Information Security Sales

ABDUL HAYEE SAJID, B.ENGG, MBA, CICA®, COBIT®

CELL PHONE: +92-334*******

ADDRESS: FL-23, A-26, KHI APARTMENTS OFF UNI ROAD, BLOCK-11, GULSHAN-E-IQBAL, KHI EMAIL: *************@*****.***

PLACEMENT OBJECTIVE: I WANT TO ENHANCE MY EXPERTISE IN A REPUTABLE DYNAMIC ORGANIZATION THAT PROMOTES FRIENDLY WORKING ENVIRONMENT, ENCOURAGES ADAPTABILITY, AND PROVIDES OPPORTUNITIES TO EXCEL. IF GIVEN AN OPPORTUNITY, MY EXPERTISE WILL PROVE TO BE AN ASSET FOR THAT ORGANIZATION.

CAREER SYNOPSIS

Proactive, dynamic, and target focused professional with 12 years of accomplished experience in the field of Internal Audit & Compliance/IT Audit/Enterprise Fraud Management/IT Governance/BCM/Information Security across Pakistan, U.A.E, Bahrain, Egypt, Iraq, & Yemen. Pragmatic, with proven managerial acumen and abilities to withstand work pressures, deliver assignments within specified time frame without compromising on quality benchmarks. Demonstrated expertise in serving the FMCG Logistics & distribution, Financial Services, Information Technology Services, Oil & Gas sector, and hospitality industries along with one of the Big 4 audit firms. Expertise in Internal Audit & Compliance, Fraud Investigations, GRC, IT Governance, IT Audit & Assurance, Information Security & Compliance, BCM and Software Process Improvement. Understanding of COSO, COBIT, SDLC, ISO27001, ITILv3 and BS25999 & auditing knowledge of SAP & Oracle. Confident, innovative, and out-of-the-box thinker who have ability to move with business departments by maintaining the audit independence.

A go-getter with a “Can Do” attitude and a great eye for details with ability to take quick decision; keen learner and carries as unsullied image of integrity and honesty. A dynamic leader dedicated with communication, presentation, interpersonal and co-ordination skills, and ability to interact with a wide range of individuals from diverse backgrounds. A self-motivated, confident, and key advisor with creativity and proven leadership capabilities with adaptability to new methodologies and applications.

SENIOR MANAGER (HOD) – INTERNAL AUDIT DEPT. (REPORTING INTO THE AUDIT COMMITTEE) JAN 2018 TO DATE

Starting business streak in 1967 as manufacturers of Battery Cells. Exploiting maximum leverage and benefits from the long expertise and experiences of its ancestors in distribution business. Burque finally managed to conclude a landmark agreement with Nestle SA, Switzerland in 1976 to be the exclusive distributors of their products in Pakistan. Realizing the distribution business as their main forte, the company eventually through geographical expansion targeted African continent to establish their first foot-prints in Tanzania, by entering into business venture with Unilever to become their sole-distributors in that region. Strategic Role:

Devised Internal Audit Charter, Enterprise Fraud Management framework, & Technology Assurance strategies of 04 group companies operating in Pakistan & East Africa; Leading Internal Audit’s Annual risk assessment and planning process to develop the Annual Audit Plan and ensure the plan is responsive to and aligned with the risk profile of the company; and, Overseeing Internal Audit’s participation in SAP S/4HANA implementation and ensuring that audit’s perspective is effectively voiced and appropriate controls are designed and implemented on a proactive basis. Operational Role:

Managing four (04) focused teams of 13 auditors covering Operational, Financial, Technology, and Special audits as highlighted in the audit plan by ensuring the highest level of service quality and audit committee satisfaction; Leading various fraud investigations highlighted through a whistle blowing mechanism, audit assignments

(IT/Financial/Operational) at corporate and subsidiary locations i.e. Distribution Centers; Meeting regularly with Audit Committee to report the status of Internal Audit’s ongoing activities, educate/inform the committee of emerging risks (including financial, operational, technological risks) that should be considered, and serve as a “thought leader” with respect to risk management and internal control best practices; Actively participating in executive management meetings and/or committees to ensure that Internal Audit is well- informed of key business developments that could have an impact on audit priorities and/or plans; Coordinating the activities of external auditors including how best to leverage the work performed and results produced from Internal Audit’s work; and,

Issuing all Internal Audit reports ensuring the reports are clear, concise, identify root causes with practical solutions, and ultimately provide value to management; and demonstrating how internal audit adds value to the company.

GROUP SR. INTERNAL AUDITOR (MANAGERIAL ROLE) – LEADING PAKISTAN MARKET & REPORTING TO GROUP AUDIT MANAGEMENT BASED IN MIDDLE EAST – FEB 2013 - JAN 2018 Abudawood started it's business distributing consumer goods products by Sheikh Ismail Abudawood at Saudi Arabia in 1935. After that, Abudawood signed agreements with Procter & Gamble, Clorox and Quaker to distribute their products in Saudi Arabia. Today, working in the main center in Jeddah, Saudi Arabia more than 750 employees committed to the business operations directed outside the kingdom in the Middle East and Europe and United States and in various industries such as sales and distribution, trade, real estate, financial investment, education and training. Abudawood exist in Saudi Arabia, Pakistan, Bahrain, Iraq, Yemen and Egypt. At present, Abudawood is a multi-billion-dollar enterprise, operating more than 150 facilities and 1,800 vehicles in six countries, and employing over 6,000 people. Strategic Role:

Leading the development and implementation of Annual Internal Audit Plan for the Pakistan Market to ensure that all business divisions (Finance, HR, Supply Chain, Sales Development, Administration and Procurement, IT, Trade Marketing) receive appropriate audit coverage as per Annual Internal Audit Plan; Leading and managing the Group IT Audits for group offices in Pakistan, Egypt, Iraq, Yemen, & Bahrain Markets; Providing leadership to the department staff and manage their performance and development in line with the IA's goals, objectives, policies and regulations; and,

Managing the development of Internal Audit Scorecard and ARIS (Audit Recommendation Implementation Status) pertaining to Pakistan Market by conducting/managing monthly Follow-up of open findings. Operational Role:

Finalizing the Internal Audit reports & discussing audit observations with appropriate levels of management

(including CEO) and worked with management to develop reasonable corrective actions; Report on IT General Controls and Business applications weaknesses and follow-up on agreed-upon action plans; Providing timely and valuable suggestions to senior management on their requests for improving internal controls and making processes more effective & efficient. Also reviewed various policies & SOPs before they were being approved and rolled out for implementation;

Identifying instances of over and under control and providing management with a clear articulation of residual risks where existing controls are inadequate;

Suggesting the controls implementation for the development of new warehouses and sites across Pakistan; and, Conducting periodic training workshops to promote awareness of Internal Controls and enlighten changes in policies that will impact the processes.

SR. PRE-SALES SECURITY CONSULTANT – INFORMATION SECURITY, PAKISTAN JULY 2012 TO JANUARY 2013

NetSol Technologies Limited (CMMI Level 5 Company) (NASDAQ:NTWK, DIFX:NTWK and KSE:NETSOL) founded in 1995 with the powerful vision of becoming a global information technology solution provider now stands amidst most rapidly growing global IT firm with resource base exceeding 1000+ professionals worldwide. Since 1995, NetSol has come a long way to firm itself as a mature, quality conscious, customer centric multinational corporate entity. The company has a truly global presence with subsidiaries in USA, UK, Australia, China, Thailand, KSA and Pakistan; correspondingly taking care of North America, Europe, Australia, Pacific Rim and South Asia.

Conduct presentations, implement Proof-Of-Concepts (POCs), SOW and develop detailed proposals and quotations for new opportunities related to Information Security consulting services and products; Respond to official RFQ/RFP, being involved in tender requirements and submission for “Information Security & Technology Auditing” projects;

Accompanying sales team in customer meetings in a consultative pre-sales role; Advise customers on information security product and services solutions; Conduct demonstrations, proofs of concept, and presentations to varying levels within a customer organizations; Deliver InfoSec services from pre-sales information gathering and documentation to post-sales assessment, project plan development/management;

Provide high-quality documentation of work performed for customers; Coordinate/participate in technical training and product updates with business partners; Coordinate with the support and Project management departments & to follow up installation of the products and other items sold; and,

Training/coaching other consultants within Information Security practice. ASSISTANT MANAGER – INTERNAL IS AUDIT, PAKISTAN

AUGUST 2011 TO JULY, 2012

Prime and only housing finance institution of the country, providing affordable housing solutions to low and middle income groups of population by encouraging new constructions in Small & Medium Housing (SMH) sector. Responding to housing needs of low income groups is a social responsibility, beyond that everything has to be 100% commercially viable and sustainable to ensure an ongoing housing finance entity. Established an IT audit function within Internal Audit department and Lead the IT Audit Projects and prepare the Internal IS Audit Plan for submission to the Audit Committee and senior management of the company; Prepare the IS Audit Engagement Planning including allocation of resource to ensure that the resources are optimally utilized and assigned tasks as per their specific skills set; Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information;

Carry out IS audits; ascertain IS infrastructure including the (Data Center Audits, General Control Reviews, Information Security Reviews, System Development Assessments, etc.) and business process review; Provide assistance in the identification and testing of key application controls while focusing on operational and financial audits;

Manage all stages of audits including planning, testing of controls, transforming technical results to draft audit reports and management summaries; and,

Develop and communicate audit concerns to appropriate levels of management; writing and delivering audit reports; and working with management to develop reasonable and sufficient corrective actions assisting on audits outside of assigned areas of responsibility (in a team member role). CONSULTANT – ENTERPRISE RISK SERVICES, PAKISTAN

OCT, 2009 TO JULY, 2011

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's more than 168,000 professionals are committed to becoming the standard of excellence. Project Name: End-to-End Business Continuity Management Role: Project Senior

Client: Pakistan Petroleum Limited

Duration: 8 Months

End-to-end Business Continuity Management (BCM) program for a major Oil & Gas company of Pakistan. Scope of work encompassed company’s Head Office together with six producing field locations. I was responsible for conducting the following:

Current State Assessment by utilizing Deloitte’s BCM Diagnostic Tool Preparation for improvements required based on Current State Assessment Business Impact Analysis of all critical business activities and establish their Maximum Tolerable Period of Disruption by utilizing Deloitte’s BIA Toolkit

Enhanced current and developed additional Business Continuity & resumption Plans Awareness and training strategy within the BCM framework, and provide guidance in delivering BCM test programs

BCM Maintenance

Project Name: Review of Application Authorization Process based on CMMI-Dev & SOX Section 404 Role: Project Supervisor

Client: Oxford University Press

Duration: 5 Months

Performed the review of Application Authorization Process for manufacturing as per CMMI-Dev. The review was conducted to specifically focus on the following:

Review application security objects (roles and authorizations) standards; Review ongoing processes for role maintenance activities, including compliance requirements; Recommend and document the remediation efforts of identified gaps in the security authorization processes.

Project Name: Review of Information Security Policies and Procedures Role: Project Senior

Client: Karachi Stock Exchange

Duration: 15 Days

Performed the review of Information security policies and procedures as per ISO 27001 framework. As part of the project, I was responsible for performing a gap analysis of current Information Security policies and procedures as per 10 domains and 127 control objectives.

Project Name: Review of BCP as per BS25999 and BS25777 Role: Project Senior

Client: Karachi Stock Exchange

Duration: 1 Month

Performed the review of Business Continuity plans as per BS25999 and BS25777 frameworks for a major financial institution in Karachi. The review included the following: Gap Analysis Review

Maturity and Capability Assessment

Suggest Risk Based Remediation Strategy

Project Name: Internet Trading Compliance review

Role: Project Senior

Client: JS Global Private Limited

Duration: 1 Month

Performed the compliance review in accordance with (Internet Trading Guidelines) issued by the Security and Exchange Commission of PK and PCI DSS. As part of the project, I was responsible for performing the gap analysis against 13 guidelines.

CONSULTANT – ENTERPRISE RISK SERVICES, DUBAI

SECONDMENT - JAN, 2010 TO MARCH, 2010

Project Name: IT Auditing

Role: Project Senior (Multiple Clients)

Industries: Oil & Gas, Manufacturing and Financial Services Industries Duration: 3 Months

Conducted multiple General Computer Controls audit to assess and test the internal controls over client's financial systems as part of an external audit.

CLIENT HISTORY – MIDDLE EAST

Oil & Gas

Upstream:

FAL Oil Group, Sharjah

Miscellaneous

Kempinski Hotel, Ajman

INTERCAT Hospitality, Dubai

Royal Palace Furniture Group, Sharjah

Corporate

AFKAR Group of Companies, Sharjah

RAK Rock, Ras Al Khaimah

Stevin Rock LLC, Ras Al Khaimah

Financial Services

Union Insurance, Ajman

ASSISTANT CONSULTANT – ENTERPRISE RISK SERVICES,

JAN, 2008 TO SEPTEMBER, 2009

Project Name: Automated Control Assurance

Role: Project Supervisor (Multiple Clients)

Industries: Oil & Gas, Manufacturing and Financial Services Industries Duration: Around 2 years

Conducted multiple IS audit assignments based on Deloitte’s IS Audit Methodology and ensuring the timely completion of these assignments.

Developed Audit Programs based on Deloitte’s Risk Based Audit Approach which includes multiple standards i.e. PCI DSS, ISO 27001, ITIL v3, Cobit 4.1, SDLC & CMMI. Conducted the exit meetings with client’s management. Drafted the IS Audit Report and obtaining the management comments from the client. CLIENT HISTORY – PAKISTAN

Banking

State Bank of Pakistan

NIB Bank (Pakistan)

Burj Bank Limited

MyBank Limited

Allied Bank Limited

Royal Bank of Scotland (PK)

Financial Services

Foundation Securities Private Limited

PICIC Energy Fund

Standard Chartered Modarba

Corporate

Pakistan Steel Mill

COMSTAR Private Limited

OPTIMUS Private Limited

Abbott Pharmaceuticals

Oxford University Press

J&P Coats Private Limited

Lucky Cement Limited

Oil & Gas

Sui Southern Gas Company

PROFESSIONAL ASSOCIATION/MEMBERSHIP

AIENG, Hong Kong

Member International Association of Engineers & Computer Scientists since May, 2012 Pakistan Engineering Council

Member of Pakistan Engineering Council (PEC) since December, 2010 ISACA, USA

Member Information System Audit & Control Association (ISACA) since September, 2009 THE IIC, USA

Member Institute for Internal Controls (IIC), USA since June, 2011 SUMMARY OF QUALIFICATIONS:

REDC, Lahore University of Management Sciences (LUMS), PK Executive Training Program (Finance for Non-Financial Managers) – Aug to Sep 2016 University of Sindh, Jamshoro, PK

MBA (Finance, MIS, & Marketing) – December 2013

McAfee, USA – August and September 2012

Sales Advocate Network Defense

Sales Advocate System Security

Sales Advocate Web & Email

Sales Advocate Risk & Compliance

Kaspersky Lab, Russia – September 2012

Certified Sales Specialist of Kaspersky Lab Corporate Solutions - 2nd Level United States Institute of Peace, USA

Certificate course in Negotiation & Conflict Management on May 20, 2012. Texas Engineering Extension Service - The Texas A&M University System, USA Certificate course in Information Risk Management (AWR-177-W) on May 09, 2012. Information System Audit & Control Association (ISACA), USA CobiT®, (Control Objectives for Information & Related Technology) – March, 2012 Institute for Internal Controls, USA

CICA® (Certified Internal Controls Auditor) - June, 2011. Mehran University of Engineering & Technology, PK

Bachelor of Engineering in Software Engineering - March, 2008 OCP (University Curriculum)

TRAININGS

Business Continuity Management, November 2010, Deloitte EMEA Security & Privacy (S&P) Fundamentals, July 2009, Deloitte EMEA Attended 1 day International Workshop on “Legal Issues in IT for Professionals” organized by Southampton University, UK and Mehran UET, Jamshoro in April 2009. TECHNICAL EXPERTISE LEVEL

Banking Software (e.g. Temenos T24, Symbols, TCSS, etc) Intermediate ERP Software (e.g. SAP R3 and Oracle EBS) Intermediate SAS (AS/2) Audit Tool Expert

MS Office Expert

Deloitte’s Business Continuity Diagnostic Tool Expert Deloitte’s BIA Toolkit Expert

PERSONAL INFORMATION:

Father’s Name: Dr. Abdul Khalique Ansari

Date of Birth: 14th Sep 1984

Nationality: Pakistani

Religion: Islam

Marital Status: Married

REFERENCES:

Will be provided upon Request

Contact this candidate