I offer academic courses for universities and corporate sector depending upon my availability. I have taught following subjects at LUMS, IBA (Karachi) and SZABIST (Karachi).• Information Technology Management• Enterprise Project Management• Information Security, Audit and Control• Electronic Payment Systems• Business Information SystemsFollowing courses have been developed for future venues:• EU General Data Protection Regulation (GDPR)• Information Security & Risk Management• Information Technology Governance• Information Technology Strategies for Business Leadership• Integrated Governance, Risk & ComplianceCONSULTANCY SERVICESAs an independent consultant, I offer my services for the following:• EU General Data Protection Regulation (GDPR) Compliance Management• Planning & Implementing Information Security for ISO 27001 Compliance• Business Continuity Planning (BCP) for ISO 22301 Compliance• Planning & Implementing GRC through COBIT 5

• Translating the Board’s vision into strategic Information Technology policies and programs. Devising strategies for implementation of information security policies and developing information security processes and procedures in the light of ISO 27001, ISO 22301, ISO 20000, PCI-DSS and related guidelines while staying compliant with the corporate policies and the regulatory requirements. • Developing, reviewing and periodical testing of Disaster Recovery Plans/ Business Continuity Planing the light of ISO 22301, ISO 27001 • Formulating organizational technology risk landscape, reviewing and redefining risk mitigation strategies, to address the existing and emerging threats to business enabling IT infrastructure. • Ensuring Business and IT alignment for IT Governance in order to cater to changes in legislation, new regulatory requirements and enhancements in accreditation standards that affect mission critical business supporting information systems of the organization. • Ensuring work worthiness of entire incident management life cycle and escalate findings to senior management and addressing the weaknesses identified thereof. • Managing IT projects portfolio that includes massive data cleansing, business process management, local and global conformance to compliance requirements, and managing security awareness training of over 8000 staff members. • Overseeing of third party outsourcing partners to meet service levels (SLA’s), Key performance Indicators (KPI’s) and control commitments and ensuring vendor & supplier risk assessment and due diligence.• Monitoring proactive compliance of PCI-DSS standard requirements. • Evaluation of new technologies being planned for induction and upgrades of the existing ones to ensure meeting corporate strategic plans. • Liaise with government agencies and regulatory bodies.

Head, Technology ComplianceServing Allied Bank as Head, Technology Compliance, my primary role is to raise this new function, develop a technical compliance framework, hire and train staff, devise plans at strategic and tactical levels and align them with the bank’s strategic plan in order to ensure that the bank’s technology infrastructure and operations remain compliant to the regulators regime as well as conformed to the globally acclaimed and widely accepted IT, information security and GRC standards like, ISO 27001, ISO 22301, ITIL, PCI-DSS etc. This function is evolving to the satisfaction of the senior management as all the milestones set are being achieved in an orderly manner.Head Information Security and GovernanceEarlier, I raised the Information Security and Governance function on joining the bank in Oct 2006 that evolved and matured in about five years during which it contributed immensely to the information security landscape of the bank. Following are some of my major achievements in the bank:• Devised new Information Security Policy using ISO 27001, ISO 22301, ITSM and PCI-DSS frameworks and prepared the bank for ISMS, BCMS certifications.• Developed and directed an organization-wide information security awareness program. • Developed an incidence response strategy and post incidence review mechanism to ensure security incidents and related ethical issues are investigated and resolved without further disruption caused to the bank’s operations.• Reviewed DRP and BCP. Advised various stakeholders in developing new DRP and BCP using best practices in the wake of migration of its headquarter from Karachi to Lahore, relocation of alternate sites, migration of its core banking system from Unibank to T24, and up gradation of Data Centre and changes in the bank’s processes and technological infrastructure.• Managed enterprise-wide penetration testing and technology risk analysis exercises.• Acted as an interface between the BOD, the CEO.

During my tenure as Head InfoSec & Governance, the senior management assigned me an additional role of Head PMO to overhaul the PM function on scientific grounds following the PMI’s project management framework to make optimum use of the resources deployed and keep a 360 degree track of the events to prevent any further delays and potential losses to the bank. I was reporting project’s progress at CEO and board’s committee’s level and through their best support, we were able to implement new core banking solution (Temenos T24) while ensured smooth transition from legacy banking system (Unibank) to T24. Following were some of my contributions:• Established and managed a strategic Project Management Office (PMO) using PMI framework and the best practices on project management.• Served as Secretary on the eVision Committee reporting to the Board of Directors. This Committee is primarily responsible for taking strategic decisions on induction of state of the art technologies in the bank. • Served as Secretary on the Core Banking Project Sponsor Committee reporting to the CEO of the bank, primarily responsible for overseeing effective planning and timely execution of various phases and components of the new core banking solution (Temenos T24) implemented while ensuring controlled and disciplined migration from the legacy system (Unibank).