SAMI KABIR

682-***-**** – adi4mp@r.postjobfree.com

SUMMARY:

Highly adaptive and goal-oriented Information Systems professional with over 3+ years of experience working in the IT Risk Management and Security Compliance domain. Dynamic IT Auditor with a firm grasp of knowledge surrounding leading industry frameworks such as: FISCAM, FFIEC, NIST, SOC, SOX, ISO 27000 series. Collaborative leader with the ability to conduct large scale technical projects focused on IT Operations, Cybersecurity, IT Asset Security, ITGC, SOC 1/2 and HIPAA Compliance. Partner on organizational policy changes to address gaps and meet compliance requirements that resolve challenges and propel business growth. EXPERIENCE:

A-LIGN,

Senior Consultant 09/2020 – Present

• Working for A-Lign, as a Senior Consultant to provide SOC and HIPAA Compliance Attestation to A-Lign’s clients; sub-contracted to A-Lign from Tasacom Technologies Incorporated.

• Performing SOC 1, SOC 2 (type 1 and 2), and HIPAA compliance attestation for global companies that have complex networks, data hosting architectures, and cloud services hosted on AWS, GCP, Azure.

• Conducted SOC 2 attestation for global BPO company, and SaaS service provider clients based on common criteria along with availability, confidentiality, and privacy criteria. ASCEND TECHNOLOGY INC.,

IT Auditor 01/2019 – 09/2020

• Conducted ITGC/ IT infrastructure/ IT Operations and cybersecurity audits; last project was in public sector as a sub-contracted consultant to Grant Thornton LLP to perform ITGC and IT application audits.

• Provided policy guidance based on frameworks such as- NIST, SOC 2, ISO27000 series, etc. GRANT THORNTON US,

Senior Consultant – Subcontracted 09/2019 – 03/2020

• Worked in the capacity of a Senior IT Auditor to assess risk and controls of ITGC, business process and application security, etc., of the Cal State Financial Information system sponsored by Cal State Auditor’s Office.

• Evaluated controls (automated & manual) for business process transactions in PeopleSoft and Hyperion which were leveraged by Department of FI$Cal.

• Evaluated entity’s financial transaction platform per the FISCAM’s guidance on security management, access control, SOD, and contingency planning domains.

• Worked with senior level management at Dept. of FI$Cal in conducting walkthroughs, testing, and follow-up on issues pertinent to risk register status and recommended mitigation strategies.

• Provided policy update recommendations to Dept. of FI$Cal pertinent to ITGC testings’ findings.

• Managed associates in the team on ad-hoc basis to ensure project milestones were achieved. GOLDEN 1 CREDIT UNION,

IT Internal Auditor 07/2018 – 12/2018

• Performed and managed full audit lifecycle of - Patch Management Audit, ATM operations audit, Anti- Malware audit and IDS/IPS audit.

• Prescribed applicable updates to policies and procedures based on findings from completed IT audits that enhanced entity’s data security and privacy controls compliant to NCUA.

• Assisted in building a repository of high value data to track risks and implement security controls.

• Utilized compliance frameworks prescribed by FFIEC, NCUA, NIST, ISO27000 series. VERSACOM LP,

IT Audit & Security Intern 03/2018 – 07/2018

• Researched industry specific Information Security policy/ frameworks such as - COBIT, ISO 27000 series, etc. for company wide deployment.

• Evaluated IT infrastructures, IT applications and ERP of the company to assess IT control gaps.

• Worked on complete workflow integration with Office365 for the company.

• Assisted various departments of the company in documenting process and create common knowledge sharing through SharePoint.

INDUSTRIAL & INFRASTRUCTURE DEVELOPMENT FINANCE COMPANY, Deputy Manager 05/2016 – 07/2016

• Managed projects and assisted audits (operational/ financial) on portfolios of an estimated $2M value.

• Drafted and secured approval for several policies for the company in response to regulatory compliance requirements.

SOLIDARITES INTERNATIONAL FRANCE,

Consultant 04/2015 – 08/2015

• Worked in direct supervision of Country Director to draft policies per regulatory requirements.

• Compiled inputs from internal teams to assess risks, formulate controls and finalized various project proposals to receive management’s approval on go-live. OXFAM BANGLADESH,

Consultant 11/2012 – 02/2015

• Managed relationship and communication with donor bodies: UN, WB Group, UK Aid, DFID.

• Worked across different teams to identify operational risks and planned audits to support internal audit team.

• Compiled inputs, finalized proposal, submitted, and secured approval for a $31M 3-year project.

• Supported two large annual audits by UK based CPA firm on Oxfam Bangladesh’s core project from planning phase to closing meeting.

BRAC BANK,

CSR & Sponsorship Officer 04/2011 – 08/2011

• Authored 15-page CSR policy, worked with internal audit team to find gaps in compliance activities.

• Acquired board’s approval on CSR proposals; monitored CSR and sponsorship projects worth $1.5 M.

• Utilized SAP ERP and Tableau to analyze data for CSR investments, project audits and milestones presentation to corporate management.

EDUCATION:

M.S., Information Technology & Management, The University of Texas at Dallas Dec 2017 M.B.A., International Business, The University of Dhaka, Bangladesh Oct 2015 PhD (part-time), Information System and Technology, Claremont Graduate University Spring 2021 o Enrolling in Network and IT Security concentration PhD program CERTIFICATION:

• Certified Information Systems Auditor (CISA), Cert. no- 20164975

• Certified Information Security Manager (CISM), passed exam in April 2020

• Certified Information Systems Security Professional (CISSP), passed exam in June 2020 INVOLVEMENT:

• Active member of global professional organizations such as ISACA and (ISC)2. TECHNICAL SKILLS:

Languages Python, Java, HTML

Software ACL, IDEA, SAP HANA, SAP Lumira, Tableau, MS Visio, SharePoint, PeopleSoft, MS Office

Platforms Windows, Linux, MacOS

Networking Nmap, NetFlow, Wireshark, IDS/IPS - Security Onion, Qualys, TCP/IP and UDP protocol, Firewall Rule Configuration

Database SQL (MySQL, Oracle)

Frameworks NIST, FISCAM, FISMA, SAM, SIMM, COSO, SOX, COBIT, PCI-DSS, HIPAA, ISO 27000 Series, SOC 1

& 2, GLBA, OWASP, SSAE 18, GDPR, FFIEC, NCUA,

Digital Forensic Splunk, QRadar, Nessus, Rapid7, EnCase GRC Tools TeamMate, ServiceNow, Archer, MetricStream, ACL GRC, Active Directory

Contact this candidate