8/2/2019 Adnan Abbas Information Sec Professional

http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 1/3

1

 Adnan Abbas

Information Security Professional, [ITIL v3F, CobiT 4.1, C|EH, ISO 27001 LA Qualified]

(+92-333-9224853) , adabbas.is@gmail.com 

Personal Profile Solution oriented information security Professional and strong believer in continuous improvement with 5

years of professional experience in operational and strategic IT and Security Management, leadership and

change management in diverse organizations. Have worked in Government Sector and cross-cultural

teams providing guidance and support to Executive management teams and operational management

teams on all IT activities, including design, change and implementation, employee training & awareness

and communications. Also been involved in in-house information security trainings and consulting services

for number of projects and have solid background of delivering services up to the required standard.

Objective  Seeking challenging career in Information Security with a progressive organization. Passionate about therole that the Information Security can play in these times to drive and engage the talent in an organization.

Professional Skills& Competencies

Information Security

  Risk Assessment

  Compliance & Monitoring

  Policy Design & Review

  Vulnerability Management

  Business Process Analysis

  Security Awareness & Training

  Conducting Internal Audit and Assessment

  ITIL/IT Service Management

  Threat Modeling

  Application Security Testing

Career Achievements

  Establishment, Design & Compliance of Information Security Policies

  Conducted Risk Assessment based on ISO 27001:2005, ISO 27005 & NIST 

  Conducted Information Security Management Review Meetings of the organization and suggested for

improvement of organizational systems, policies and operating mechanism. 

  Developed & Conducted Internal ISMS Audits 

  Experience in Information Security management with expertise in:

  Governance

  Technical implementation

  Technical evaluation & assessment

  Compliance Management

8/2/2019 Adnan Abbas Information Sec Professional

http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 2/3

2

Professional Experience

Fatima Group of Companies, Lahore as IT Security Officer

Dec ’11 to till date

  Responsible for GRC (Governance, Risk & Compliance).

  Analyzing Information Security policies & procedures with a view to improve the overall workflow of the information

systems procedures and processes, particularly focusing on business use.

  Conducting Security Awareness Training Programs.

  Working on implementations of best practices throughout the organization and developing strategies for continual

improvement.

NADRA, Govt. of Pakistan, Islamabad as Network Engineer Information Security

 April ’09 to Dec 2011

  Responsible for management of Information Security Governance acting as Team Lead.

  Policies’ Review: Analyzing Information Security policies & procedures with a view to improve the overall workflow of the

information systems procedures and processes, particularly focusing on business use. Working with technical team, as a

domain expert, for designing and reorganizing the different sections of the information system.

  Provide support & deliver metrics to Senior Management and Executives with analysis.

 Working closely with Higher Management for all initiatives, process and plan enterprise wide

  Initiated and implemented Information Security Policies and Risk Management

  Completion of successful audit of NADRA Networks Directorate for ISMS Certification

  Ensuring systems are operated, maintained, and disposed of in accordance with internal security policies and practices

outlined in the security plan.

  Applying security risk assessment methodology to system development to work on threat model development,

vulnerability assessments, web application security testing and resulting security risk analysis.

  Provide Security Risk Assessment & Compliance Services, IT strategic planning, IT risk management, business process

analysis, information and network security, information systems audits, business continuity management, information life

cycle management and information technology service management.

  Conducting Security Awareness Training Programs

  Responsible for Team development, Motivation and Retention

  Take part in strategic level Information Security related decisions and work as change agent for Organizational

Development

  Working on implementations of best practices throughout the organization and developing strategies for continual

improvement

Punjab Information Technology Department, Lahore as System/Network Admin

Mar ’08 to Feb ‘09 

  Maintenance and Configuration of LAN/WAN.

  Conducted Workshops/Trainings/Labs and Intermediate Short Course for Government Employees, E-Government Project.

  Implementation of various Provincial Projects, monitoring the status and daily reporting.

  Designing and implementing security tests in accordance with Government stated criteria.

  System Administration included Antivirus Update, Security Patches, and other security relevant issues.

Emerging Systems, Islamabad as System/Network Support 

8/2/2019 Adnan Abbas Information Sec Professional

http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 3/3

3

 Aug ’05 to Apr’07 

  Advising and providing support to staff & management on the operational issues of Linux platform.

  Coordinate with customers and handle all issues

  Responsible for Installation/Configuration & Monitoring of Systems/Servers

 Al Khair Medical Center as Asst. Prog. & Network Support 

 Aug ‘04 to Jul ‘05 

  Responsible for Web portal maintenance and updating

  Worked on Sql Sever 2000 and Windows Server 2000

MCS, NUST as Guest Speaker

May ‘10 

  Guest Speaker on ITILv3 Foundation Course at MCS,NUST

Qualification

MS Information Security 2005-07

National University of Sciences & Technology (NUST), Islamabad

Bachelor of Computer Science(BCS Hons) 2001-05

NWFP AGRICULTURAL University, Peshawar

Personal Skills & Competencies

  Solid Communication, Interpersonal skills

  People Management and Analytical skills

  Excellent planning, Report writing, Negotiating and Presentation Skills

Trainings/Workshops Attended

  “ISO 27001:2005 Lead Auditor training course” from SGS Pakistan 

  “APTC Certified Ethical Hacker Training” from Trillium Info Sec Systems

  “Attended a workshop on National Conference on Information Assurance NCIA 2010” NUST

  “Linux Fedora 8 Intermediate” from Emerging Systems Islamabad 

  “Sun Solaris 10 Intermediate System Admin Training” from SEECS NUST Islamabad