SAMI KABIR
682-***-**** – adi4mp@r.postjobfree.com
SUMMARY:
Highly adaptive and goal-oriented Information Systems professional with over 3+ years of experience working in the IT Risk Management and Security Compliance domain. Dynamic IT Auditor with a firm grasp of knowledge surrounding leading industry frameworks such as: FISCAM, FFIEC, NIST, SOC, SOX, ISO 27000 series. Collaborative leader with the ability to conduct large scale technical projects focused on IT Operations, Cybersecurity, IT Asset Security, ITGC, SOC 1/2 and HIPAA Compliance. Partner on organizational policy changes to address gaps and meet compliance requirements that resolve challenges and propel business growth. EXPERIENCE:
A-LIGN,
Senior Consultant 09/2020 – Present
• Working for A-Lign, as a Senior Consultant to provide SOC and HIPAA Compliance Attestation to A-Lign’s clients; sub-contracted to A-Lign from Tasacom Technologies Incorporated.
• Performing SOC 1, SOC 2 (type 1 and 2), and HIPAA compliance attestation for global companies that have complex networks, data hosting architectures, and cloud services hosted on AWS, GCP, Azure.
• Conducted SOC 2 attestation for global BPO company, and SaaS service provider clients based on common criteria along with availability, confidentiality, and privacy criteria. ASCEND TECHNOLOGY INC.,
IT Auditor 01/2019 – 09/2020
• Conducted ITGC/ IT infrastructure/ IT Operations and cybersecurity audits; last project was in public sector as a sub-contracted consultant to Grant Thornton LLP to perform ITGC and IT application audits.
• Provided policy guidance based on frameworks such as- NIST, SOC 2, ISO27000 series, etc. GRANT THORNTON US,
Senior Consultant – Subcontracted 09/2019 – 03/2020
• Worked in the capacity of a Senior IT Auditor to assess risk and controls of ITGC, business process and application security, etc., of the Cal State Financial Information system sponsored by Cal State Auditor’s Office.
• Evaluated controls (automated & manual) for business process transactions in PeopleSoft and Hyperion which were leveraged by Department of FI$Cal.
• Evaluated entity’s financial transaction platform per the FISCAM’s guidance on security management, access control, SOD, and contingency planning domains.
• Worked with senior level management at Dept. of FI$Cal in conducting walkthroughs, testing, and follow-up on issues pertinent to risk register status and recommended mitigation strategies.
• Provided policy update recommendations to Dept. of FI$Cal pertinent to ITGC testings’ findings.
• Managed associates in the team on ad-hoc basis to ensure project milestones were achieved. GOLDEN 1 CREDIT UNION,
IT Internal Auditor 07/2018 – 12/2018
• Performed and managed full audit lifecycle of - Patch Management Audit, ATM operations audit, Anti- Malware audit and IDS/IPS audit.
• Prescribed applicable updates to policies and procedures based on findings from completed IT audits that enhanced entity’s data security and privacy controls compliant to NCUA.
• Assisted in building a repository of high value data to track risks and implement security controls.
• Utilized compliance frameworks prescribed by FFIEC, NCUA, NIST, ISO27000 series. VERSACOM LP,
IT Audit & Security Intern 03/2018 – 07/2018
• Researched industry specific Information Security policy/ frameworks such as - COBIT, ISO 27000 series, etc. for company wide deployment.
• Evaluated IT infrastructures, IT applications and ERP of the company to assess IT control gaps.
• Worked on complete workflow integration with Office365 for the company.
• Assisted various departments of the company in documenting process and create common knowledge sharing through SharePoint.
INDUSTRIAL & INFRASTRUCTURE DEVELOPMENT FINANCE COMPANY, Deputy Manager 05/2016 – 07/2016
• Managed projects and assisted audits (operational/ financial) on portfolios of an estimated $2M value.
• Drafted and secured approval for several policies for the company in response to regulatory compliance requirements.
SOLIDARITES INTERNATIONAL FRANCE,
Consultant 04/2015 – 08/2015
• Worked in direct supervision of Country Director to draft policies per regulatory requirements.
• Compiled inputs from internal teams to assess risks, formulate controls and finalized various project proposals to receive management’s approval on go-live. OXFAM BANGLADESH,
Consultant 11/2012 – 02/2015
• Managed relationship and communication with donor bodies: UN, WB Group, UK Aid, DFID.
• Worked across different teams to identify operational risks and planned audits to support internal audit team.
• Compiled inputs, finalized proposal, submitted, and secured approval for a $31M 3-year project.
• Supported two large annual audits by UK based CPA firm on Oxfam Bangladesh’s core project from planning phase to closing meeting.
BRAC BANK,
CSR & Sponsorship Officer 04/2011 – 08/2011
• Authored 15-page CSR policy, worked with internal audit team to find gaps in compliance activities.
• Acquired board’s approval on CSR proposals; monitored CSR and sponsorship projects worth $1.5 M.
• Utilized SAP ERP and Tableau to analyze data for CSR investments, project audits and milestones presentation to corporate management.
EDUCATION:
M.S., Information Technology & Management, The University of Texas at Dallas Dec 2017 M.B.A., International Business, The University of Dhaka, Bangladesh Oct 2015 PhD (part-time), Information System and Technology, Claremont Graduate University Spring 2021 o Enrolling in Network and IT Security concentration PhD program CERTIFICATION:
• Certified Information Systems Auditor (CISA), Cert. no- 20164975
• Certified Information Security Manager (CISM), passed exam in April 2020
• Certified Information Systems Security Professional (CISSP), passed exam in June 2020 INVOLVEMENT:
• Active member of global professional organizations such as ISACA and (ISC)2. TECHNICAL SKILLS:
Languages Python, Java, HTML
Software ACL, IDEA, SAP HANA, SAP Lumira, Tableau, MS Visio, SharePoint, PeopleSoft, MS Office
Platforms Windows, Linux, MacOS
Networking Nmap, NetFlow, Wireshark, IDS/IPS - Security Onion, Qualys, TCP/IP and UDP protocol, Firewall Rule Configuration
Database SQL (MySQL, Oracle)
Frameworks NIST, FISCAM, FISMA, SAM, SIMM, COSO, SOX, COBIT, PCI-DSS, HIPAA, ISO 27000 Series, SOC 1
& 2, GLBA, OWASP, SSAE 18, GDPR, FFIEC, NCUA,
Digital Forensic Splunk, QRadar, Nessus, Rapid7, EnCase GRC Tools TeamMate, ServiceNow, Archer, MetricStream, ACL GRC, Active Directory