Qamar Abbas

Qamar Abbas Email and Phone Number

Deputy CISO and Director- Information Security, Governance, Risk and Compliance @ KPMG Canada
Toronto, ON, CA
Qamar Abbas's Location
Greater Toronto Area, Canada, Canada
Qamar Abbas's Contact Details

Qamar Abbas work email

Qamar Abbas personal email

n/a
About Qamar Abbas

Qamar is a seasoned cybersecurity professional with over 20 years of experience in leading and transforming security programs for global organizations. Qamar is a Cyber Security Leader who combines technical expertise with a strategic mindset, emphasizing the ability to navigate complex security landscapes while aligning security initiatives with broader business objectives.Qamar has proven expertise in Security Governance, Risk Management, Compliance, Automation, Artificial Intelligence, and Data Governance. A strategic thinker with a track record of implementing robust security frameworks aligned with industry standards such as NIST, ISO, and SOC2.Collaborative and communicative leader, fostering a culture of security awareness and accountability. Proven ability to align security initiatives with business goals and communicate effectively with executive leadership and cross-functional teams.Key Competencies:1. Security Governance:• Spearheaded the development and implementation of comprehensive security governance frameworks, ensuring alignment with business objectives and regulatory requirements..2. Risk Management:• Led enterprise-wide risk cloud and on-prem assessments to identify and prioritize potential threats and vulnerabilities along with implementation of risk mitigation strategies, ensuring a balance between risk reduction and business agility.3. Security Compliance:• Successfully navigated organizations through regulatory landscapes by implementing and maintaining compliance with industry standards such as NIST, ISO, and SOC2.• Led regular compliance audits and assessments, ensuring adherence to data protection laws and industry-specific regulations.4. Automation and Artificial Intelligence (AI):• Pioneered the integration of automation and AI-driven solutions in security operations, optimizing incident detection and response.5. NIST and ISO Standards:• Expertise in implementing and managing security controls based on NIST Cybersecurity Framework and ISO 27001/27002 standards.6. SOC2 Compliance:• Orchestrated and implemented continuous monitoring processes to maintain SOC2 compliance initiatives, enhancing the organization's ability to assure clients of the security, availability, and confidentiality of their data.7. Data Governance:• Developed and implemented data governance transformational organization wide initiative to ensure the confidentiality, integrity, and availability of sensitive information.• Established data classification policies and access controls, promoting a culture of responsible data stewardship.

Qamar Abbas's Current Company Details
KPMG Canada

Kpmg Canada

View
Deputy CISO and Director- Information Security, Governance, Risk and Compliance
Toronto, ON, CA
Website:
home.kpmg.com/ca/en/home.html
Employees:
9904
Qamar Abbas Work Experience Details
  • Kpmg Canada
    Deputy Ciso And Director- Information Security, Governance, Risk And Compliance
    Kpmg Canada
    Toronto, On, Ca
    View
  • Kpmg Canada
    Deputy Ciso & Director- Information Security, Governance, Risk & Compliance
    Kpmg Canada Oct 2017 - Present
    Toronto, Canada Area
    Framework DevelopmentDevelop Multi-cloud & GRC framework inclusive of Cloud RACI structure covering Azure, AWS, and GCP platforms with alignment to NIST 800-53 rev5 & ISO 27001 guidelines ensuring solid cloud security posture. Data GovernanceLead Firm wide Data Classification initiative through providing leadership and management awareness & deep dive technical sessions to facilitate the adoption of data governance practices across the firm.Global StandardsCanadian CISO delegate for KPMG global standards adherence within Canada. AI (Artificial Intelligence)Champion AI governance principles within AI User forums.Stay abreast of relevant regulations and standards related to AI, ensuring compliance with data protection, privacy, and ethical guidelines.Security AutomationDevelop and implement comprehensive security automation use cases for Security Risk & Client queries response resulting in 90% efficiency. Cyber Security Regulation and Vendor AuditsDevelop and maintain a compliance roadmap that outlines milestones, timelines, and resource requirements for achieving and maintaining compliance with ISO, SOC 2, NIST, and Law 25.Establish and enforce compliance governance policies through key performance indicators (KPIs), ensuring alignment with Authority to Operate (ATO) for business and managed services and Canadian federal security standards and regulations.CSPM (Cloud Security Posture Management)Develop a strategic vision for the implementation and optimization of Prisma CSPM within the firm leading to significant improvement in firm’s cloud security posture. Security Operations (SEC-OPS)Define clear goals and outcomes for the PAM (Privileged Access Management) and Qualys implementation to enhance the firm’s security operational landscape.SIEM (Security Information and Event Management)Build and lead a cross-functional team of security analysts, engineers, and administrators responsible for implementing and maintaining Sentinel SIEM.
    View
  • Trackernetworks
    Principal, Cyber Risk Management
    Trackernetworks Mar 2017 - Sep 2017
    Toronto, Canada
    Financial Services: Developed the IT Governance Risk and Compliance framework in alignment with COBIT 4.1 for Technology Services enabling to streamline bank GRC processes.Oil & Gas sector: Developed Vendor Information Risk Assessment for Canadian Oil & Gas sector with key focus on Data Security along with leading and facilitating C Suite Risk workshops.
  • Ernst & Young Llp
    Senior Manager, Advisory Services
    Ernst & Young Llp Sep 2014 - Sep 2016
    Greater Atlanta Area
    Integrated ICFR Audits: Executive In Charge of various ICFR (Internal Control over Financial Reporting) Audits, worked closely with financial audit counterparts to define scope, execute, perform quality reviews and manage overall progress. Audits consisted of IT general control reviews of highly complex IT processes for financially significant applications across multiple platforms (UNIX, Windows, AS400) and testing programmed custom and vendor (SAP and Oracle) application embedded and configurable controls and IPEs (Information produced by Entity).IT Internal Audits and Enterprise IT Risk Assessments: Led IT Enterprise Risk Assessment for $5 Billion Global Manufacturing Concern. Developed 5 Year Internal Audit Road Maps and scoped each Internal Audit. Formulated Statement of Work for In Scope ITGC and SAP Application audits. Project Management Office (PMO):Project Management champion for Atlanta office to ensure ICFR excellence through application of project management (PM) principles to audits. Provided Training to entire IT Audit team (70+) for effective utilization of Project Management templates.
    View
  • Pwc
    It Governance Experienced Manager & Sap Controls Assurance Lead
    Pwc Feb 2013 - Aug 2014
    United Arab Emirates
    Advised large organizations in the government and private sector in identifying key technology risks posed to the organization and implement effective controls in reducing, removing and managing the impact associated with these risks. Specialized in SAP BASIS and Segregation of Duties and provides services to a wide range of local clients. Qamar has developed experience in the Oil & Gas, Consumer service and Health Care sector . Has experience in delivering end to end SAP Post Implementation review for large scale SAP environments with a user base of 150 plus.IT Risk ResilienceExperience in the implementation of maturity road maps for IT Governance controls frameworks, COBIT 5.Worked closely with senior leadership team to identify risks and mitigation strategies.Advised organizations on COBIT/ITIL frameworks with objective of performing Enterprise IT Risk Assessment.Governance & Controls AdvisoryProvided guidance to large private setups in designing effective IT governance forums through re-engineering of technology processes and formulation of key IT Strategy, Governance, Management, Processes, Policies, and Information Security.Benchmarked IT Governance, Risk , Processes and Procedures through utilization of proprietary IT Risk Diagnostic tool.SAP Security and ControlsDeveloped key automated Health care control solutions sets, used by the UAE practice for auditing SAP systems, primarily in relation to SAP Business Processes and BASIS.Delivery of SAP Post Implementation review and Internal Audits Delivery was inclusive of both audit and non audit clients focusing on recommending improvements to the SAP control environment.IT Internal AuditsDirected all aspects of IT audits, including planning, scoping, resourcing, execution, closing and report formulation. Drove high-level performance and productivity via Business Process/Service Management/Project Risk Assurance reviews such as Top Down & Bottom Up Reviews.
    View
  • Deloitte
    It Risk And Audit Manager Iii
    Deloitte Sep 2008 - Jan 2013
    Abu Dhabi, Uae
    As an IT Risk and Audit Manager of the Abu Dhabi Assurance & Advisory practice, managed entire portfolio of Abu Dhabi IT audit engagements (approximately 100+ clients) as part of the Financial Audit process along with Internal Audit assignments, Risk Assessments, COBIT/ITIL Maturity Assessments, and ERP (SAP & Oracle) Post Implementation reviews. Key responsibilities at a high level included: Managed IT Audit engagements for Aviation, Health Care, Government, Oil and Gas, Education, Five Star Hotel Properties, Automotive and Manufacturing Industries.Planned, scoped, budgeted, resourced, coordinated and managed External and Internal IT audit and controls assurance engagements. Planned scoping of Audit risk assessments, and managed the work of IT audit teams comprising of around 10 resources, reviewing testing documentation, working papers, conclusions, audit impact documents and finalizing audit files and reports for partner review.Formulated work programs for SAP and Oracle Access Security and Configurable controls for Mid East Regional Roll out. Presented IT Audit Conclusions to Audit Committees along with monitoring project economics, WIP and billing pipeline for audit fee collection and revenue reporting.Provided on-the-job coaching to team members and acting as a coach/mentor for assigned staff.Assisted Senior Managers and Partners in proposals, sales process, expanding Regional ERP practice and business development activities as well as various internal firm initiatives.
    View
  • Pricewaterhouse Coopers: Toronto - Canada
    Experienced Senior Associate
    Pricewaterhouse Coopers: Toronto - Canada Oct 2005 - Aug 2008
    Managed and participated in, third party assurance on internal controls (under section 5970 of the CICA Handbook) related to items and transactions processing for a leading Service concern in the Technology sector with processing centres in all provinces in Canada. The engagement involved Physical Security, Environmental controls, Change Management, Problem Management, Logical Security, and Computer Operations.Third party reviews and reporting (such as SAS 70 / Bill 198) for outsourced business processes and infrastructure.Formulated Information Security, Application, and Operational Policies and Procedures.IT control design and risk identification / mitigation reviews.Business Applications’ (SAP, Oracle, JD Edwards, and BASEL Banking applications) pre and post implementation reviews covering business process / application functionality controls, security controls (technical and segregation of duties) and implementation project reviews.Reviewed over all SAP R/3 security environment, including the review of security polices and procedures, overall process for user administration, profile creation and profile maintenance and security management.SAP R/3 Basis review through use of appropriate security analysis work programs and Big 4 proprietary software tools. Analysis of high-risk profiles and access to sensitive transactions.Reviewed SAP R/3 program change management process.Reviewed over all Oracle security environment, including user security administration (Roles based access control), processing/program management, user and data auditing, profile management and change control.
  • Td Securities: Toronto - Canada
    Credit Portfolio Management Analyst
    Td Securities: Toronto - Canada Mar 2003 - Sep 2005
    Managed Cross-functional teams of Developers, Business Analysts, Consultants and End Users regarding development and implementation of Re-engineered Business Processes from a Lotus Notes to Dot Net. Project Duration was over a Year. Developed and implemented procedures for integrating multiple credit applications into a single web application platform.Formulated entire Change Management procedures relating to implementation of BASEL II projects. Developed effective Test Manuals to ensure application is effectively tested prior to global Roll Outs.Formulated Project Budgets encompassing Resources, Deliverables, Proposed Cost, and Cost/Benefit Analysis and detailed Project Plans encompassing Key Milestones and Critical Path.Managed Risk Issues logs for all projects, ranked each risk in terms of High, Medium, and Low and set deadlines for High Risk corrective actions.Formulated Project Charter and managed Business Requirements to meet all BASEL II requirements going forward. For example, fields such as Obligor, rating, and facility were included.
    View
  • Ibm Canada
    Senior Technical Support Analyst
    Ibm Canada Sep 2002 - Mar 2003
    Developed Incident and Problem Management Policies.Developed Change Management and Support procedures utilizing In-House Methodologies.Developed functional documentation defining production severity procedures.
  • Pak Kuwait Investment Company
    Assistant Vice President
    Pak Kuwait Investment Company Mar 2001 - Dec 2001
    Developed 5 Year Strategic Plan for the Information Technology department, enabling the Information Technology department to add revenues to the company. Managed Web Site Development for Company and accomplished record milestones.Managed maintenance and support for Oracle Based Investment Banking Modules:Managed Development, Networking Administration and Business Analysts throughout various successful project lifecycles, for upto 6 employees.Managed relationship management with preferred hardware/software vendors.

Qamar Abbas Skills

Information Technology Sap It Audit Cobit Enterprise Resource Planning Business Analysis It Risk Erp Risk Assessment Risk Management Business Process Internal Controls Change Management External Audit Governance Sarbanes Oxley Act Management It Governance Sox Sas70 Internal Audit

Qamar Abbas Education Details

Frequently Asked Questions about Qamar Abbas

What company does Qamar Abbas work for?

Qamar Abbas works for Kpmg Canada

What is Qamar Abbas's role at the current company?

Qamar Abbas's current role is Deputy CISO and Director- Information Security, Governance, Risk and Compliance.

What is Qamar Abbas's email address?

Qamar Abbas's email address is qa****@****kpmg.ca

What schools did Qamar Abbas attend?

Qamar Abbas attended Wharton Online, Mit Sloan School Of Management, Wharton Online, Binghamton University - School Of Management, Isaca, Wharton Online, Wharton Online.

What skills is Qamar Abbas known for?

Qamar Abbas has skills like Information Technology, Sap, It Audit, Cobit, Enterprise Resource Planning, Business Analysis, It Risk, Erp, Risk Assessment, Risk Management, Business Process, Internal Controls.

Not the Qamar Abbas you were looking for?

View similar profiles

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.