Sign in

Head of Security and Business Continuity

Markham, ON, Canada
January 24, 2022

Contact this candidate


Mohammad Hanif

Head of IT Security and BCP

(Citizenship: Canada)

*** ****** ********, *******, ** L3S 3W8, Canada

Tel: 416-***-****


Strategic Global IT Leader

Snapshot: Strategic business executive, offering several years’ track record in spearheading IT Security, Business Continuity, IT operations across diverse organizations. Proficient in automating systems operations and business continuity primarily in the banking domain and a significant contributor in acquiring ISO 27001 certification for the current organization in role of Information Security Management Representative. Distinguished author of technical articles published in magazines and websites, and an ardent speaker at IT in Banking & Finance Forums.

History of Excellence in…

IT Strategy & Business Planning ~ IT Enablement / Digital Transformation ~ IT / Business Strategy Alignment ~ IT Security Management ~ BCP & DR ~ Project/Program Management ~ Technology Consulting/Audits ~ Change / Risk Management

Leadership Strengths & Highlights

Business Continuity & Disaster Recovery

CBCI certified, Certified IT DR Specialist, Certified Risk Management Specialist, Certified Crisis Management Specialist, expert in business continuity and disaster recovery methodologies and industry best practices. In-depth experience facilitating the designing business continuity and disaster recovery plans. Advanced knowledge in IT Operating Systems, Hardware/Software and IT Architecture. Skilled at providing leadership, guidance to perform tasks during a disaster.

IT Security Management

Proven ability in rendering subject-matter expertise to manage vendor information security risk including periodic audits of internal and external auditors, information security and business continuity controls.

IT Service Delivery

Solutions-oriented, expert in driving multiple high value technology/transformation projects, managing delivery for large & complex deals, collaborating with project teams, and deploying technology to build successful solutions and services for clients, ensuring delivery within assigned time, budget & quality parameters as well as exceeding client/business expectations.

Business Acumen

Expert in aligning business goals with technology solutions to drive process improvements, competitive advantage and bottom-line gains; Ability to envision and lead technology-based, revenue and growth initiatives grounded solidly on business and economic value; Successfully designed & implemented technical solutions, delivering a strong ROI.

Liaison & Coordination

Known for effectively coordinating and collaborating with ‘C’ level executives, senior management, customers, business partners, stakeholders and project teams; Successfully bridge the communication gap among business and technology groups.

Team Building & Leadership

Visionary & decisive leader, noted for sound, practical management style and excellent organization, communication, presentation & interpersonal skills; Proven ability to lead and motivate large cross-functional and multi-cultural teams to maximize productivity, ensuring technical solutions meet business requirements.

Professional Experience

Gulf Investment Corporation, Kuwait ~ Jul 1998 onwards

Head of IT Security and Business Continuity

Key Highlights:

Designed Business Continuity Plan and established and tested three Disaster Recovery sites in and outside country

Significantly enhanced operational efficiency by using Cloud technology and outsourcing many services

Eliminated Friday and Saturday operator shifts through automation of operator tasks

Successfully implemented VoIP solution first time in the Gulf region to replace traditional PBAX

Key Responsibilities:

Business Continuity / Disaster Recovery

Develop, implement, monitor and evaluate the enterprise Business Continuity Plan (BCP) and IT Disaster Recovery Plan (DRP) based on industry standards (ISO 22301) to meet critical goals and objectives to ensure all IT services are restored and business resumes normally in the event of a disaster. Contribute in the formation of Business Impact Analysis (BIA)

Ensures the BCP and DRP program aligns with established standards of practice, organizational policies and objectives, and applicable legislations and regulations. Lead the coordination and management of recovery activity in the event of a disaster. Establish Recovery Point Objective and Recovery Time Objective (RPO/RTO)

Provide leadership and guidance in the development, implementation and evaluation of IT strategies and initiatives related to DRP. Lead the teams for disaster recovery tests or in case of a real disaster to recover the systems back to normal performance. Provide guidance to the IT teams to the methodologies related to invocation of the DRP

Define and implement criteria for systems’ and applications’ recoverability and availability capabilities

Maintain the current state recovery measures for all IT infrastructure and applications with a view to mitigating disruption to the delivery of IT services in the event of a disaster

Make ongoing assessments of the BCP and DRP and prepare analysis for further improvement and/or other better alternatives for existing solutions defining costs and implementation schedules

Coordinate with other teams in the preparation of user guides and training materials. Perform training for the staff and presentations to the end users and the management on BCP goals and objectives and how the process works in a real disaster

Information Security Management

Define policies, practices and procedures as well as generate awareness for protection of key electronic business assets

Evaluate trends in information technology and security with potential impact on security of processes, infrastructure, customers or suppliers

Maintain strategic/tactical roadmaps related to information security program rollout and enhancements

Collaborate with senior management on critical security issues and recommending security risk-reduction solutions

Evaluate IT security requirements and ongoing compliance for outsourced or contract relationships

Manage in development, implementation and assessment of strategic, comprehensive enterprise information security program aligned to integrity, confidentiality and availability of information by the organization

Render subject-matter expertise to manage vendor information security risk including periodic audits of third-party service providers’ information security and business continuity controls

Organize information security and risk management awareness training programs for all employees, contractors and approved system users

Develop framework for roles and responsibilities and enhanced information security management and control framework based on appropriate information security industry standards

Team Leadership

Groom & mentor team members in enhancing client satisfaction by ensuring compliance to project delivery schedules and other SLA parameters

Evaluate team performance and render productivity enhancement feedback. Organize training sessions for team members based on identified training needs

Spearhead team efforts in acquiring ISO 27001 Certification for the organization, implementing New Core Banking System as well as setting up & testing of three disaster recovery sites: Local, Bahrain, Luxembourg

Previous Assignments




Aetna Life Insurance Company, Canada

Systems Engineer

Oct 1996 – Mar 1998

Gulf Investment Corporation, Kuwait

Data Centre/Security Manager

Aug 1986 – Oct 1996

Al-Rajhi Banking & Investment Group, Saudi Arabia

Operations Supervisor

Jul 1983 – Jul 1986

United Bank Ltd, Pakistan

Computer Operations Officer

Aug 1979 – Jul 1983


Academics: Bachelor of Science (Mathematics, Statistics, Physics), University of Karachi (1975)

Master of Science (Computer Science), Kennedy-Western University, Idaho, USA (1993)

Accreditation: CBCI, Certified IT DR Specialist, Certified Risk Management Specialist, Certified Crisis Management Specialist, Project Management, ITIL Foundation, ISO 27001 Certification, Publishing technical articles, Speaker at various Forums, Multiple Technical Courses/Seminars and IT Exhibitions

Awards: The World CIO 200 Award of Legend, Who is Who of Financial Technology

Contact this candidate