Summary
Overview
Work History
Education
Skills
Certification
Languages
Personal Information
Professional Highlights
Timeline
Generic
Mohammed Asif Siddiqui

Mohammed Asif Siddiqui

Dubai

Summary

Senior Manager IT Audit with over 19 years of extensive experience, including 14+ years in the UAE. Specializing in delivering comprehensive IT and Cyber Security audits, proficient in anticipating, identifying, and managing IT risks, as well as executing detailed audit plans and strategies. Demonstrated expertise in IT audits, Cyber Security, Information Security, and IT Project Management. Skilled in IT risk assessment, policy development, and implementation. Well-regarded for ability to effectively prioritize tasks and excel in collaborative team environments. Knowledge of GDPR, ISR, NESA, ISO 27001, COBIT, and NIST compliance standards, with practical experience in Firewalls, Intrusion Detection Systems, and conducting Vulnerability Assessments & Penetration Testing. Experience performing Data Protection Impact Assessments and exhibit strong communication, problem-solving, and leadership abilities. Seeking opportunity to lead an IT audit/Cyber Security team and contribute to a company's culture of integrity, respect, and innovation.

Overview

19
19
years of professional experience
1
1
Certification

Work History

Senior Manager - Technology Audit

Dubai Holding
05.2023 - Current
  • Assist the Associate Director - Technology Audit in the formulation and execution of the risk-based audit plan for Information Technology (IT) platforms (Cloud (SaaS, PaaS, IaaS) & on-Premises) and Information Systems (IS) such as Salesforce, Oracle ERP & Fusion, Yardi, Mobile Apps, Websites, etc
  • Covering the various business units/ departments of the company and its affiliates
  • Actively contributes to the overall operations of the department by preparing periodic management reports/presentations for Audit Committee
  • Play a dynamic role in IT risk assessments and assist the Head of Department in the development of the IT audit plan for the various business units/ departments of the company
  • Plan individual engagements assigned, by (i) performing IT application/infrastructure/process understanding and documentation allowing identification of key processes and associated risks and controls; then (ii) prepare risk and control matrix and/or audit program to facilitate testing and meet engagement objectives
  • Prepare internal audit reports and corresponding presentation materials containing audit issues along with suggested action plans and business recommendations to allow the audit client to make the necessary improvements to its processes
  • Effectively support operational and financial teams on their assignments as and when necessary
  • Assist the Head of Department to champion information systems control, IT risk management and governance concepts throughout the business to assist management in such areas through consulting engagements and special projects
  • Participate in or lead any special audit assignments or fraud investigations mandated by the Head of Department or Audit Committee/ Board of Directors
  • Participate in the preparation of periodic reports and presentations to the Audit Committee / Board of Directors
  • Stay abreast of IT best practices both internally and externally with regard to auditing and in sharing them with other members of the audit team and the company, as a whole, if applicable
  • Ensure that detailed audit work is effectively focused on areas assessed as high risk, thus ensuring maximum payback from the assignment
  • Represents the Internal Audit function in meetings with external parties, including Government Audits (FAA), Dubai Electronic Security Council (DESC) and similar parties
  • Supports the head of department in optimization of Data Analytics, Continuous Audit Monitoring, Risk Management
  • Provided strong leadership to enhance team productivity and morale.
  • Led cross-functional teams to achieve project milestones and deliver high-quality results.
  • Established strong relationships with clients and stakeholders, ensuring long-term partnerships and repeat business.
  • Improved team performance by providing comprehensive training and fostering a collaborative work environment.
  • Collaborated closely with peers from other departments to drive organizational success jointly as one cohesive unit.
  • Managed large-scale projects and introduced new systems, tools, and processes to achieve challenging objectives.
  • Mentored junior staff members for skill development and career progression within the organization.
  • Achieved operational excellence by streamlining processes and implementing best practices.
  • Demonstrated exceptional adaptability in navigating complex situations or rapidly changing environments with ease.
  • Implemented innovative solutions to overcome challenges, leading to enhanced productivity levels.
  • Championed process improvement initiatives that led to significant cost savings without compromising on quality standards.

Digital Audit Manager

LEC
08.2022 - 04.2023
  • Review and evaluate the organization's internal controls, processes, policies, and mechanisms related to Digital & IT Infrastructure platforms, to ensure that they are adequate, effective and in compliance with Company IT Policies and Procedures
  • Support Head of Audit in establishing a world class audit function at MAF Entertainment that performs audits consistent that are closely aligned with MAF group strategy and objectives
  • Develop & Complete the Annual Audit Plan, assigned by Director IA, using a risk-based methodology, that considers significant risks or controls that have been identified by Management personnel
  • Manage and/or carry out Internal audits, special requests, consulting engagements and management requests and review the work performed to ensure the adequacy of audit scope, testing performed, and the accuracy of conclusions reached
  • Review and manage the work of the audit staff in identification, development, and documentation of audit issues and recommendations for improvement
  • Communicate the results, findings, and recommendations of audit projects through written reports and face-to-face presentations on a timely basis to the Senior Management
  • Primarily responsible for developing, establishing, and imbedding data analytics, data mining, advance measurement, and other analytical techniques within the Internal Audit Function
  • Assist Director IA in preparing Audit Committee presentation and other MIS reports
  • Assist the team with ad-hoc projects or management requests that arise, either in Technology, Compliance or Operational areas
  • Plan and schedules audits and reviews in consideration of staffing availability and audit priorities, sometimes managing multiple projects concurrently, including special ad-hoc investigations and consultancy work as may be requested by Director IA
  • Ensure timely and appropriate execution of audits ensuring adequate coverage of transactions (sampling as well as data analytics) performed by auditors
  • Perform advisory services beyond IA's assurance services, to assist Management in achieving it objectives such as GDPR implementation, Data Governance models, etc
  • Perform periodic appraisals for assigned resources
  • Recommend employee development and succession measures to Director IA for all IA staff
  • Knowledge and experience of implementing and managing audit management software - Teammate and reporting dashboard through Microsoft Power BI

Assistant Manager IT Audit

EMAAR Group
01.2019 - 07.2022
  • IT/Cyber Security Audit Planning, Execution & Reporting; IT Risk Assessment; Evaluation of Systems & Networks controls; IT Architecture Review; IT Project/ Cyber Security Audits; ERP, Application, Website, Leasing System & CRM Reviews; Cyber Security/ Information Security Projects Audit; Mobile Apps Review
  • Ensures that the internal IT/ Cyber audits under the audit cycle stated in the Annual Internal IT Audit Plan are properly executed to provide assurance to Audit Committee
  • Plan and schedules audits and reviews in consideration of staffing availability and audit priorities, sometimes managing multiple projects concurrently, including special ad-hoc investigations and consultancy works as may be requested by Senior Management
  • Ensures that audit report is prepared in a concise manner and that audit issues are placed in appropriate context with recommendations presented in a persuasive manner for proper implementation by the auditees
  • Manage oversight and monitoring of risk mitigation and coordination of policy and controls with group cyber security manager, to ensure that risk owners are taking effective remediation steps
  • Work directly with business units and other internal departments to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk
  • Review external cybersecurity risk assessments, analyze the accuracy of the findings and report on them with actionable recommendations to group cyber security manager and other stakeholders
  • Tracks and reports cyber security risk management trends, opportunities and remediations
  • Work remotely to oversee, input, collaborate and coordinate with audits undertaken by in-house staff or co-sourced with consultants
  • Performed and supervised various IT audits such as ITGC, Data Centre review, Network Security, Oracle ERP review of Finance, & Procurement modules, IT Physical Controls, Mobile Apps, Sales Force (Sales & Service Clouds), Leasing System, Avaya & Cisco Telephony, 3CX, Tenfold, MDM Integration Audits, Cryptocurrency, GDPR, Payment Gateways, Yardi, Opera, Data Lake, etc
  • Spearhead the rollout and maintenance of the group wide GRC platform and ensure best practices in terms of audit methodology as developed by the group are implemented in the GRC platform
  • Knowledge of working with TeamMate, RSA Archer, and Power BI

Assistant Manager - Internal Audit (IT)

DAMAC Properties
01.2016 - 01.2019
  • Developed comprehensive IT risk assessments and audit plans which address current business and technology processes, risks and controls, and best practices with Head of Audit
  • Prepared detailed audit report for IT internal audits, based on evaluation & control testing
  • Performed various audits such as ITGC, Data Centre review, Network Security, Oracle ERP review of Finance, & Procurement modules, Point of Sale (POS), Opera, Sun system, IT Physical Controls, etc
  • Responsible for implementation and administration of Audit & GRC solution named 'MKInsight.'
  • Compiles a vast array of data into an articulate report for the Audit Committee
  • Assumed responsibility as project leader for special IT projects and provides advisory and consulting services to management
  • Advised senior management by identifying critical security issues, recommending risk-reduction solutions
  • Partnered with Data Engineering team to research and experiment with emerging Data Quality Profiling technologies and tools associated to data quality, metadata, data governance
  • Defined Data Governance roles, accountability, and ownership and decision rights within organization
  • Promoted culture of data protection compliance across all units within the organization
  • Lead the highly successful Security Information and Event Management pilot program for DAMAC using LogRhythm SIEM to monitor internal/external threats; assessed process/hardware risks, identified threat vectors, identified security policies, and approved rules for LogRhythm SIEM
  • Managed Cyber Security projects such as Cyber Security Framework creation, Run book development for threat response, Incident response on Cyber Attack, SOP preparation for Cyber Attack
  • Reviewed & Evaluated Managed Security Solution Provider (MSSP) partners for DAMAC
  • Extensive knowledge and hands on experience on Cyberoam UTM, Trend Micro Office Scan Suite, Cisco Firewall ASA, SIEM, Forcepoint DLP, etc

Senior Information Systems Auditor

Galadari Brother Co. L.L.C
03.2013 - 12.2015
  • IT Audit Planning, Execution & Reporting; IT Risk Assessment; Evaluation of Systems & Networks controls; IT Architecture Review; IT Project reviews; ERP implementation & Post Implementation Reviews
  • Performed audits covering both business and IT processes
  • Performed IT risk assessment and participated in planning and design of IT audits
  • Performed audits such as Oracle ERP Project Management, Oracle ERP Post implementation review of Finance, HR, Supply Chain, & Vendor Management, Point of Sale (POS), Printing Press advertisement booking solution, IT Physical Controls, Website vulnerability assessment
  • Performed advisory assignments such as Preparation of IT Policies & Procedures, IT Asset Disposal, Cash counts, Physical stock counts, etc
  • Implemented and performed administration of GRC solution (Wynyard)

Information Security Consultant

Paladion Networks Pvt. Ltd
03.2010 - 03.2013
  • Policies & Procedures Development & Implementation; ISO Frameworks Maintenance; ISMS & ITSM standard Implementation; Internal Audits based on ISO 27001 & ISO 20000, ISO 9001; Flowcharts Creation to document Business Systems & Processes for ISO standards
  • Managed compliance requirements for ISO 20000 & ISO 27001 as per internal & external IT audit requirements
  • Performed IT risk assessment and prepared IT audits plans based on ISO 27001, & ISO 20000 framework
  • Involved in security planning and deployment and management of current & future security technologies
  • Reviewed IT architecture conducted research on new attack vectors and mitigating solutions
  • Interfaced with the executives, department heads & end users and attaining security vision of the company
  • Managed & Implemented HP Service Manager (Helpdesk Solution), to fit the environment including solution administration, reporting, querying etc
  • In one of client of Paladion (GCAA)
  • Reviewed SCADA assessment reports which comprises SCADA Master Plans, Control System Design Documents, Programs, Tests, and Commission Control Systems

Assistant Manager - Risk Advisory Services

BDO Consulting Pvt. Ltd
12.2007 - 03.2010
  • Internal Audits; Information Security Audits; Compliance reviews, Third Party Information Security Audits; Application Audits; Vulnerability Assessment & Penetration Testing's
  • Conducted info Sec audits as per ISO 27001:2005 and Internal Audits based on Cobit & ITGC
  • Executed application audits for clients in the Banking, Broking, Healthcare, IT & ITeS industries
  • Conducted IS awareness workshops & seminars and post implementation review for ERP Systems
  • Played Pivotal role in the CERT-In Qualification for BDO Consulting Pvt
  • Ltd
  • Successfully developed many IT processes for a Healthcare Client
  • Reviewed SCADA assessment reports which comprises SCADA Master Plans, Control System Design Documents, Programs, Tests, and Commission Control Systems

Pre-Sales Consultant / Technical Executive - Zenith SAAZ

Zenith Infotech Ltd
06.2006 - 12.2007
  • Solution Installation & Maintenance; Network Devices Maintenance; Desktop Management through Proprietary Solution; Patch, Antivirus, Spywares & Asset Management; Troubleshooting & Remote Support
  • Program Manager for various projects including Desktop/Server management and Network administration
  • Managed a team of Engineers for handling remote installations and delivering technical support
  • Instrumental in re-engineering Network Infrastructure and IT Infrastructure
  • Assisted the Network Operation Centre (NOC) Engineers in maintaining clients' networks & server globally

System Administrator

Allied Digital Systems
06.2005 - 05.2006

Education

MTech -

William Carey University
01.2010

MBA -

Sikkim Manipal University
01.2008

Bachelor of Management Studies -

Mumbai University
01.2005

Skills

  • Audit Planning & Risk Assessment
  • Auditing Cyber Security (SIEM, SOC, MSSP)
  • IT Audits (Systems, Networks, Applications & Databases)
  • Mobile App & Website Audits
  • IT Risk Management
  • IT Architecture
  • Data Analytics
  • Continuous Auditing
  • ERP Audits (Oracle, Microsoft Dynamics)
  • Cloud Computing
  • Enterprise Security Products Implementation (DLP, Endpoint, IDAM, MFA, SSO, etc)
  • IT Policies & Procedures Development & Implementation
  • Network Security
  • Info Sec Audits
  • Project Management (Agile and Waterfall)
  • Power BI & Data Lakes
  • Vulnerability Analysis
  • IT Stakeholder Management
  • Data Protection (GDPR)
  • Excellent Communication Skills
  • Network Architecture
  • Cryptocurrency
  • Strategic Planning
  • Cross-Functional Collaboration
  • Operations Management
  • Cross-functional Team Coordination
  • Process Improvement

Certification

  • CISSP – Certified Information Systems Security Professional
  • CISA - Certified Information Systems Auditor
  • CISM – Certified Information Security Manager
  • CDPSE – Certified Data Privacy Solutions Engineer
  • CRISC - Certified in Risk and Information Systems Control
  • CEH – Certified Ethical Hacker
  • ITIL & PMP – Project Management Professional
  • Lead Auditor (ISO 9001, ISO 27001, ISO 20000, BS-25999)
  • IMS – Internal Auditor (ISO 9001, ISO 14001 & OHSAS 18001)
  • CCNA - Cisco Certified Network Associate
  • Internal Audit and Compliance
  • Enterprise IT Risk Management & Corporate Governance

Languages

English
Arabic
Urdu
Marathi
Hindi

Personal Information

Title: SENIOR MANAGER IT AUDIT

Professional Highlights

  • Cost savings of AED 10M from numerous IT Licensing review exercise for IT Department
  • Won Sheikh Khalifa Government Excellence Program Award for Best Department (IT)
  • Won Sheikh Khalifa Government Excellence Program Award for Best e-Services
  • Received GCC Best Portal Award Ensured 100% result for GCAA Website as per GIA baselines in 2010 & 2011
  • Best IT Employee of the Quarter in 2010 (GCAA)

Timeline

Senior Manager - Technology Audit

Dubai Holding
05.2023 - Current

Digital Audit Manager

LEC
08.2022 - 04.2023

Assistant Manager IT Audit

EMAAR Group
01.2019 - 07.2022

Assistant Manager - Internal Audit (IT)

DAMAC Properties
01.2016 - 01.2019

Senior Information Systems Auditor

Galadari Brother Co. L.L.C
03.2013 - 12.2015

Information Security Consultant

Paladion Networks Pvt. Ltd
03.2010 - 03.2013

Assistant Manager - Risk Advisory Services

BDO Consulting Pvt. Ltd
12.2007 - 03.2010

Pre-Sales Consultant / Technical Executive - Zenith SAAZ

Zenith Infotech Ltd
06.2006 - 12.2007

System Administrator

Allied Digital Systems
06.2005 - 05.2006

MBA -

Sikkim Manipal University

Bachelor of Management Studies -

Mumbai University
  • CISSP – Certified Information Systems Security Professional
  • CISA - Certified Information Systems Auditor
  • CISM – Certified Information Security Manager
  • CDPSE – Certified Data Privacy Solutions Engineer
  • CRISC - Certified in Risk and Information Systems Control
  • CEH – Certified Ethical Hacker
  • ITIL & PMP – Project Management Professional
  • Lead Auditor (ISO 9001, ISO 27001, ISO 20000, BS-25999)
  • IMS – Internal Auditor (ISO 9001, ISO 14001 & OHSAS 18001)
  • CCNA - Cisco Certified Network Associate
  • Internal Audit and Compliance
  • Enterprise IT Risk Management & Corporate Governance

MTech -

William Carey University

Similar Profiles

  • SUMIT BATHLA

    SUMIT BATHLASUMIT BATHLA

    Executive Director –Digital Transformation at Dubai HoldingExecutive Director –Digital Transformation at Dubai Holding

    View Profile
  • AMMAR WALID

    AMMAR WALIDAMMAR WALID

    Associate Director at Dubai HoldingAssociate Director at Dubai Holding

    View Profile
  • Mariam Alsuwaidi

    Mariam AlsuwaidiMariam Alsuwaidi

    Director – Service Management at Dubai HoldingDirector – Service Management at Dubai Holding

    View Profile
Mohammed Asif Siddiqui