概要

I find myself very much responsible for my work. I always take ownership of my work. My work quality always shows my positive intent toward the organization’s growth. I am a team person and do not work in Silos. My career goals are always aligned with the organization’s strategy, way forward and growth plan. I have over 8 years of experience in Technology across different type of Institutions which includes Education Sector, Pharmaceuticals and Banking.

项目

Implementation of Mc Afee Data Loss Prevention

工作经历

公司标识
Senior Consultant Technology GRC
TechSurgeInc
Sep 2023 - 代表 | Karachi, Pakistan

• Leading Pakistan and Oman Technology GRC.
• Enhance collaboration and coordination with support functions like Audit, Operational Risk Management, and Information Security.
• Third Party Risk Assessments of Vendors based on Inherent and Material Risk.
• Establishing Group Technology Policy to comply with regulators across 9+ countries.
• Drive and work with multiple business IT units across Mashreq Bank (especially International Business Group) for defining, standardizing, and implementing robust IT risk management framework and control processes, etc.
• Coordination with Relevant regulators regarding their requirements and answers to their queries.
• Liaison with ExCo members of bank to achieve goals of Digital and IT strategy.
• Gap Assessment of Regulatory Frameworks like Cloud Service Provider, Enterprise Technology Risk Management Framework against Mashreq Bank IS Policy, IT Policy, Global Outsourcing Policy, and SOPs.
• Aligning Policies and SOPs for the Bank as per regulator ETGRMF (Enterprise Technology Governance and Risk Management Framework), CSP (Cloud Service Provider) Framework, etc.
• Ensuring compliance with Regulatory frameworks, guidelines, circulars, and Standards related to Data Privacy, Security, and Digitization.
• Managing effective engagement with external consulting organizations (including Big 4 and other key vendors) and internal key stakeholders (including IBG O&T Head, IBG Country Heads, ISG & ORM teams) across Mashreq Bank for end-to-end driving of IT Governance Risk and Controls related projects and related initiatives
• Conduct reviews of various IT Applications and services with IT GRC framework and identify gaps as per plan.
• Assisting Technology units to identify and document the mitigating controls to cover control gaps about technology environment & system applications.

公司标识
Senior Consultant Technology GRC
Tech Surge Inc
Sep 2023 - Apr 2024 | Karachi, Pakistan

• Leading Pakistan and Oman Technology GRC.
• Enhance collaboration and coordination with support functions like Audit, Operational Risk Management, and Information Security.
• Third Party Risk Assessments of Vendors based on Inherent and Material Risk.
• Establishing Group Technology Policy to comply with regulators across 9+ countries.
• Drive and work with multiple business IT units across Mashreq Bank (especially International Business Group) for defining, standardizing, and implementing robust IT risk management framework and control processes, etc.
• Coordination with Relevant regulators regarding their requirements and answers to their queries.
• Liaison with ExCo members of bank to achieve goals of Digital and IT strategy.
• Gap Assessment of Regulatory Frameworks like Cloud Service Provider, Enterprise Technology Risk Management Framework against Mashreq Bank IS Policy, IT Policy, Global Outsourcing Policy, and SOPs.
• Aligning Policies and SOPs for the Bank as per regulator ETGRMF (Enterprise Technology Governance and Risk Management Framework), CSP (Cloud Service Provider) Framework, etc.
• Ensuring compliance with Regulatory frameworks, guidelines, circulars, and Standards related to Data Privacy, Security, and Digitization.
• Managing effective engagement with external consulting organizations (including Big 4 and other key vendors) and internal key stakeholders (including IBG O&T Head, IBG Country Heads, ISG & ORM teams) across Mashreq Bank for end-to-end driving of IT Governance Risk and Controls related projects and related initiatives
• Conduct reviews of various IT Applications and services with IT GRC framework and identify gaps as per plan.
• Assisting Technology units to identify and document the mitigating controls to cover control gaps about technology environment & system applications.

公司标识
IT Internal Controls Manager
Habib Bank Limited (HBL)
Sep 2021 - Sep 2023 | Karachi, Pakistan

• Alignment of Policies and SOPs for the Bank as per regulator ETGRMF (Enterprise Technology Governance and Risk Management Framework).
• Technology Risk management and assessment of risks and maintaining Tech Risk Register.
• Maintaining the Cloud Service Provider Risk Register while implementing controls and evaluating Residual Risks.
• GDPR Compliance assessment for Belgium and other European countries (as and when required)
• Gap Assessment of Regulatory Frameworks like Cloud Service Provider, Enterprise Technology Risk Management Framework against HBL Global IT Policy, Global Outsourcing Policy, and SOPs.
• Creating and updating Dashboards on Power Bi to visualize all the reports for PMO, COBIT 2019 Implementation, and Risk Management.
• Quarterly dashboard of Critical Technology items; like No of Audit finding closed/pending, open Risks tagging department wise along with results of Self assessments completed on privileged accesses were reported to IT Steering Committee
• Closely working with the Information Security and Technology team for mitigation of risks or in case of extension in Risk Exceptions.
• Maintain MIS of IT Incidents along with Root Cause Analysis and to review the progress report of the action plan proved by the stakeholders.
• Submission of IT Incidents reports to Head IT Internal Control for Regulatory Reporting as per their circular on IT Downtimes.
• Maintaining Risk exceptions as a part of business needs and their follow-ups upon expiry or any management approved risk treatment plan.
• Maintaining IT Document Asset inventory for the timely renewal of Policies and Procedures.
• Incident Analysis in terms of risk to processes and Bank’s reputation.
• Maintaining KPIs to measure the performance of IT Processes by doing self-assessments as per IT Audit findings & Heat Map.
• Working with regulatory auditors and mitigation of findings.
• Awareness sessions were conducted as part of IRCR (Integrated Risk Control Repository) activity to identify risks in each function across IT in HBL.
• Performing Business Impact Assessment (BIA) and support for developing BCP for the technology units.
• Continuous Improvement of Policies, Procedures, framework (if required), and timely updating with the consent of business, IT, and other supporting functions.
• Self-Assessments of Change Requests (Emergency & Normal) on sample basis.
• Assisted Head IT Internal Controls on updating and maintenance of IT Risk register as no of Mitigations, Exceptions, addition of risks on monthly basis.
• Gap Assessment of Procedures is also part of my job to cater to all amendments for Local and International Regulator’s Framework and Circulars.
• Access Reviews of Bank’s 9 Major Applications (Level 1) are processed Biannually to mitigate unwanted risks and accesses.
• Reporting of Incidents as per new Digital Guidelines and IT/Cyber Incidents to State Bank of Pakistan.
• Creating addendums for HBL International locations with respect to their Regulatory requirements and Bank’s Global IT Policy.
• Majorly developed addendums to HBL IT Policy for UAE, Sri Lanka, Belgium, KSA, and Singapore.
• KSA’s SAMA Governance Framework compliance with HBL IT Policy and SOPs.
• Bank wide Technology Compliance assessment for Technology Risk Management from Monitory Authority of Singapore.

公司标识
IT Specialist
Novo Nordisk Pharma Pvt Ltd
Jan 2017 - Apr 2021 | Karachi, Pakistan

• Understanding the strategic business needs and plans for the growth of an organization.
• Liaising between the IT department and the Executive Committee.
• Analyzing the data to inform business decisions.
• IT Compliance Management with respect to Global Standards.
• Analyzing business needs according to Policies defined by HQ- Denmark
• IT Governance in terms of Policies and SOPs related to IT for all Field offices and Head office.
• Managing vendor queries as part of IT Procurement Process
• Managing Helpdesk Queries in Monthly Meetings in case of Escalation is required.
• Proactively ensures IT Documents are as per the Audit point of view.
• Support all events nationwide in terms of IT Infrastructure requirements.
• Slashed/negotiated 30% Discount with Telecom Vendor for our company-maintained mobile numbers and Cell Phones for all employees along with Data Devices.

公司标识
IT Specialist
HR First Pvt Ltd
May 2016 - Jan 2017 | Karachi, Pakistan

Inventory Management

Reporting to IT Manager on Daily Basis

Installing new Network hardware (servers, printers, computer work stations etc.)

Setting up user accounts, permissions and passwords.

Fixing network Problem

Technical support for people using the network

Coordination with Vendors for Repairing and Purchase IT Equipment

Proficiency in Configuring Outlook 2010 and 2013

Cisco Video Conferencing

Managing layer 2 and 3 Switches

Creating VLANs for proper optimization of Data usage.

Manage Network for external employees.

公司标识
Resident Engineer
Inbox Business Technologies (Pvt) Ltd.
Mar 2015 - May 2016 | Karachi, Pakistan

Rotation Shift Based.
Level-3 Network Support
Installing new software
Network based Multimedia Projectors
Installing new Network hardware (servers, printers, computer work stations etc.)
Performed Duties as Lab In-charge at IBA Main Campus
Setting up user accounts, permissions and passwords
Overseeing security of all systems and group policy issues
Fixing network Problem
Technical support for people using the network
Team work with staff on new systems
Day to day admin and monitoring of network use
Planning future improvements
Suggesting IT solutions to business problems
Making sure all IT meets industry standards
Team work with helpdesk staff
Coordination with Vendors for Repairing and Purchase IT Equipment.
Manage and Maintain accurate notes and maintain flow of technical information and prepare comprehensive assessment reports
ERP Support (level-1)
Monitoring of Paper Cut/Printing Server
Printing Reports of Network and USB based Printers.
Proficiency in Configuring Outlook 2010 and 2013
Configuring Office 365.
Providing help to users via Remote access(Remote Desktop Connection or Team Viewer)
 Inventory Management

公司标识
Internship
Pakistan Telecommunication Company Limited (PTCL)
Jun 2014 - Sep 2014 | Karachi, Pakistan

学历

PeopleCert
证书, ‎
ITIL
Completed
2021
C.T.T.C
短课程, Cisco Certified Network Associate‎
Telecom and Networking
Completed
2016
Mehran University of Engineering & Technology
学士, Bachelors in Engineering, Bachelors in Engineering‎
Commerece
CGPA 2.5/4
2013

技能

初学者 Risk Management

语言

中级 英语

Zafar 联系人

Waseem Ullah Memon
International Rescue Committee
Nazia Farrukh Syed
Pathfinder International
Zainab Siddiqui
itapx solution