• Serving as the Product Owner in the Scrum team, leading the development of the Governance, Risk, and Compliance (GRC) software tailored for Cybersecurity framework implementation • Successfully led the implementation of ISO 27001 standards at iSecureData, establishing a robust Information Security Management System (ISMS). Oversaw the integration of best practices, controls, and policies to enhance the organization's security posture. • Fulfill the role of Project Manager, efficiently overseeing all projects at iSecureData. Employ advanced project management methodologies to ensure seamless execution, timely delivery, and optimal resource utilization. Consistently meet or exceed project objectives and client expectations.

• Directed a precise penetration testing project adhering to PMBoK principles, showcasing strategic implementation in communication, scope, resource (expert-focused), and time management. • Led a proficient team utilizing tools like BurpSuite, WPscan, Metasploit, SQLMap, Nessus, OpenVAS for comprehensive testing. • Analyzed findings to propose rigorous hardening measures and configuration enhancements based on administrative or technical aspects of the mitigation plan. • Applied a sophisticated approach to adapt reports and technical explanations, emphasizing clear communication through a detailed executive summary. • Executed a meticulous follow-up process, ensuring validation and obtaining consent for all activities performed.

• Conducted operational IT reviews across 20+ domains, including comprehensive assessments of Data Management Processes and System Infrastructure. • Evaluated the maturity and effectiveness of existing controls to gauge the state of IT Governance, Risk, and Compliance, ensuring alignment with sound business practices. • Proposed 50+ action plans encompassing administrative, managerial, and technical measures, culminating in a prioritized roadmap for enhancing the organization's security management.

• Acting as a right hand for the CISO, spearheaded the successful implementation of Information Security Management System (ISMS) framework based on ISO 27001 standards at the Central Bank, securing ISO 27001:2013 certification. • Evaluated and mitigated 400+ IT risks using ISO 27002 controls. • Performing BIA (Business Impact Analysis) for 30+ critical processes. • Inventory existing security controls, including administrative, process, and technical controls, and compare against that baseline control framework (ISO 27002) to identify missing controls. • Assessing the level of SWIFT Cybersecurity risk for customers and performing gap analysis according to defined system architecture known as Customer Security Program (CSP) • Customized 100+ security forms, checklists, working instructions, and procedures for efficiency in security operations • Delivered tailored security awareness training to 200+ IT crews, fostering a compliance-focused culture • Developing 40+ IT incident handbooks and conducting related drills • Optimizing 10+ core procedures (e.g. change management, vulnerability management, request handling, laptop allocation) • Participating in C-level sessions and presenting the key benefits of ISO27001 and answering their concerns about effectiveness of controls and security plans, • Establishing a comprehensive monthly security reporting framework, enhancing transparency and communication with executive stakeholders

• Distinguished Project Manager overseeing a diverse portfolio, encompassing ISMS, Network Security, Pen Testing, Security Strategic Planning, Data Center Design/Implementation, and Cybersecurity consultancy for a clientele of 30+. • Successfully orchestrated the implementation of ISO9001, ISO20000, and ISO27001 at Pardazeshgaran.com, obtaining certification from UKAS in Great Britain. • Recognized for delivering 20+ professional certification training sessions for clients, including ISO 27001 Foundation, Lead Implementer, and Lead Auditor

• Orchestrated seamless end-to-end ISO 27001 standard implementation, enhancing the organization's information security landscape. • Conducted comprehensive BIA and Information Risk Analysis, implementing controls from ISO 27015:2012 and ISO 27001:2013 across Headquarters and 10 branches. • Led the development and testing of a robust incident response plan based on NIST SP 800-61, ensuring swift and effective responses, minimizing damage, and reducing downtime. • Established a culture of continuous improvement, consistently refining information security policies, procedures, and controls to meet evolving threats. • Collaborated in the implementation of Security Information and Event Management (SIEM) solutions, enhancing real-time detection and response to security incidents. • Contributed to the implementation of risk mitigation plans, providing security advisory services, preparing RFPs, participating in vendor selection, and engaging in project management. • Conducted training for 100+ employees, including IT crews, managers, and branch clerks, ensuring adherence to ISO 27001 obligations.

B.R.H founded in 1997 with the aim of producing comprehensive banking software and during the years known as a banking solutions provider. • Spearheaded ISO 27001:2013 certification, fortifying the Information Security Management System (ISMS) for Internet Banking Software across 17+ financial institutions, yielding a marked decrease in security incidents. • Expertly mapped security controls to regulatory requirements, ensuring seamless compliance with industry standards. • Formulated a precise RFP for penetration testing services, leading to vendor selection and the remediation of 20+ critical vulnerabilities in the network. • Conducted routine internal and external compliance audits, leveraging PCI DSS and ISO 27001 frameworks, validating adherence to rigorous security and regulatory standards. • Instrumental in the organization's attainment of ISO 27001:2013 certification, showcasing commitment to best practices and excellence in security governance.

• Translated 15+ information security standards, predominantly from the 27xxx family, into the local language. Standards include 27000:2014, 27001:2013, 27002:2013, 27010:2012, 27013:2012, 27014:2013, 27015:2012, 27016:2014, 27019:2013, 27032:2012, 27033-2:2012, 27033-3:2010, 27033-4:2014, 27033-5:2013, 27036-1:2014, 27036-3:2013, 27037:2012, 27038:2014, 29115:2013, 19772:2009, 18028:2005, 9797-2:2011.

• Successfully implemented ISO 27001:2013 and ISO 27015:2012 standards, demonstrating commitment to robust information security frameworks. • Conducted in-depth assessments of 300+ IT risks, delivering 60+ meticulous mitigation plans, including oversight of 10+ infrastructure projects to enhance security posture. • Applied expertise in OWASP to develop baseline security controls for the Internet Banking Application, ensuring alignment with stringent business requirements. • Analyzed and optimized Cisco ASA firewall configurations, implementing advanced features like intrusion prevention systems (IPS) to fortify defenses against network-based attacks. • Deployed custom tool for advanced endpoint protection, ensuring comprehensive coverage against malware, ransomware, and advanced persistent threats. • Implemented a customized PAM solution, enforcing least privilege principles and providing vigilant monitoring and control over access to critical systems. • Spearheaded the implementation of multi-factor authentication (MFA) and bio-metric access controls for physical entry into the server room, elevating overall security measures. • Successfully deployed high-resolution CCTV cameras (Axis) with motion detection capabilities, enhancing surveillance for heightened security awareness.

• Proficiently implemented ISO 27001:2013, leading to successful certification. • Conducted in-depth assessment of 150+ IT risks, providing 30+ mitigation plans across 10+ infrastructure projects. • Established and maintained security configuration baselines for OS on servers, clients, and network equipment, using CIS images and checklists. • Conducted asset identification and vulnerability assessments using tools such as Nmap, Wireshark, and Nessus, resulting in the identification and remediation of weaknesses in server configurations and software installations. • Deployed and trained on 10+ Cybersecurity solutions and tools, including implementing VeraCrypt for critical server and storage device encryption.

• Successfully implemented ISO 27001:2005, showcasing a commitment to international standards in information security. • Conducted a comprehensive assessment of 200+ IT risks, formulating and implementing 40+ mitigation plans, with a focus on 10+ infrastructure-related projects. • Implemented network segmentation through VLANs and firewalls, leveraging Cisco switches and Cisco ASA firewall technology to enhance overall cybersecurity. • Established an efficient patch management framework utilizing MS-WSUS, ensuring timely and effective updates across the IT infrastructure. • Led security assessments for Supervisory Control and Data Acquisition (SCADA) systems, utilizing customized checklists to identify and address vulnerabilities. • Spearheaded the development of incident playbooks and successfully conducted disaster recovery drills, enhancing organizational resilience and response capabilities.

• Conducted thorough information security assessments for 30+ branches, scrutinizing 400+ checklist items. • Documented the current state of IT security, encompassing physical evaluations of buildings, racks, and server rooms. • Leveraged advanced tools including Nmap, WireShark, LANSweeper, and Nessus for network testing, asset identification, and vulnerability analysis. • Applied CoBIT methodology to analyze IT administration processes, providing optimization recommendations for heightened efficiency.

• Accomplished ISO 27001:2005 implementer and certified assessor. • Evaluated 200+ IT risks, delivering 50+ mitigation plans, including oversight of 10+ infrastructure projects. • Authored comprehensive incident response playbooks for unauthorized access, improper usage, malware outbreaks, and Denial of Service, conducting regular drills. • Led a proficient team in day-to-day Cyber incident responses. • Executed impactful security awareness training programs. • Implemented risk mitigation plans aligning with ISO 27001 and NIST 800-53 controls.

• Conducted enterprise IT risk assessment and ISO 27001:2005 gap analysis, • Interviewing key staff and executives, reviewing documentation, and utilizing technical tools for network scans and IT asset management. • Evaluated 150+ IT risks, implementing 30+ mitigation plans, including oversight of 10+ infrastructure-related projects. • Designed streamlined forms and procedures for critical processes such as change management, user on-boarding and off-boarding, third-party evaluation, NDA implementation, laptop allocation, software installation, incident reporting, and server room management. • Successfully devised a comprehensive roadmap to enhance the organization's overall security management.

• Conducted comprehensive assessments of server rooms, aligning with TIA 942 standards and utilizing customized checklists for physical access and environmental monitoring. • Successfully executed a Threat Risk Assessment (TRA), meticulously developing the approach and plan. Identified assets to safeguard, evaluated potential threats, assessed risk likelihood and impact, and recommended targeted measures to enhance security. • Conducted detailed assessments of Operational Technology (OT), utilizing customized checklists for PLCs, policies, and working instructions. • Evaluated and addressed 100+ IT risks, delivering 20+ mitigation plans, including oversight of 7 infrastructure-related projects. • Facilitated ISO 27001:2005 and Cybersecurity training for both IT and OT crews, ensuring a knowledgeable and security-aware workforce. • Implemented baseline security measures for servers and switches in both IT and OT environments, adhering to CIS standards.

• Formulated a comprehensive cybersecurity strategy and operational model, encompassing department structure, mission and vision statements, role accountabilities, responsibilities, and recommended resourcing strategies. • Conducted in-depth assessments of cybersecurity risks, culminating in the delivery of 30+ prioritized action plans over a 5-year period, outlining strategic risk mitigation measures and a roadmap for implementation. • Architected Identity and Access Management solutions for municipality software, governing physical access to server rooms and data centers, remote maintenance protocols for servers and network equipment, and the secure backup of critical files. • Demonstrated adept financial stewardship by effectively managing budgets and optimizing resource allocation, resulting in substantial cost savings.

• Successfully implemented BS 7799 standards for robust cybersecurity practices • Conducted training sessions for employees, IT staff, and managers, enhancing organizational cybersecurity awareness. • Executed thorough vulnerability assessments for software, servers, Cisco switches and routers, clients, and WiFi infrastructure. • Implemented baseline security measures for operating systems and hardware, ensuring a secure foundation. • Spearheaded the upgrade to ISO 27001:2005 standards, showcasing commitment to international information security standards. • Designed and implemented robust network security leveraging expertise in CCNA, CCNP, Active Directory, and Windows Server Configuration. • Developed impactful RFPs for LOM, LOS, and successfully managed deals and services, including CISCO equipment purchasing and configuration. • Assisted in the Identity and Access Management project, playing a key role in developing processes for validating user credentials and managing privileged accounts.

• Mentored and trained undergraduate students in research projects focused on network design, administration, and security. • Conducted lectures in Computer Networks, Information Security, Advanced Programming, and English for Computer Science students.

• Architected, coded, and implemented a comprehensive software solution for efficient management of Remote Maintenance Terminals (RMT) across all Telecommunication NEC Switches. • Conducted staff training for seamless integration, showcasing expertise in software design and implementation.