NAVEED KHAN CISA, CISM, CDPSE, ISO ***** LA/LI, TOGAF +1-416-***-****, +1-949-***-****

ad0337@r.postjobfree.com, www.linkedin.com/in/naveedkhancisa

PROFESSIONAL SUMMARY

Analytical, Innovative and performance driven Information Security/IT Compliance Professional having 15+ years of work experience in Information/Cyber Security, IT Compliance, IT Audits, and Information Security Risk Management gained by working in broad set of industries including Government, Telecom, Financial, Aviation and Banking. Having solid academic foundation coupled with industry renowned certifications including CISA, CISM, CDPSE, ISO 27001 and TOGAF. Dynamic team player possessing strong communication and interpersonal skills coupled with high standards of personal integrity and work ethics.

EXPERIENCE

Information Security Advisor and Consultant (Sep 2022 to Present)

Strong Cyber Solutions, Fairfax, Virginia, USA

Canada Life, Toronto, Canada

Manage and coordinate SOC2/SOX/ISO27001/27002 Audits

Develop and review Security documentation.

Privacy Impact Assessments

Third Party Risk Assessments

Director CISA Certification (Sep 2022 to Present)

ISACA Ottawa chapter, Ontario

IT Compliance and Security Manager (Nov 2019 to July 2022)

SNC-Lavalin, Montreal, Canada

Ensure compliance to ISO 27001, ICFR, CSAE3416/SOC1 and Internal IT Policies

Identify Information Security risks and Controls weaknesses in the IT systems and applications.

Interact with Procurement in the review of IT contracts and Third-Party Security evaluations.

Perform information security risk assessment in coordination with Enterprise Risk Department

Develop IT Policies, Procedures and Standards in coordination with Information Security Department

Support business teams in responding to bid related Cyber Security Questionnaire

Senior Information Security Advisor (Apr 2018 to Nov 2019)

Canadian National Railway, Montreal, Canada

Evaluate and communicate cyber security requirements to IT Project teams.

Provide risk evaluations and recommendations over activities and ensure adherence to regulatory and Information Security requirements.

Assess and challenge the effectiveness of security requirements by working collaboratively with system owners and other stakeholders.

Senior Information Security Consultant (Dec 2016 to Oct 2017)

Paladion Networks, UAE

PCI DSS (Payment Card Industry Data Security Standard) Implementation

ISO 27001:2013 and ISO 20000:2011 Surveillance and Recertification Audits

Evaluate the effectiveness of the Information Security Program in the company.

Perform security risk assessment on new projects related to Applications and infrastructure.

Performed Gap Analysis to identify the weaknesses in the current security and compliance procedures.

Information Security Policies, Procedures, Standards and Guidelines preparation as per NIST and ISO 27001

Provided guidance to IT team on interpretation and implementation of Security controls.

Lead the projects related to information/cyber security across organization.

Management and Reporting of Information Security Key Performance Indicators (KPIs)

Reviewed IT Infrastructure and IT General Controls

Conducted Vulnerability Assessments on Corporate Website using Qualys and Tripwire IP360

Identifications and reporting of security risks to application and infrastructure team and follow up with respective staff on its timely closure.

IT Compliance & Information Security Officer (March 2013 to Nov 2016)

General Civil Aviation Authority, UAE

Responsible for developing and recommending a security vision and long-term information security strategy.

Conducted IT Risk Assessments based on ISO 27005 and reported risks to the management along with controls recommendation.

Lead the organization’s existing and prospective Information Security, Compliance and Privacy programs in accordance with industry standards and requirements such as ISO 27001, NIST etc.

Reviewed Requirement Specification Documents, Design Documents, project plans and third-party agreements to ensure compliance of information security requirements.

Maintained and Developed Information Security Policies and Procedures as per ISO 27001:2013

Provided guidance to the IT department on the improvement of existing processes as per industry standards such as ISO 20000, ISO 27001, NIST etc.

Served as the focal point of escalation for IT compliance, Information Security, and audit issues.

Management and maintenance of IT Risk Register

Developed plan for Information Security awareness and provided training to IT and business unit staff.

Assessment on Cyber Security Risks and reporting to IT Steering Committee

Conducted Third Party/Service Audits and Risk Assessments based on ISO and SOC2

Ensured IT Operations compliance to ISO 20000:2011 and ISO 27001:2013 standards.

Supervision on the Implementation of IT GRC Tools such as RisqVu

Supervised Network Penetration Testing on corporate website

Coordinated with NESA (National Electronic Security Authority) for the implementation of Security Controls

Coordinated with External Auditors such as SAI (State Audit Institution), PWC and Deloitte etc.

Supervise periodic IT Disaster Recovery Testing

Management, reporting and resolution of Information Security Incidents

Assistant Manager – Information Systems Audit (Sep 2010 to Mar 2013)

Dubai Islamic Bank

Evaluated control effectiveness to ensure security, reliability, availability and Integrity of Bank’s application systems and IT environment.

Assist in planning and executing IT audits and project audits, including IT reviews of applications, security, systems availability, data integrity, and infrastructure according to the annual Audit Plan and audit methodology.

Developed audit programs in line with best practices and standards

Conducted IT Infrastructure Audits covering firewalls, routers, switches, operating systems (IBM AIX, Red Hat Linux) and Database (Oracle 10G)

Conducted IT Department audit.

Performed Application Control Reviews of various business applications such as IFLEX (Core Banking Application), CAPSTONE (Auto Loan Application), HR Application, CRM, and Internet Banking

Consultant – Technology Risk Management (Jan 2007 to Aug 2010)

Sidat Hyder Morshed – Former EY

IT General Controls and Application Controls Reviews of Banking Applications and Duty/Tax Calculation Application (Ministry of Finance)

Business Continuity/Disaster Recovery Plan Development as per best practices and standards like BS25999

Involved in Network Security Assessment and Penetration Testing & evaluation of potential security vulnerabilities in the networks and applications.

Information Security Policies and Procedures development as per ISO 27001 and COBIT

SAP and ERP application controls reviews

EDUCATION

Advanced Computer Security Certificate (2018-2019)

Stanford University, California

Cyber Security Management (2018)

University of Toronto

Bachelor of Computer Science (2001-2005)

National University of Computer and Emerging Sciences

PROFESSIONAL CERTIFICATIONS

CISA (Certified Information Systems Auditor)

CISM (Certified Information Security Manager)

CDPSE (Certified Data Privacy Solutions Engineer)

ISO 27001:2013 Lead Auditor and Implementer

TOGAF 9.1 – Enterprise Architect

TECHNICAL SKILLS

ISO 27001:2013, ISO 20000, PCI DSS, SOC1/SOC2, HIPAA, NIST CSF, NIST SP 800-53, GDPR, Cloud Security

Contact this candidate