DLP & Data Classification & Privacy, ISO27001, EDR/XDR, SIEM, SOC, NGFW, VAPT, GRC, ISMS, Digital Forensics.

• Designing and implement an enterprise wide structured, ongoing risk assessment program based on Bank's Information Security Standards and industry best practices • Communicate risk management process, requirements and standards to all employees, through trainings and publications. • Coordinate risk assessment efforts with Senior Management, Information Technology, Internal Audit, Legal, Risk Management and other personnel • Communicate information Security risks and impacts to Senior Management • Establishing a process to identify, assess, monitor and track all Information security issues, till closure, arising from self-assessment, internal audit, external audit, SBP audit, risk and vulnerability assessment programs • Establishing process for risk treatment including risk acceptance • Prepare timely and appropriate response to inquiries from regulators and key stakeholders related to Information security risks • Monitor progress of investigations of security incidents and alerts • Managing an application and infrastructure Vulnerability Assessment program • Assist CISO in revising and implementation security policies and procedures • Define policies and procedures for adequate implementation of PCI DSS standard within the Bank • Ensure timely engagement of third-party consultants for implementation, validation and annual audit to ensure ongoing PCI DSS compliance • Ensure timely execution of annual risk assessment & quarterly vulnerability scans for cardholder data environment • Oversee development of Baselines & checklist for IS reviews • Devise mechanism for timely closure of observations raised during IS Reviews • Creating shift schedules to ensure 24x7 coverage by SOC support personnel • Assist CISO in matters related with the information security incidents, events & compliance • Lead 24x7 SOC team, foster innovation, & drive accountability within SOC Engineering • Build & maintaining professional relationships with IT, Digital Teams and relevant 3rd Parties

• Support and consult with management and infrastructure team in the area of information technology governance for the organization, ensuring adherence to policies and standards. • Assist in development of processes and controls to bring about necessary improvements in the existing processes. Assessment of effectiveness and efficiency of processes and controls. • To provide Technical advice on the implementation of new Technologies as well as operation, support, administration and high availability of existing ones with a view to meeting both present and future business needs. • To conduct a periodic audit/review of the infrastructure landscape against business capabilities and recommend changes, enhancements, upgrades or training to boost the capability. • Coordination with SBP, internal & external; and compliance with the internal stakeholders. • Managing Information Security, IT Governance, Risk Management, Audit Functions, Regulator Compliances and Security Awareness Programs. • Assist in establishing and Implementing the organization IT/IS Policy, SOPs, Procedures etc. • Ensuring organization best security, governance and risk management practices following NIST, PCIDSS, ISO 27001, ITIL etc. • Manage the development and implementation of the global monitoring standards, guidelines, and procedures to maintain information security control objectives. • Lead activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions.  Incident Management within IT & coordination with Information Security & respective stakeholders.  Risk Management within IT & coordination with Risk Management Group & respective stakeholders. • Coordinate and follow up with business, IT, Risk and Compliance functions of the bank for the resolution of IT GRC related issues. • Develop the presentations, white papers, proposals, different project status reports for the management.

 Involved in the development and implementation of Information Security Governance and Compliance program. Development, implementation, and enforcement of information security policies and procedures. Responsible for the security design of all departmental projects, developments, and integrations. Development and Implementation of Cyber Security Risk Framework. Development and implementation of an information security program based on global best practices that completely aligns with the business and organizational goals. The program include developing Cyber Security Strategy, Cyber Security Policy, IT Risk Management program, an effective organization wide Cyber Security Awareness and Training program and Security Operations Center. Official Trainer for the State Bank of Pakistan Cyber Security Awareness training program. Part of the World Bank Risk Assessment project for SBP, including specialized information security trainings, risk assessment and remediation exercises. Deployment and operations of SIEM solution. Vulnerability Management of SBP IT Infrastructure. Monitoring of real-time interfaces of critical security controls like NGFW, Email Gateways, IDS/IPS and endpoint protection solutions. Responsible for the procurement and technical evaluation of the Information Security Products. Reporting the cyber Risk statistics of the organization to the Senior Management. In addition, also providing recommendations, in order to bring down the risk score.

• Conducted IS Reviews of ITG, Debit Card Credit Card, WebTech, CFTUs, RTGS and Privilege ID's etc.• Data Center Infrastructure/Configuration Reviews and Implementation procedures.• Network and Infrastructure Risk Assessments and IS Reviews.• Preparation of list of threats and vulnerabilities for Risk Assessment.• Responsible to coordinate with IS coordinator/incident reporter to document and report security incidents/events.• Responsible to analyze and identify root causes. • Propose solution to prevent and avoid reoccurrence of such events.• Develop a lesson learn report and submit to senior management. • Documentation of Cyber-security Action Plan, Baseline Security and IT Security Procedures etc.• Preparation, suggestion to changes and reviewing the documents.• Ensuring the implementation of Security Baselines.• Policies/Procedures enforcement (Security Policy).• Preparation of Staff IS Awareness Trainings and Presentations (Information Security Awareness).• Review and periodic testing of Business Continuity and Disaster Recovery Plan.• Planning, Sizing, Licensing and POC of IBM QRadar, AppScan, Guardium, PIM, FIM and NATEK SIEM Solutions.• Vulnerability Assessment & Penetration Testing, ensuring Compliance.• Facilitating Regulator’s & 3rd party Audits, Security reviews & ensuring technical Compliance.• Co-source to the Audit Department.• Technical Assessments of Vendors for Qradar, Nessus and Penetration Testing etc.

Managing Network setup of 1000+ Branches, 800+ ATMs and 2 DatacentersAccountable for managing the delivery of critical IT/ Network projectsManage relationship with key vendors and service providersVendor selection & solution designing for any new business requirementManaging any change control request (CCR) related to network securityManaging Standard Operating Procedure (SOPs), Change Control Forms (CCFs) and Work PlansPerform and/or coordinate day-today activities to meet business needsEnsure management specific adaption in recommended solutionDesign & Implementation on Cisco Nexus 7k, Nexus 5k and Nexus 2k platformDesign & Implementation on Cisco 65k multilayer switching platformDesign & Implementation on Cisco Firewalls like ASA 5585x, ASA 5555x, ASA 5525x, FWSMDesign & Implementation on Cisco Defense Center, Fire Sight and Fire Power (NGFW)Hands on experience on management tools like Solarwinds orion suit, Cisco ACS, Cisco DCNM and Cisco CSMAccountable for delivering expected results to the management in accordance to business requirements and goals set forthA part of my job is keeping an eye on project performance e.g. scope, budget, schedule, risk, resources and qualityShares project experience and best practices, knowledge of project management tasks and tools with other project managersCommunicate and manage internal (e.g. procurement, finance, planning & development, establishment) and external (e.g. 3rd parties contractors, vendors) stakeholders during the projectsFiber Media Deployment (on 900+ Branches)Generate HLD, LLD, Network Ready For Use NRFU-TP, NIP and other technical documents.Point of contact for the support and troubleshooting of communication interface of SWIFT

• Managing Enterprise Security Portfolio• Monitoring and troubleshooting the network & LAN/WAN Security of Allied Bank Limited & its offices/branches• Plan, implement, verify and troubleshoot local and wide-area networks and work with specialists on advanced security • Implementation and verification of connections to remote sites in a WAN and mitigation of security threats• Design routed and switched network infrastructures and services involving LAN, WAN, and broadband access• Designing Local Area and Wide Area Networks• Successfully Online the Branches and ATMs of ALLIED Bank• Installations of different Series of Routers and Switches• Implementing IPSec on Cisco Routers & configuring TACACS/ VPN CONCENTRATOR• Support day-to-day administration of Juniper NS-208 and NS-5GT firewall • Supervising other staff, such as help desk technicians • Monitoring the LAN and Troubleshoot the network related issues of users • Coordination with vendors in installation & commissioning of Data network components • Coordinating with IT Centers for Connectivity related issues of their respective branches and shifting the branches from Dialup to other media (DSL\VSAT\WiMax) • Configuration and monitoring of different Network Management Tools to proactively react for any network outages • Working with other engineers, systems analysts, programmers, technicians and managers in the design, testing and evaluation of systems• Managing Enterprise Security Portfolio.

• Ensuring the health of the network and LAN/WAN Security of different clients of Apollo Telecom such as UBL, SBP, ARIF HABIB, BARCLAYS, Command and Staff College Quetta, Custom House, CBR, UBIT & PQA • Troubleshooting Network Access problems and implementing Network Security Policies and Procedures • Identifying and testing the Controls and, where appropriate, suggesting additional controls, which may be established to maintain the confidentiality, integrity and availability of information • Supporting day-to-day administration of Juniper SSG & Cisco ASA Firewalls• Perform immediate troubleshooting as the situation dictates for any and all Network outages as reported by clients• LAN & WAN Designing • Maintaining constant observance of Network Monitoring Tools to facilitate quick reaction to any Network outage • Proactively utilizing Network Monitoring Tools to isolate events before service degradation occurs• Creating Technical Documentation, Network Diagrams, Inventory Control Documentation, Security documentation • Applying Security Patches as required • Successful execution and support of Infrastructure projects as defined in objectives • Planning and Implementing future IT developments and undertaking project work

• Ensures network LAN/WAN security and protects against unauthorized access.• Installation and troubleshooting of different Series of Routers, Switches and Security devices. Cisco 7200/ 2800/ 1800 series routers, Cisco 6500/ 3650/ 2960 catalyst, TACACS, ASA, Peribit• Creating VPNs and implementing IPSec on Cisco routers. Troubleshooting IPSec, GRE, and SSL VPNs• Monitored the LAN (6500 series) and Troubleshoot the network related issues of users. Supervising other staff, such as help desk technicians• Coordination with vendors in installation and commissioning of Data network components• Monitoring & Troubleshooting different links of FR, ISDN, DSL, Radio, VSAT & DXX• Configuration and monitoring of Network Management Tools Cisco Works, PRTG, MRTG, Whats UP Gold and Solarwinds• Maintained 1LINK Services being placed at the ABN AMRO Bank• Administrated the NORTEL PABX and Voice Services of ABN AMRO Bank• Technically managed the entire Call Centre of ABN AMRO Bank• Administrating MIRRA and NICE Racal Recording Machines• IP Addressing, Configuring OSPF and Static Routes, Policy Based Routing, upgrading IOS and recovering lost passwords• Participated in network technology upgrade or expansion projects, including installation of hardware and software and integration testing• Provided high-level design services for inter-network architecture, which could include LANs, routed and switched WANs, and remote access networks• Prepared detailed network specifications, including diagrams, charts, equipment configurations and recommended technologies• Participated as member in various projects related to Network, Security, System Integration/Optimization and Disaster Recovery• Undertook routine preventive measures and implemented