SYED M. IFRAHIM UR REHMAN

• Responsible for aligning Information Security Management System (ISMS) roadmap and implementing ISO 27001 across all functions of the organizations and across all 5 regions (PK, BD, LK, NP, MM)
• Monitor compliance and ensure enforcement with all PDPC, PCI DSS, COBIT, and NIST requirements as applicable to the organization
• Worked on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
• Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture
• Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
  Performed observations and evaluated supporting documents to supplement audit findings.
• Communicated technical vulnerabilities and remediation steps to developers and management
• Worked with application developers to validate, assess, understand root cause and mitigate vulnerabilities
• Ad-hoc activity: Secure source code & API testing of Alibaba cloud as per OWASP top 10 vulnerabilities.

IT Governance

- Have developed and helped in the communication and implementation of IT policies, procedures, and guidelines;
(ISO 27001:2013) including policy review, update, awareness, and monitoring;
- Responsible for the management, monitoring, and reporting of the systems and processes that support governance within ICT;
- Servicing and providing secretarial services to designated IT governance forums;
- Assist in performing IT Security Governance activities, IT process analysis and improvement, and IT governance reporting;
- Internal and external audit liaison (Management letters, audit findings);
- Identifying and addressing user education/awareness needs;

Information Security Audit Function

- Assessment of all current application systems in contrast to ISO 27001;
- Management oversight and direction for both physical and logical aspects of security, including information security;
- Coordinating and directing KE’s entire security framework;
Commissioning or preparing information security policy statements, ensuring their compliance with the policies approved by the Executive Directors, and formally approving them for use throughout KE;
- Periodically reviewing the security policy to ensure the efficiency and effectiveness of the information security controls infrastructure as a whole, recommending improvements wherever necessary;
- Identifying significant trends and changes to KE's information security risks and, where appropriate, proposing changes to the controls framework and/or policies for example by sponsoring major strategic initiatives to enhance information security;
- Reviewing serious security incidents and, where appropriate, recommending strategic improvements to address any underlying root causes;
- Reviewing and monitoring compliance with the policy statements and contributing to Internal Audit and Control Self-Assessment (CSA) processes;
- Organizing a security awareness campaign for personnel to enhance the security culture

IT Risk Advisory:

- IT Internal and External Audits (ITGC, Applications, Controls, Interface Testing, Report testing);
- Conducted Risk Assessments of KE infrastructure
- In-depth reviews of Business Continuity & Disaster Recovery Plans.
- Gap Analysis of IT policies and procedures against industry best / leading practices
Azure Cloud Security Review
- Network assessment as per CIS benchmarks.
ISO 27001 and PCI-DSS Compliance Audit.

• Developed vendor metrics derived from raw salesforce data to track improvements in organizational efficiency.
• Gathered, documented and modeled data to assess business trends.
• Recommended cash loss operational improvements based on tracking and analysis of Vendor data.
• Produced detailed and relevant reports for use in making business decisions.
• Evaluated current processes to develop improvement plans.
• Reviewed internal systems and organized training plans to address areas in need of improvement.
• Collected, organized and modeled data using QlikView & PowerBI
• Evaluated diverse organizational systems to identify workflow, communication and resource utilization issues.

• Document project plans, test plans, business process understanding, licensing information and prepared ERD
• Wrote maintainable and reusable Java code with a focus on security and privacy for mobile devices

• Collaborated with fellow engineers to evaluate software and hardware interfaces.
• Promoted experience with Kubernetes, Docker and Amazon Web Services.
• Developed robust, scalable, modular and API-centric infrastructures.
• Partnered with development team on product development and application support plans.
• Updated old code bases to modern development standards, improving functionality.