configuration review of the devices (firewall, switches, and routers, IPS) to ensure compliance to the predefined security

Technical Environment: Windows 2003/XP/VISTA Enterprise, SMS 2003, Active Directory, VMware, AdminStudio/InstallShield, WISE

Mac & Windows Support Engineer

TV Ontario. Toronto, Ontario. (December 2007 – February 2008)

Research, resolve and respond to end-user issues/problems/questions received via email, telephone calls, call back and provide support on desktop/laptop systems in accordance with current standards and SLA’s

Install, configure and maintain Windows/Mac desktops (troubleshooting, antivirus, backups)

Configure, test, maintain, monitor and troubleshoot end user telecommunications hardware/software, telephony and voice/data products

Updating of the computer systems, mainly to improve on stability and to reduce support demands, but also with an eye on user satisfactions

Heavy improvements in the network infrastructure, re-cabling, setup of areas with “fast” network setup of wireless network

Setup of a simple Intranet with an intranet web server, database server, shared agenda server

Support of user systems; especially support of digital video workstation systems, (Avid Media Composer and Final Cut Pro)


Ryerson University – Toronto, Ontario.

Bachelors of Information Technology Management (ITM)

Seneca College – Toronto, Ontario.

Computer System Technology

Contact this candidate