Muhammad Najam Iftikhar
• *** Hollingsworth Circle • Brampton, ON, L7A 0J5 • 416-***-**** • ac3jo0@r.postjobfree.com
Objectives
Enthusiastic, detail orientated and organized Information Security Analyst with extensive experience (10+ years) in IT Security, PCI Compliance, Vulnerability Management, Vulnerability Remediation, Control Testing and support of large scale organizations. Able to Implement forward thinking strategies by providing cost effective solutions.
Summary of Skills
Experience with vulnerable scanning for revalidation for privilege ID management
Review client IT Policies and procedures to ensure compliance with best practice
Research and document security recommendations and outline a roadmap for implementation
Worked on multiple Identity and Access Management Projects to improve security compliance issues for multiple clients on various platforms (Mainframe, Unix, Archer)
Adhering and complying to clients existing change/incident/problem management process
Communicate with various clients to process reports related to access management for internal, external audits and compliance related queries
Technical Skills
Active Directory, Exchange Management, Windows Server 2008, LDAP, AS400, Mainframe, RACF, Unix, Linux, Cryptography
McAfee ePolicy Orchestrator (ePO), FireFlow AlgoSec, Motorola AirDefense Service Platform, Arbor Pravail APS (DDOS), TrustWave (PCI Compliance), Websense TRITON Security Center, QualysGuard, Splunk, Rapid7, Symantec Data Loss Prevention (DLP), AlienVault, DELL SecureWorks and other various applications and systems that are used within the Information Technology
TCP/IP, DNS, Routing, Fortigate, Switching, Fortinet, VPN, ISO27001, FSTP, ICR, KCar, MPLS, COBIT Frameworks, Remedy, Clarity, ELM (Employee Lifecycle Management)
Certifications & Trainings
Completed Fortinet Fortigate I & Fortigaate II Training
Completed AlienVault Sourced Computer Security Training
IRCA ISO 27001 Lead Auditor Training
CISSP – Certified Information Systems Security Professional
Microsoft Certified Professional
Microsoft Exchange Enterprise Messaging Support Professional
Security Clearance
Standard Security Clearance
Professional Experience
Senior Cybersecurity Analyst
Compass Group Canada. Mississauga, Ontario. (November 2016 – Present)
Complete internal PCI Self-Assessment Questionnaires (SAQ’s) and the requirements to comply with PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Reports, and PCI AOC (Attestation of Compliance)
Deliver key PCI Program components such as scope determination, gap assessments and remediation strategy
Develop security configuration standards for infrastructure technology assets
Plan, test and implement technology required for PCI DSS compliance such as Symantec DLP, Splunk event logging/alerting, firewall rule compliance toolset, vulnerability assessments, etc.
Work with Legal and Development teams to provide guidance for managing risk with third party service providers
Lead incident response activities during technology security incidents
Manage vulnerability scanning of all relevant Canadian assets in Qualys and create remediation plan
Identify action vulnerabilities in Qualys and ensure remediation efforts are taken
Review change management requests for security concerns
Make recommendations to senior management on results of analysis and work closely with other Information Technology groups to refine and enhance security controls
Interact with client IT to ensure proper controls and segmentation are in place per PCI DSS standards
Muhammad Najam Iftikhar
Senior Security consultant
Capgemini Canada. Etobicoke, Ontario. (February 2016 - November 2016)
Provide advice and guidance about Security matters to one or more significant accounts or to a large delivery center, Vulnerability Management, Risk Assessment, Remediation and Compliance and Cyber Security consultancy
Vulnerability Management (VM) in real time of the Ontario Power Generation (OPG) environment
Prime for external vulnerability management and responsible for managing monthly vulnerabilities scans, assessing the results in accordance with the common Risk Framework (CRF) and working with the business and other technical stakeholders to ensure timely remediation
Conduct vulnerability assessments including Microsoft Tuesday monthly patch management, Oracle, Adobe, Java and Zero Day in-the-world vulnerability monitory and advisories
Act as a primary contact, communicate findings and develop resolutions with audit management and business clientele
Support remediation, implementation and maintenance of Security related policies, standards, and procedure
Experience interpreting client needs, assessing full requirements and identifying solutions to non-standard task queries
Experience identifying key issues and patterns from partial/conflicting data and coming up with new less obvious solutions to problems
Provide assistance to project teams to use the Information Security methods, guidelines and standards
Studied and attended Information Security courses and material and then applied that knowledge to keep the infrastructure and data secure
Security Analyst, IT Security & risk Manage
Moneris Solutions. Etobicoke, Ontario. (April 2015 – February 2016)
Assist in the design, implementation and maintenance of security monitoring, intrusion detection/prevention and escalation within Moneris security architecture for the purpose of minimizing risks against internal and external threats. This includes performing vulnerability assessments, reviewing of firewall change requests and investigating and handling of security incidents
Conduct vulnerability assessments for all types of Critical Infrastructure systems, networks and applications
Assisting in running monthly scans along with keeping the appropriate lines of business informed about the needed patches
Provide business and application owners with clear information about current situation regarding detected vulnerabilities
Coordinate between vendors, project team, and network team in order to implement vulnerabilities patches to meet PCI Audit
Conduct Risk assessments of various technology changes in the area of cloud base application, Firewall, web controls and Secure file management methodologies
Manage all product and program risks, including risk associated with fraud, data management, and technology. Decide on what to remediate and what to risk accept based on business risk appetite and security requirements
Assist with internal/external security audits and risk assessments to ensure compliance with security policies, standards and procedures, and work with business/technical/operational areas in taking corrective actions on any identified security exposures
Security reviews of software, process, protocols, use of cryptography, etc.
Support attaining compliance for Moneris Payment Card Industry Data Security Standards
Designed and established rules for the Dragon Network Intrusion Prevention System (Dragon 7.1), McAfee ePolicy Orchestrator, FireFlow AlgoSec, Arbor Pravail APS DDoS and McAfee DLP. These capabilities included the ability to generate session busting traffic and instantiate firewall blocking rules in response to an attack
Senior Consultant, Technology Control Operations
IBM Canada. Toronto, Ontario. (November 2014 – January 2015)
Managing IT security projects in terms of risk analysis, cost budgeting, communication, control and monitoring, workload balancing, resource leveling, and status reporting
Analysis performed of dormant accounts within the various servers and domains, and coordinating the disabling of these accounts
Provided consulting services related to IT audit, risk & governance, process improvement, program delivery, project management, and project audit, including IT general computer & application controls (ITGCC & ITAC), risk mitigation, BCP/DRP compliance and vendor/project audit
Attended Access Review Board (ARB) meetings to ensure that changes requested do not expose to excessive risk
Muhammad Najam Iftikhar
Access assessment, discovery, analysis and remediation related to infrastructure
Coordinate with IT Audit team to review processes, post implementation issues and actions, quality reviews and findings
Examined mainframe, AS-400, LAN and financial software for risk potential and SOX
Designed and recommending security controls for data field validation, strong password implementation/2 factors authentication
Controls Tested user provisioning, password configuration, logical access, logging, SOD, etc. for Windows and SOX Applications
Participated in the assimilation of security information for a large Data Privacy and protection project to assess the processes and procedures for safeguarding the integrity of confidential, proprietary, restricted, and highly sensitive identifiable information
Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided recommendations on mitigation options
Responsible for documentation and cross training needed to ensure seamless introduction of new technologies and security changes within existing operational models
Worked closely with other operational teams including network operations, controls division, and external operational points of contact
Information Security Specialist (Technology Governance Risk & Control (Consultant)
CIBC Bank. Toronto, Ontario. (April 2014 – October 2014)
Documented in-scope SOX processes such as risk overlays, flowcharts, procedure narratives, process risk assessments, hand offs and test plans
Responsibilities included assessment of information technology internal controls based upon the CoBIT framework, ICR, KCar, IT general and application controls, information security, systems development, change management, business continuity, disaster recovery, computer operations, risk management and regulatory compliance.
Assessed and tested effectiveness of the general controls environment and key IT and Non IT controls inside that environment
Managed relationships with the business units
Monitored, Reviewed and Ensured that 80+ ITGC controls are enforced and proper evidences are generated based on frequency for Audits
Communicated any violation of controls to appropriate team members and ensure compensating controls were implemented
Developed and improve multiple processes in the areas of IT Security like User Access Management and Program Change Management
Managed and Monitored day to day IT Logical and Physical Security operations including, user provisioning, password configuration, logical access, logging, New Hire, Termination and Transfer processes
Threats, vulnerabilities and violations were reviewed with outsourced partner by doing in depth scrutiny and come up with best0020solution
Responsible for oversight of CIBC & FCIB security and compliance Policies, Processes, Procedures and Standards
Engaged with IT Security, IT Infrastructure, IT operation, IT Architecture, to ensure ITGCC compliance
Performed consulting for business in establishing IT compliance solutions based on company policies and standards, industry best practices, industry standards, and regulatory requirements
Sr. Security Analyst (Information Security Risk Management (ISRM)
Loblaw Companies Limited. Brampton, Ontario. (May 2010 – March 2014)
Provide privileged access on multiple platforms for Loblaw’s client\vendor such as Active Directory, Mainframe, Unix/AIX/Linux
Developed/modified security policies and procedures for Security and Risk Management to align with established procedures/policies set by Loblaw’s existing Global Security Document
Administer Office 2010 and Office 365 corporate mailboxes and distribution lists through Exchange Management Console
Acquire and retain approvals in preparation for audits
Responsible for technology direction and execution of identity & access management systems for internal and external users
Communicate and document change of process to larger team
Provide maintenance activities for RACF profiles (UsersID, group, dateset & general resource)
Monitor RACF profiles for continued validity, accuracy & access privileges
Provided access to various resources on the network like printers, shares on file servers, mailboxes, applications etc
Responsible for oversight and support the overall security related activities related to multi-level secure architecture to include overall threat/risk assessment, and audit compliance activities
Created and administered user and shared mailboxes, distribution groups, contacts etc. in EMC
Monitor security tools (Web application firewalls, bluecoat device, and web application security)
Muhammad Najam Iftikhar
Identity and access Management Administrator
Rogers Cable. Brampton, Ontario. (January 2009 – May 2010)
Provided Base and Privileged Access to Rogers employees and contractors on multiple platforms such as Active Directory, Mainframe, Unix/Linux and other applications as per the Rogers Security Policies
Responsible for managing Wireless Security; create and maintain WIPS policies in Motorola Air Defense, and perform investigation of rouge wireless devices and suspected breaches
Administered and configured Network consisting of Windows 2003, 2008, Small Business Servers, Active Directory database, Backup on local and remote NAS storage
Provision on servers (UNIX, LINUX & Windows), Resource creation, deletion and management in active directory
Provide exceptional customer-service to business users by making the process more effective using ITIL concepts
Review/initiate processes document, complete/validate knowledge documentation, training, reporting and other duties as required
Preparing Excel workbooks and reports for the resources in stores and presenting a study report on previous month’s details of resources
Experienced in provisioning, creation, deletion and management in Exchange Management Console 2010
Documenting Facts and results after Root Cause Analysis of escalated cases of previous month and suggesting improvement plans
Provided access through folder/share permissions as well as group/local policies using Active Directory
Managing Resource Authentication and Authorization to applications in the environment
Sr.Technical Specialist/Consultant
Bell Mobility. Mississauga, Ontario. (February 2008 - January 2009)
Participating in security risk assessments where new applications are being implemented and/or business processes are changing that could affect the roles defined in the access governance tool
Developed a high level design which supports a robust technology solution, taking into account the user requirements, technical requirements, etc
Responsible for creating new documentations for various projects
Assist technology architecture and infrastructure design activities and supervising technology build, test and deployment activities
Monitored information security system, ensured that there were no Internet frauds and hackers on site
Monthly configuration review of the devices (firewall, switches, and routers, IPS) to ensure compliance to the predefined security
Technical Environment: Windows 2003/XP/VISTA Enterprise, SMS 2003, Active Directory, VMware, AdminStudio/InstallShield, WISE
Mac & Windows Support Engineer
TV Ontario. Toronto, Ontario. (December 2007 – February 2008)
Research, resolve and respond to end-user issues/problems/questions received via email, telephone calls, call back and provide support on desktop/laptop systems in accordance with current standards and SLA’s
Install, configure and maintain Windows/Mac desktops (troubleshooting, antivirus, backups)
Configure, test, maintain, monitor and troubleshoot end user telecommunications hardware/software, telephony and voice/data products
Updating of the computer systems, mainly to improve on stability and to reduce support demands, but also with an eye on user satisfactions
Heavy improvements in the network infrastructure, re-cabling, setup of areas with “fast” network setup of wireless network
Setup of a simple Intranet with an intranet web server, database server, shared agenda server
Support of user systems; especially support of digital video workstation systems, (Avid Media Composer and Final Cut Pro)
Education
Ryerson University – Toronto, Ontario.
Bachelors of Information Technology Management (ITM)
Seneca College – Toronto, Ontario.
Computer System Technology