adnan abbas information sec professional
TRANSCRIPT
8/2/2019 Adnan Abbas Information Sec Professional
http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 1/3
1
Adnan Abbas
Information Security Professional, [ITIL v3F, CobiT 4.1, C|EH, ISO 27001 LA Qualified]
(+92-333-9224853) , [email protected]
Personal Profile Solution oriented information security Professional and strong believer in continuous improvement with 5
years of professional experience in operational and strategic IT and Security Management, leadership and
change management in diverse organizations. Have worked in Government Sector and cross-cultural
teams providing guidance and support to Executive management teams and operational management
teams on all IT activities, including design, change and implementation, employee training & awareness
and communications. Also been involved in in-house information security trainings and consulting services
for number of projects and have solid background of delivering services up to the required standard.
Objective Seeking challenging career in Information Security with a progressive organization. Passionate about therole that the Information Security can play in these times to drive and engage the talent in an organization.
Professional Skills& Competencies
Information Security
Risk Assessment
Compliance & Monitoring
Policy Design & Review
Vulnerability Management
Business Process Analysis
Security Awareness & Training
Conducting Internal Audit and Assessment
ITIL/IT Service Management
Threat Modeling
Application Security Testing
Career Achievements
Establishment, Design & Compliance of Information Security Policies
Conducted Risk Assessment based on ISO 27001:2005, ISO 27005 & NIST
Conducted Information Security Management Review Meetings of the organization and suggested for
improvement of organizational systems, policies and operating mechanism.
Developed & Conducted Internal ISMS Audits
Experience in Information Security management with expertise in:
Governance
Technical implementation
Technical evaluation & assessment
Compliance Management
8/2/2019 Adnan Abbas Information Sec Professional
http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 2/3
2
Professional Experience
Fatima Group of Companies, Lahore as IT Security Officer
Dec ’11 to till date
Responsible for GRC (Governance, Risk & Compliance).
Analyzing Information Security policies & procedures with a view to improve the overall workflow of the information
systems procedures and processes, particularly focusing on business use.
Conducting Security Awareness Training Programs.
Working on implementations of best practices throughout the organization and developing strategies for continual
improvement.
NADRA, Govt. of Pakistan, Islamabad as Network Engineer Information Security
April ’09 to Dec 2011
Responsible for management of Information Security Governance acting as Team Lead.
Policies’ Review: Analyzing Information Security policies & procedures with a view to improve the overall workflow of the
information systems procedures and processes, particularly focusing on business use. Working with technical team, as a
domain expert, for designing and reorganizing the different sections of the information system.
Provide support & deliver metrics to Senior Management and Executives with analysis.
Working closely with Higher Management for all initiatives, process and plan enterprise wide
Initiated and implemented Information Security Policies and Risk Management
Completion of successful audit of NADRA Networks Directorate for ISMS Certification
Ensuring systems are operated, maintained, and disposed of in accordance with internal security policies and practices
outlined in the security plan.
Applying security risk assessment methodology to system development to work on threat model development,
vulnerability assessments, web application security testing and resulting security risk analysis.
Provide Security Risk Assessment & Compliance Services, IT strategic planning, IT risk management, business process
analysis, information and network security, information systems audits, business continuity management, information life
cycle management and information technology service management.
Conducting Security Awareness Training Programs
Responsible for Team development, Motivation and Retention
Take part in strategic level Information Security related decisions and work as change agent for Organizational
Development
Working on implementations of best practices throughout the organization and developing strategies for continual
improvement
Punjab Information Technology Department, Lahore as System/Network Admin
Mar ’08 to Feb ‘09
Maintenance and Configuration of LAN/WAN.
Conducted Workshops/Trainings/Labs and Intermediate Short Course for Government Employees, E-Government Project.
Implementation of various Provincial Projects, monitoring the status and daily reporting.
Designing and implementing security tests in accordance with Government stated criteria.
System Administration included Antivirus Update, Security Patches, and other security relevant issues.
Emerging Systems, Islamabad as System/Network Support
8/2/2019 Adnan Abbas Information Sec Professional
http://slidepdf.com/reader/full/adnan-abbas-information-sec-professional 3/3
3
Aug ’05 to Apr’07
Advising and providing support to staff & management on the operational issues of Linux platform.
Coordinate with customers and handle all issues
Responsible for Installation/Configuration & Monitoring of Systems/Servers
Al Khair Medical Center as Asst. Prog. & Network Support
Aug ‘04 to Jul ‘05
Responsible for Web portal maintenance and updating
Worked on Sql Sever 2000 and Windows Server 2000
MCS, NUST as Guest Speaker
May ‘10
Guest Speaker on ITILv3 Foundation Course at MCS,NUST
Qualification
MS Information Security 2005-07
National University of Sciences & Technology (NUST), Islamabad
Bachelor of Computer Science(BCS Hons) 2001-05
NWFP AGRICULTURAL University, Peshawar
Personal Skills & Competencies
Solid Communication, Interpersonal skills
People Management and Analytical skills
Excellent planning, Report writing, Negotiating and Presentation Skills
Trainings/Workshops Attended
“ISO 27001:2005 Lead Auditor training course” from SGS Pakistan
“APTC Certified Ethical Hacker Training” from Trillium Info Sec Systems
“Attended a workshop on National Conference on Information Assurance NCIA 2010” NUST
“Linux Fedora 8 Intermediate” from Emerging Systems Islamabad
“Sun Solaris 10 Intermediate System Admin Training” from SEECS NUST Islamabad