Information Security Risk Management

Location:

Oakville, ON, Canada

Posted:

June 15, 2024

Contact this candidate

Resume:

Cyber Security Leader

Faisal Ashraf

*********@*****.***

778-***-****

Head of Information Security & Corporate IT – Stylitics, 2022 – Present

Stylitics is a market leader in outfitting and bundling content provider, and boosts average order value, conversion rates and loyalty.

Led and developed information security strategy and roadmap.

Pioneered Stylitics information security program which included policy development, policy governance structure, vulnerability management practices, compliance reviews and risk management.

Led and developed the privacy program including an extensive review EU and US Privacy regulation and requirements.

Operationalized Information Security and Information Technology practices

Led and managed corporate IT initiatives including operations.

Managed the system integration plan for affiliate acquisition.

Constructed the Stylitics Risk Register program with quarterly reviews risk owners while leading initiatives for remediation, establishing key timelines and deliverables.

Formulated and allocated a dedicated budget for the InfoSec program at Stylitics that included annual engagements, assessments, and resources.

Director Information Security – Affirm, 2020 – 2022

Affirm is a leading provider of instant buy now, pay later plans for both e-commerce and in-store transactions.

Led and developed multiple workflows for information security, privacy, and compliance initiatives to strengthen the organization’s information security posture.

Directed the Merger and Acquisitions (M&A) information security activities for Affirm affiliates which included an integration plan for approx. 50 systems, execution of the readiness assessment plan and remedial activities to close the transaction.

Formulated and presented quarterly dashboards to review the health of the information security/posture of the program, while identifying metrics or KPI’s with key business stakeholders across Affirm and affiliates.

Led, spearheaded & corresponded to the security incident response exercises for Affirm by providing guidance on defense in depth strategies, documenting the details of the incident, reviewing all required actions, and conducting a postmortem exercise with key stakeholders.

Conducted a data transformation exercise for the data logging collection process while aligning to privacy industry best practices and protecting sensitive data.

Operationalized information security practices to align with the NIST CSF framework and identified areas for improvement.

B.Comm. (Hons) - MIS

2004 - University of. Manitoba

B.A. - Psychology

1999 - University of Winnipeg

PROFESSIONAL EXPERIENCE

PROFESSIONAL SUMMARY

InfoSec Program Development

Policy Frameworks

Security & Privacy Governance

Vendor Risk Management

Project Management

Vulnerability Management

DevSecOps Management

Cloud and Network Security

Incident Resp. Management

Resource Management

Performance Metrics

SKILLS

Performance driven and proven information security leader with over twenty years of experience. Led multiple teams, engagements and initiatives focusing on security, privacy, compliance, risk assessments, and technical security reviews. Operationalized information security functions, performance metrics and forecasted budgets. Spearheaded a series of practical security assurance practices that have been aligned with the business objectives.

CERTIFICATIONS

EDUCATION

2015 - Cert. Info. Privacy Manager (CIPM)

2012 - Cert. Info. Security Manager (CISM)

2009 – Cert. Info. Systems Security Professional (CISSP)

2007 – Cert. Info. Systems Auditor (CISA)

Linkedin.com/Faisal-Ashraf

Director Information Security – Flipp Corporation, 2017– 2020

Flipp is a retail technology company that is reinventing the way people shop..

Resolved key deficiencies within the information security & data protection practices by achieving the key half year goals/objectives.

Led the California Consumer Privacy Act (CCPA) compliance initiative which included interpretation of the CCPA obligations, data transformation efforts across multiple data repositories/systems and alignment with key stakeholders across multiple business functions.

Information Security & Privacy Manager - Alida, Location, 2014 – 2017

Alida® provides a cloud-based SaaS customer intelligence platform that allows companies to build engaged consumer insights.

Led and managed the compliance program against SOC2 which included all five trust principles for both Type I and Type II reporting.

Conducted regular security reviews configurations for network appliances such firewalls, network filtering, IDS, vulnerability management and email filtering.

Assessed security practices available in the Alida private cloud and Amazon AWS (EC2, S3, Trusted Advisor, etc.) and MS Azure.

Corporate Security Analyst - Blackberry, 2011 – 2013

BlackBerry provides enterprises and governments with the software and services they need to secure the Internet of Things (IoT).

Collaborated with key internal BlackBerry stakeholders to identify key information security risks, issues, and reporting to the designated the security functional teams.

Led multiple engagements as the lead security architect, while assessing the project scope in assessing the proposed network infrastructure design and application functionality against ISO 27001 and PCI-DSS certifications.

Senior IT Auditor – WestJet Airlines, 2010 – 2011

WestJet Airlines is Canada’s second largest airline with low cost fares.

Performed IT General Computing Controls (SOX) and PCI-DSS compliance assessments.

Senior Consultant – Deloitte LLP, 2007 – 2010

Deloitte LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance and advisory services.

Performed TRA (Threat and Risk Assessments), PIA (Privacy Impact Assessment), Automated Controls Review, business cycle reviews,

Senior Associate – Price Waterhouse Coopers LLP, 2006 – 2007

Price Waterhouse Coopers LLP is one of the ‘big four’ accounting firms, providing industry-focused assurance and advisory services.

Assessed IT General Controls audits and threat and risk assessments while evaluating the business impact.

Cyber Security Leader

MS Office Suite

GRC Tools Integration

Amazon AWS and MS Azure

Task Management (JIRA, Asana)

Vulnerability Scanners (Netsparker, Rapid7)

Antivirus (Fortinet, Symantec)

EDR (Crowdstrike Falcon)

Firewall (TrendMicro, Fortigate)

MDM (Intune, JAMF)

IAM Tools (OneLogin, Okta)

MFA (Google, Duo)

Server/Container Automation (Terraform, Docker, Ansible)

SIEM Logging (Elastic)

Automation Pipelines

(Jenkins, GitHub Actions, Go)

IDS (GuardDuty, OSSEC)

CDN (Cloudflare, Azure FD)