Fizza Khan Email and Phone Number

➢ Generate and deliver custom reports for auditing and management reviews➢ Collaborate with auditors to ensure compliance with regulations➢ Develop and communicate policies, procedures and standards➢ Provide evidence and process documentation as needed➢ Assist other team members to ensure successful IAM program delivery and design compliance➢ Effectively communicate and educate team members on cyber security and IAM strategy➢ Work as a liaison between Global Identity Access Management Team and Audit Team

➢ Experienced in leading projects related to PCI Compliance, including network security audits, access controls, and encryption audit ➢ Hands-on knowledge of regulatory compliance initiatives e.g., New York DFS cybersecurity regulation (NYDFS), Payment Card Industry (PCI), and Health Insurance Portability and Accountability Act (HIPAA)➢ Contribute to IT Security Program maturity and compliance assessments based upon industry standards and best practices including HIPAA, ISO, NIST, and HITRUST➢ Assist with SOC2 process including review of request list, support internal and external auditors throughout all phases of audits, such as audit preparation, execution, audit reporting, and follow-up/closure➢ Assist with security risk assessments that are in line with our corporate policy to ensure that Wintrust Financial Corporation assets are properly protected➢ Support security awareness programs, including design and conduct phishing tests and incident response exercises to educate employees and contractors about potential threats➢ Validate and monitor gaps identified during the vendor risk assessments, due diligence, and ongoing monitoring to support adherence to vendor risk management policies

➢ Work with IT and business process subject matter experts to identify process improvement recommendations➢ Develop working relationships with business and clients as the single point of contact for GRC solutions➢ Provide production support of existing security roles and functions

➢ Conducted periodic reviews of Security Standards, Procedures, Policies, and Guidelines. Performed gap analysis versus industry standards such as NIST and ISO27001➢ As a Governance, Risk and Compliance SME, provided guidance related to SOX compliance; supported all aspects of SOX Compliance on IT General Controls (ITGC)➢ Lead projects related to SAP GRC Access Control, Process Control, Risk Management, and Audit Management➢ Developed and sustained an operationally efficient Vulnerability Management Process➢ Participated in projects, programs, and initiative to ensure implementation of and adherence to the company’s information security technology policies, procedures, processes, and technologies➢ Assisted with coordinating the build-out of IAM connectors to requested applications or systems➢ Provided support with respect to requirements gathering, project management and delivery of one or more Identity platforms, such as SailPoint (Identity IQ)➢ Assisted with User Access Reviews, Change Management assessments and collaborate with internal and external auditors during audits➢ Lead functional staff through the IAM engagement lifecycle for strategy, design and implementation engagements.➢ Implemented Role Based Access Controls (RBAC)