Summary
Overview
Work History
Education
Skills
Projects
Trainings
Timeline

Bilal Ahmad

GRC Auditing & Consultancy

Summary

I am an experienced Information System Auditor and GRC Consultant with a passion for helping organizations navigate complex compliance requirements and secure their assets. Over the years, I have successfully delivered consultancy and audit services across various frameworks and standards, including PCI DSS, COBIT, SAMA, NCA, NDMO, PDPL, and ISO 27001. My expertise lies in identifying vulnerabilities, ensuring compliance, and implementing effective security measures. I take pride in my ability to protect organizational assets and support my clients in achieving their goals.

Overview

10
10
years of professional experience

Work History

GRC CONSULTANT

GRC360
10.2023 - Current
  • Conducted comprehensive assessments, consultancy, and audits for compliance with PCI DSS, including detailed reporting on compliance status and necessary actions
  • Audited organizational information systems in alignment with ISO 27001, CIS Benchmarks, and NIST standards
  • Implemented and audited SAMA frameworks (MVC, CRFR, CSF), developing and executing audit plans to ensure regulatory adherence
  • Conducted risk assessments to identify, analyze, and evaluate organizational risks, developing and implementing mitigation strategies and management frameworks for continuous improvement
  • Developed and implemented Business Continuity Plans (BCP), conducting impact analyses and risk assessments, testing, and reviewing BCPs for effectiveness and improvement
  • Audited Cyber Threat Intelligence (CTI) programs, analyzed CTI processes to identify security threats, and provided recommendations for enhancing CTI capabilities and response strategies
  • Developed and implemented governance frameworks for regulatory compliance, providing strategic advice on risk management, compliance, and governance
  • Conducted training sessions and workshops to enhance organizational awareness and capabilities in GRC areas.
  • Conducted gap analysis exercises for clients, identifying areas requiring attention in order to achieve complete adherence to requisite standards.

MANAGER IS AUDIT

U MICROFINANCE BANK
06.2022 - 10.2023
  • Led IT Audit Initiatives by directing the IT Audit team in formulating and executing audit plans, encompassing risk assessment, scope definition, planning, execution, and analysis, leading to actionable recommendations for improvement
  • Conducted Security Assessments by investigating and auditing the effectiveness of organizational IT security measures
  • Performed Independent Security Reviews by delivering unbiased internal assessments of security controls and information systems to ensure robust cybersecurity
  • Executed Comprehensive IT Audits by ensuring all critical cybersecurity elements were thoroughly incorporated into the final audit report
  • Managed Network and Application Auditing by producing detailed reports on Servers, VPNs, LANs, WANs, Financial Applications, Core Banking Systems/Applications, Business Continuity, and Disaster Recovery Planning, while ensuring and verifying application controls and IT general controls.

ASSISTANT MANAGER IS AUDIT

NRSP MICROFINANCE BANK
11.2018 - 06.2022
  • Conducts comprehensive IT audits, evaluating operational and business risks, and assessing client interactions to define the scope and objectives of information security audits
  • Develops and executes annual information security audit plans to meet cybersecurity goals
  • Led major IT audit assignments including reviews of SIEM (IBM QRadar), network and firewall configurations, Microsoft servers, and Trend Micro Apex One
  • Conducted vulnerability assessments for NRSP's internet and mobile banking platforms
  • Suggested improvements for SIEM rule configurations, audited Palo Alto firewall and Cisco router logs, and recommended optimizations for Trend Micro's endpoint security features
  • Prepares and delivers detailed audit reports to internal and external stakeholders, summarizing objectives, scope, findings, and management responses
  • Ensures timely completion of assessment reports
  • Recommends enhancements to information security procedures to increase efficiency and improve internal controls
  • Conducts risk-based IT audits following industry standards, including PA/DSS, ISO 27001, COBIT 5, and CIS Benchmarks
  • Develops and implements IT governance frameworks, aligning Information Security policies with the NIST Cybersecurity Framework
  • Performs penetration testing and risk assessments to identify system vulnerabilities and strengthen controls.

IT SPECIALIST

BROADPEAK TECHNOLOGIES
04.2015 - 11.2018
  • Administered Barracuda Web Security Gateway, including policy creation, web security rules, and custom category definitions
  • Generated and reviewed monthly audit reports from Barracuda to ensure compliance with security policies
  • Managed monthly reporting for badge access servers to meet PCI compliance requirements
  • Conducted vulnerability assessments and security patch management for desktops, servers, websites, and mobile applications
  • Analyzed and monitored network performance using PRTG Network Monitor
  • Delivered security awareness training to end-users
  • Administered and supported Active Directory, Office 365 Cloud, and SharePoint environments, including DNS configuration and troubleshooting
  • Provided timely support as a member of the Windows Active Directory Domain Administrator Support Team, resolving authentication and LDAP issues
  • Collaborated with senior staff to address complex incidents and continuously improved Active Directory and Exchange architecture
  • Ensured the operational health of SharePoint online, including security, performance, and reliability
  • Maintained and configured MS Office 365, SharePoint sites, and Exchange infrastructure, troubleshooting issues as needed.

IT SUPPORT ENGINEER

ABSOLUTE SOLUTIONS
04.2014 - 04.2015
  • Administered Microsoft Server 2008 R2 and managed client systems using Active Directory and Domain Services
  • Provided network support to office staff, addressing network-related issues
  • Conducted weekly backups using Paragon Drive Backup software and performed Proof of Concept (POC) for disaster recovery solutions on client premises
  • Implemented and managed backup and recovery software, including Paragon Protect and Restore, within client environments
  • Updated and maintained both software and hardware systems to ensure optimal performance and security.

Education

Master of Science - Project Management

Shaheed Zulfikar Ali Bhutto Institute of Science And Technology, Islamabad, Pakistan
04.2001 -

Website: www.szabist-isb.edu.pk

Bachelor of Science - Computer Systems Engineering

Bahauddin Zakaria University, Multan, Pakistan
04.2001 -

Website: www.bzu.edu.pk

Skills

PCI DSS Compliance

Projects

PCI DSS Projects


1. TESS Payments
Dates: [November-2023] – [March-2024]

Successfully conducted PCI DSS v3.2.1 compliance project, including gap assessment and issuance of SAQ-D.


2. Tweeq
Dates: [December-2023] – [February-2024]
Provided PCI DSS v3.2.1 consultancy and audit services, including gap assessment.


3. Seapay
Dates: [January-2024] – [March-2024]
Completed PCI DSS v3.2.1 compliance project with a focus on risk management and compliance verification.


4. INET
Dates: [October-2023] – [May-2024]

Achieved PCI DSS v4.0 compliance through comprehensive consultancy and audit services and issuance of ROC.


5. Invest Bank (In-Progess)


5. Bank-Al-Bilad (In-Progess)


SAMA MVC-CRFR-CSF Compliance Projects


Clients: Wadaie, Mozn, Beehive, Tabby, Liva Insurance, Walaa Insurance, Salesfine

provided comprehensive audits, compliance assessments, and strategic guidance to achieve and maintain regulatory compliance.

Trainings

PCI DSS V4.0 Training
Completion Date: March, 2024
Training Provider: PCI DSS Council (Online)

Training Outcome: Completed advanced training on PCI DSS Version 4, gaining comprehensive knowledge of the latest compliance requirements, implementation strategies, and best practices for maintaining data security.


ISO 27001 Lead Auditor (LA) Certification
Completion Date: December, 2023

Training Provider: DAS Pakistan

Training Outcome : Completed comprehensive training on ISO 27001 Lead Auditor methodologies, including risk management, internal audits, and compliance strategies. Gained expertise in conducting audits and assessments to ensure adherence to ISO 27001 standards.


Certified Information Systems Auditor (CISA) Training
Completion Date: December, 2021
Training Provider: Inserito

Training Outcome: Developed comprehensive skills in auditing IT systems, assessing risks, and ensuring compliance, with a deep understanding of IT governance, system development, and asset protection, while also preparing thoroughly for the CISA certification exam.


Professional Web Assessment Training

Completion Date: December, 2020

Training Provider: NRSP BANK

Training Outcome: Gained expertise in evaluating web applications for security vulnerabilities, including hands-on experience with assessment tools and techniques, and covered web application architecture, common security issues, and mitigation strategies.


ITIL V4 Foundation Training

Completion Date: December, 2019

Training Provider: NRSP Bank

Training Outcome: Acquired foundational knowledge in ITIL V4 best practices for IT service management, including service value system, service management practices, and key concepts of ITIL.

Timeline

GRC CONSULTANT - GRC360
10.2023 - Current
MANAGER IS AUDIT - U MICROFINANCE BANK
06.2022 - 10.2023
ASSISTANT MANAGER IS AUDIT - NRSP MICROFINANCE BANK
11.2018 - 06.2022
IT SPECIALIST - BROADPEAK TECHNOLOGIES
04.2015 - 11.2018
IT SUPPORT ENGINEER - ABSOLUTE SOLUTIONS
04.2014 - 04.2015
Shaheed Zulfikar Ali Bhutto Institute of Science And Technology - Master of Science, Project Management
04.2001 -
Bahauddin Zakaria University - Bachelor of Science, Computer Systems Engineering
04.2001 -

Similar Profiles

CREATE PROFILE
Bilal AhmadGRC Auditing & Consultancy