CISA, CISM, CRISC, ISMS LA, CEH, CCP-N, ITIL®

He has more than 14 (fourteen) years’ experience in managing the IS Auditing and IT Security, Enterprise IT Service Management, IT Network, Business Continuity Planning and Disaster Recovery Planning. The Clients were Eastern Bank Limited, Banglalink Digital Communications Limited, Indesore Group, etc.

Broad knowledge of IT general controls, application controls and Information security control and IT Governance using Control Objectives for Information and related Technology (COBIT) and Val IT framework of ISACA (CISA), National Institute of Standards and Technology (NIST) of Institute of Internal Auditors (IIA) and other international standards and frameworks like COSO, ITIL, ISO 27001, PMBOK, Balance Scorecard etc.

Sufficient experience in developing IT audit plan, preparing audit program/charter and supervising team to perform all stages of audit activities following agile methodology; including planning, study, evaluation, testing of controls, evidence collecting and documenting; risk rating reporting; and follow-up for compliance. Experienced in Implementing, developing, maintaining and monitoring information security tool like PAM, IDS, NIPS, SIEM, DLP, WAF and etc. also perform vulnerability assessment and penetration testing through various tools, Nessus, Nexpose, Openvas, Metasploitable, Acunetix and etc.

Ensure that enterprise-wide security policies, process, procedure, guideline and controls are developed, reviewed, implemented, and maintained in such a way as to mitigate both organizational and compliance and regulatory risk. Review implementation of technologies, solutions, and processes to secure corporate applications, data, computers and networks.

Acute understanding of networking, operating system, database, hardware, application software, and data centers.

Sound knowledge in IT budget, procurement, vendor management, asset classifications, Inventory management (ITAM), and Data center.

Engaged with various BPO (Business Process Outsourcing) like enterprise support service, IT service and contact center. Due diligence and external consultancy to improve the IT environment for different clients.

Recognized and inspired the coworker, with keen sense of Leadership, Analytical Ability and ensure the delivery according to the scope of work during the project management such As Video Conference (VC), Web Application Firewall (WAF), Data Leakage Protection (DLP) Privilege Access Management (PAM), Security Information & Event Management (SIEM), Intrusion Detection System (IDS) and Network Intrusion Prevention System (NIPS).

Title of Vendor Certifications Achieved:

• Certified Information Systems Auditor® - ISACA
• Certified Information Security Manager (CISM) – ISACA
• Certified In Risk and Information Systems Control (CRISC) – ISACA
• ISO Information Security management Systems – ISMS-27001 Lead Auditor – PECB
• Certified Ethical Hacker (CEH) - EC-Council
• ITIL® Foundation - (PeopleCert Qualifications Ltd)