Information Security Continuous Improvement
Resume:
Mohammad Alvi - B.S. ET
Austin, Texas
**.******@*****.*** 281-***-****
US Citizen
PROFILE
Experienced GRC and Cybersecurity Consultant with 14+ Years in GRC and IT Security included working in prestigious organizations such as the IMF, and Flock Safety. ISO 27001:2022 Certified Lead Auditor with a strong track record in implementing and managing cybersecurity frameworks. Skilled across multiple regulatory standards, including ISO 27001:2022, SOC 2, NIST 800-53, NIST 800-171, GDPR, HIPAA, and PCI-DSS. Expertise spans risk management, data protection, internal audits, compliance assessments, and certification readiness for effective information security.
Proficient in security risk assessments, control testing, regulatory compliance, and policy development to protect organizations from evolving cyber threats. Experienced in multi-framework compliance mapping, aligning practices with industry standards to ensure a robust security posture and regulatory compliance. Dedicated to driving security excellence and resilience through continuous improvement and adapting to new cybersecurity trends and standards.
TECHNICAL SKILLS
Audit & Compliance Data Privacy Infrastructure Security NIST 800-53 Project Management HIPAA / HITRUST Data Security Internal Audit Organizational Controls Gap Assessment CIA Triad Firewall ISMS OWASP Top 10 Risk Management Framework
(RMF)
CCNA GRC ISO27001 People Controls SOC2
Cryptography IAM-Sail Point IT Audit Physical Controls Training and Awareness Cyber Security Information Security Network Security Policies, Procedures, & Guidelines
Vulnerability Management
Information Security Audit
Consultant
Served as an Internal Auditor at the IMF through Santcore Technologies Inc., leading comprehensive security audits of both on-premises and cloud assets. Responsibilities included planning and executing audits, reviewing controls, validating remediation, and delivering detailed reports with actionable recommendations to enhance the organization's security posture. GRC Consultant Led SOC 2 readiness and ISO 27001 internal audits, conducting risk assessments, policy reviews, and ISMS development. Delivered audit reports, supported external audit engagements. Ensured alignment with regulatory standards such as PCI DSS, HIPAA, and NIST 800-53, while staying current on emerging cybersecurity threats to strengthen overall security posture.
GRC Consultant Performed end-to-end ISO 27001:2022 compliance services, including ISMS development, internal audits, risk assessments, and certification readiness. Conducted multi-framework control mapping (ISO 27001, SOC 2), policy reviews, and staff training. Managed incident response planning, maintained ISMS documentation, and ensured continuous improvement and regulatory compliance through active stakeholder engagement and cross-functional collaboration.
VOIP Security Engineer Installing, configuring, and securing VoIP systems, firewalls, and VPNs while monitoring network traffic for potential security threats. Skilled in implementing encryption protocols and managing user access. Enhance organizational security through staff training and thorough documentation of security measures and incidents. Page2of4
ISO Internal Auditor Implement and manage compliance with ISO 45001:2018, OHSAS 18001:2007, and R2:2015 standards within the IT sector. Execute secure data destruction for IT devices using industry-standard methods and maintain detailed inventory control of electronic assets. Oversee the secure handling and transportation of equipment, ensure electronics recycling practices align with environmental goals, and generate reports for internal and external audits.
Senior IT Engineer Oversee the installation, configuration, and maintenance of servers, networks, and IT infrastructure. Manage network components, provide advanced troubleshooting, and implement security measures to protect data and systems. Develop backup and disaster recovery plans, consult with vendors, and maintain comprehensive IT documentation. Technical Knowledge Understanding of TCP/IP, HTTP/HTTPS, Cryptography, and other networking protocols. Familiarity with security standards like NIST 800- 53, PCI DSS, Application Security, and OWASP top 10.
PROFESSIONAL EXPERIENCE
Information Security Audit Consultant – Washington, DC Jan 2025 – April 2025 Santcore Technologies Inc. – Client, IMF
Internal Auditor at IMF:
Appointed as an Internal Auditor at the IMF on behalf of Santcore Technologies Inc. to assess and enhance security practices within a globally respected financial organization known for its rigorous controls and complex operational environment.
Information Security Audit Execution: Conducted comprehensive internal security audits covering the Fund’s on-premises and cloud-based assets, ensuring alignment with internal policies and industry best practices.
Audit Planning and Execution: Collaborated with a team and led end-to-end audit activities, including planning, fieldwork, walkthroughs, document and evidence review, control testing, and validation of remediation activities.
Security Audit Reporting: Delivered structured audit reports outlining control effectiveness, identified gaps, and practical recommendations for strengthening the Fund’s security posture. GRC Consultant– Mountain View, CA Oct 2024 – Jan 2025 SOAProjects Inc. – Client, Flock Safety
SOC 2 Readiness & Gap Assessments: Led SOC 2 readiness and gap assessment, identifying control deficiencies and delivering a strategic roadmap for audit preparedness.
ISO 27001 Internal Audit: Conducted internal audit for Flock Safety’s infrastructure controls, evaluated evidence against ISO 27002, and provided recommendations to address non-conformities.
ISO 27001 Compliance Auditing: Conduct internal audits, identify areas for improvement, and recommend corrective actions for multiple organizations.
Information Security Management System (ISMS): Develop, implement, and maintain an ISMS in alignment with organizational and regulatory requirements.
Risk Assessment and Security Gap Analysis: Perform risk assessments, identify vulnerabilities, and develop mitigation strategies.
Information Security Policy Coordination: Ensure alignment with information security policies across various departments.
Audit Reporting: Prepare detailed audit reports documenting findings, non-conformities, and recommendations.
Staff Training and Support: Train and support staff on ISO 27001 requirements, fostering a culture of continuous improvement.
External Audit Assistance: Assist in external audits and liaise with certification bodies to maintain ISO 27001 certification.
Staying Updated on Security Trends and Threats: Keep abreast of the latest cybersecurity trends, threats, and attack Page3of4
methodologies through continuous learning and research to proactively address potential security threats.
Compliance and Regulatory Understanding: Ensure penetration testing activities and recommendations align with relevant compliance and regulatory requirements, including standards such as PCI DSS, HIPAA, & NIST 800-53. GRC Consultant– Hayward, CA May 2023 – Oct 2024
MG Environmental Consulting
Conduct Assessments: Performed comprehensive assessments to identify gaps in Information Security Management Systems (ISMS) relative to ISO 27001:2022 standard.
Develop ISMS: Designed, implemented, and maintained ISMS to meet organizational needs and comply with ISO 27001.
Risk Management: Conducted risk assessments and developed treatment plans to mitigate identified vulnerabilities.
Control Mapping: Created a multi-framework mapping that includes ISO 27001, SOC 2, and other standards to guide organizations in the effective management of their ISMS programs.
Policy and Procedure Review: Reviewed existing policies, procedures and evidences to ensure alignment with ISO27001:2022 controls
Training and Awareness: Delivered training programs on ISO 27001 standards and information security best practices.
Internal Audits: Conducted internal audits to ensure ongoing compliance with ISO 27001:2022 and identified areas for improvement. Created audit report and communicated non-conformities and areas of improvements.
Certification Preparation: Guided organizations through the ISO 27001 certification process, including preparation for stage 1 and stage 2 external audits.
Incident Management: Developed and implemented procedures to ensure timely and effective responses to security breaches.
Documentation: Maintained accurate documentation of all ISMS-related activities, including risk assessments, audit reports, and corrective actions.
Continuous Improvement: Monitored and evaluated the effectiveness of the ISMS and recommended improvements to enhance information security posture.
Regulatory Compliance: Ensured alignment with regulatory and legal requirements related to information security.
Stakeholder Communication: Collaborated with various departments and stakeholders to promote a culture of information security and ensure ISMS integration across the organization. VOIP Security Engineer – Houston, TX Aug 2019 – May 2021 VOIP Rings
Install and Configure Secure VoIP Systems, Firewalls, and VPNs.
Monitor and Analyze VoIP Network Traffic to detect and respond to security breaches.
Implement Encryption Protocols (e.g., SRTP, TLS) to secure voice communications.
Manage User Access and Multi-Factor Authentication for VoIP systems.
Develop and Maintain Incident Response Plans for VoIP security incidents.
Conduct Security Assessments and Coordinate Vulnerability Remediation to address identified risks.
Document Security Configurations, Policies, and Incidents to maintain comprehensive records. ISO Internal Auditor – Houston, TX Apr 2015 – Jul 2019 ABM System
R2 Compliance: Implementing and managing environmental, health, and safety management systems ISO 45001:2018, OHSAS 18001:2007 standards, and R2:2015 Responsible Electronics Recycling practices within the IT domain.
Data Security Governance: Executed and implemented secure data destruction processes for data containing IT devices, including servers, computers, hard drives, networking devices, and storage media, using industry- standard methods (DOD wiping, degaussing, and shredding).
Environmental Responsibility: Collaborate with the responsible recycling team to ensure that electronic recycling practices align with environmental sustainability goals.
Reporting & Audits: Generate comprehensive reports for internal and external audits to assess compliance with Page4of4
environmental and safety standards.
Senior IT Engineer – Houston, TX Feb 2010 – Mar 2015 ABM System
System Administration: Oversee the installation, configuration, and maintenance of servers.
Network Management: Manage and maintain the organization's network infrastructure, including routers, switches, firewalls, and VPNs.
Security Management: Implement and manage security measures to protect the organization's data, systems, and networks from cyber threats and vulnerabilities.
Backup and Recovery: Develop and maintain backup and disaster recovery plans to ensure data integrity and availability in the event of system failures or disasters.
Documentation: Maintain comprehensive documentation of IT systems, configurations, and procedures. EDUCATION
Bachelor of Science in Electrical Technology
University of Houston– Houston, Texas
CERTIFICATIONS
ISO 27001:2022 Lead Auditor (ISMS) HIPAA Certified Professional
Cisco Certified Networks Associate(CCNA)
Microsoft Azure Fundamentals(AZ-900)
AWS Certified Cloud Practitioner(CLF-C01)
Contact this candidate