Experience

TimeXperts Pvt. Ltd.

• Pakistan
• Software Development
• 100 - 200 Employee

• Manager/ Lead IT Auditor

  • Mar 2021 - Present

  Performed internal gap analysis by considering multiple ISO standards i.e., ISO/IEC 27001:2022, 27017:2015, and 27018:2019 to ensure information security management, cloud security controls, and protect personally identifiable information (PII) in public clouds. Conducted periodic reviews of controls over logical access like user access management, and password parameter settings. Analysed and reported deficiencies in change management controls like authorization, approvals, testing, monitoring and segregation of incompatible duties. Show less



Kingston University

• United Kingdom
• Higher Education
• 700 & Above Employee

• Student Representative

  • Jan 2022 - Jan 2023

  Earned postgraduate degree in Network and Information Security with emphasis on detecting and mitigating cyber threats. Represented the interests of students for the MSc Program and acted as a conduit for communication between staff and students. Earned postgraduate degree in Network and Information Security with emphasis on detecting and mitigating cyber threats. Represented the interests of students for the MSc Program and acted as a conduit for communication between staff and students.



Dubai Islamic Bank

• United Arab Emirates
• Banking
• 700 & Above Employee

• Information System Auditor

  • May 2019 - Oct 2020

  Conducted IT audits, managed special projects and ensured alignment with annual IT audit plan to streamline IT operations. Analysed control discrepancies and identified areas for improvement highlighted in IT audits. Performed testing of information systems security and controls across diverse range of systems, including operating systems, Unix / Linux and Windows, databases, such as Oracle and SQL. Conducted IT audits, managed special projects and ensured alignment with annual IT audit plan to streamline IT operations. Analysed control discrepancies and identified areas for improvement highlighted in IT audits. Performed testing of information systems security and controls across diverse range of systems, including operating systems, Unix / Linux and Windows, databases, such as Oracle and SQL.



HABIBMETRO

• Pakistan
• Banking
• 700 & Above Employee

• IT Governance Analyst

  • Mar 2018 - Apr 2019

  Ensured compliance with industry standards and international best practices by reviewing and updating IT policies and procedures. Prepared presentations for IT Steering Committee and Board IT Committee to execute informed decisions. Assisted with IT audit management and conducted regular risk assessments to identify potential IT risks. Evaluated efficiency of existing controls and instigated corrective action plan. Collaborated with cross-functional teams to ensure integration of IT governance policies and procedures into organisational risk management and compliance programs. Show less



Deloitte

• Business Consulting and Services
• 700 & Above Employee

• Consultant - Risk Advisory - IT

  • May 2017 - Mar 2018

  Administered facilitation across planning of audit engagement and outlined scope of IT audits, as well as assessed clients' IT systems and identified potential risks / vulnerabilities. Reviewed policies and procedures, performed technical vulnerability scans, and conducted interviews with key stakeholders. Reviewed change management controls, such as authorisation, approvals, testing, monitoring and allocation of duties. Evaluated controls over logical access, privileged access management, user access management, logical access management, and duty assignment. Reported and communicated control discrepancies to executive management in form of external audit and gap reports. Show less



Nestlé

• Switzerland
• Food and Beverage Services
• 700 & Above Employee

• IT Executive

  • Nov 2015 - Apr 2017

  Performed IS coordination, such as ensuring compliance with GLOBE and reported information security violations. Ensured compliance with GLOBE and reported information security violations. Established Information Security Management System (ISMS) to provide framework for managing and protecting information assets. Assisted in implementation of compliance management framework, including reviewing compliance and monitoring compliance with organisational policies and procedures. Performed IS coordination, such as ensuring compliance with GLOBE and reported information security violations. Ensured compliance with GLOBE and reported information security violations. Established Information Security Management System (ISMS) to provide framework for managing and protecting information assets. Assisted in implementation of compliance management framework, including reviewing compliance and monitoring compliance with organisational policies and procedures.



Allied Bank Limited

• Pakistan
• Banking
• 700 & Above Employee

• Officer IT Governance and Assurance

  • Mar 2014 - Nov 2015

  Defined IT security policies and procedures from technical point of view based on regulations, industry standards and best practices. Devised access controls and user management protocols to restrict access of IT assets and information to authorise personnel. Defined IT security policies and procedures from technical point of view based on regulations, industry standards and best practices. Devised access controls and user management protocols to restrict access of IT assets and information to authorise personnel.