Mohamed Fiazuddin CISA|CCSP|ISO27001|CEH|
Dubai
Summary
Accomplished Information Security & ITGRC Specialist with extensive experience of nearly 13 years in Information Security, IT Governance, Risk Assessments and Cyber Security compliance across various standards and cybersecurity regulations. Effectively carried out Information Security/IT Compliance and Governance for more than 400 projects across various verticals such as Manufacturing, Insurance, Finance, Banking, Aviation, Telecom, Government, Health Care and Commercial sectors within UAE and India
Overview
12
12
years of professional experience
1
1
Certification
Work History
Information Security & ITGRC Compliance Specialist
IHS GCC Management Limited
10.2023 - Current
- Risk Assessments and ITGRC Compliance:
- During my tenure in IHS, I performed and managed Risk Assessment and Compliance review activities for 100+ Applications, Network and Infrastructure compliance review, Vulnerability and Penetration compliance, Incident and Change Management compliance, IT and Information Security Policies and Procedures compliance review activities. IT Service Management, Servers (both on-premise and cloud), and cloud compliance review activities.
- SOX RACM / ISO27001 Controls :
- Carried out Key Activities that includes ISO27001, ITGRC Risk Assessments, SOX RACM( Risk and Control Matrix) evaluation to manage SOX controls. Designed SOX RACM controls for new projects and applications
- Interactive Risk Management, Audit and Compliance Dashboards:
- Implemented Dashboards in Power BI for Information security and ITGRC activities such as Internal Audits, Risk Assessments and IT Technical compliance review activities for Top Senior Management's overview
Information Security Officer / Consultant
Paramount Computers-The Executive Council of Dubai
08.2018 - 05.2022
- Responsible for Implementation, Governance, and Management of ISR Regulatory and IS027001 Requirements, Key activities performed includes :
- Risk Assessment :
- Implemented Risk Assessment Framework and Facilitated Risk Assessment Processes, Identifying Critical Assets and Implementing Appropriate safeguards for all IT and Business Assets and Applications
- ISR/ISO27001 Control Implementation :
- ISR control implementation across sectors such as HR, Administration, Physical, Finance, ITSD, IT Networks and Servers , IT Datacenter and across various business units. Collaborate with cross-functional teams to enhance and maintain the organization’s information security posture
- Authored Policies and Procedures Documentation :
- Created more than 75 Policies and Procedures across the organization to comply with ISR requirements and signed-off from the Director and CEO of the organization
- Incident Management and Response :
- Document and report incidents to the Top Management on information security related incidents across the organizations. Identify the root cause and give advisory on the appropriate corrective actions to be taken :
- Information Security Projects :
- Initiated and implemented information security projects to comply with the ISR/ISO27001 controls, Projects include SIEM Tool Implementation, Data Classification Tool Implementation, Azure IRM - Information Rights Management, VA/PT Tool Implementation, Information Security Awareness Tool Implementation, Email Security and Endpoint Security solution implementation
- Third-Party Risk Assessments :
- Managed all vendors who are part of the organization, performing vendor risk assessment activities as part of due care and due diligence activities
Information Security Consultant
Paramount Computers - Dubai Airports
05.2017 - 09.2018
- ISO27001/ ISR / NESA Implementation :
- Ensuring compliance with ISR regulatory requirements for controls, clauses, and subclauses encompassing nearly 330 security controls
- Risk Assessments and Third-Party Risk Assessments :
- Created the framework and Performed InfoSec Risk Assessment, Vendor Risk Assessment,Awareness and Training, Incident Management Analysis across the organization
- Technical Compliance Reviews and Awareness:
- Security architecture and technical review of cybersecurity controls, and information security contracts evaluation
- Full support during ISO27001 and ISR external audits, security architecture, and technical
- Review of cybersecurity controls.
Information Security Analyst
Tata Consultancy Services
03.2016 - 09.2017
- Third-Party Supplier Risk Assessments :
- During my tenure with TCS was performing Vendor Risk Assessment for a Canadian Client - BMO (Bank of Montreal) to comply with PIPEDA regulation.
- Assessed more than 200 vendors for information security compliance risks
Information Security Auditor
Computer Science Corporation (CSC India) |
01.2013 - 03.2016
- Played the role of Corporate Internal Auditor for all the projects and support functions.
- Projects audited by me for compliance towards ISO27001 controls include Citibank, Barclays, AT&T, Kaiser, Pfizer, Zurich, GAP, GLIC, Esurance, Aon Hewitt, Chrysler Rite Sourcing, Truven Health Analytics, NHS-LDO, Telenor, Progressive Insurance, Lorenzo, and Telenor etc., carrying out baseline security audits as well as controls mentioned by the client as described in the client security requirements.
- Carried out corporate IS027001 audits and information security audits for support functions such as the Administration Department, Human Resources Department, service delivery
Education
Bachelor of Engineering - Information And Computer Systems
Hindustan College of Engineering
India05-2010
Skills
- Information Security Management
- Data Protection Management
- IT Security Risk Assessments, Gap Assessments, Third-Party Risk Assessments
- IT Governance Risk Compliance and Risk Mitigation
- ISO 27001, ISR, NESA, Q-Cert Standards and Frameworks
- ITGC, ISO22301, ISO27701 Standards and Frameworks
- NIST and CIS Controls
- SOX Compliance Assessments
- KPI's and KRI's Evaluation - Metrics and Measurements
- Cloud Security Review - Azure, AWS
- Authored ISR, ISO 27001 and IT Policies, Procedures,
Documentation
Certification
1. ISACA CISA : Certified Information Systems Auditor, 2021
2. ISC2 - CCSP : Cloud Certified Security Professional, 2022
3. EC-Council- CEHv9 : Certified Ethical Hacker, 2017
4. ISO27001 LA - Information Security Management Lead Auditor
5. ITILv9 - Information Technology and Infrastructure Library
Information Security Projects
Implemented Information Security Project Includes during 2018- 2025 :
1. GRC Archer - Third-Party Vendor Risk Assessments..
2. DLP - Data Leakage Prevention - McAfee DLP..
3. Data Classification : Get Visibility..
4. Email Security : Trend Micro Solution
5. Anti-Virus Solution : Trend Micro and Sentinel
6. SIEM Solution : Rapid 7 and LTS Secure
7. VA/PT Assessments : Qualys
8. Azure IRM - Information Rights Management
Timeline
Information Security & ITGRC Compliance Specialist
IHS GCC Management Limited
10.2023 - Current
Information Security Officer / Consultant
Paramount Computers-The Executive Council of Dubai
08.2018 - 05.2022
Information Security Consultant
Paramount Computers - Dubai Airports
05.2017 - 09.2018
Information Security Analyst
Tata Consultancy Services
03.2016 - 09.2017
Information Security Auditor
Computer Science Corporation (CSC India) |
01.2013 - 03.2016
Bachelor of Engineering - Information And Computer Systems
Hindustan College of Engineering
Similar Profiles
Jay WinterJay Winter
Area Manager at GCC Facilities ManagementArea Manager at GCC Facilities Management
ASEM KADRIASEM KADRI
Director of Franchisee's Affairs at LMI GCC, Leadership Management InternationalDirector of Franchisee's Affairs at LMI GCC, Leadership Management International
Puja KumariPuja Kumari
Analyst at AB-InBev GCC India Private LimitedAnalyst at AB-InBev GCC India Private Limited