Adnan Abbas

Information Security Professional, [ITIL v3F, CobiT 4.1, C|EH, ISO 27001 LA Qualified] (+92-333-9224853), adabbas.is@gmail.com

Seeking challenging career in Information Security with a progressive organization. Passionate about the role that the Information Security can play in these times to drive and engage the talent in an organization.

Objective

Professional Skills& Competencies

Information Security Risk Assessment Compliance & Monitoring Policy Design & Review Vulnerability Management Business Process Analysis Security Awareness & Training Conducting Internal Audit and Assessment ITIL/IT Service Management Threat Modeling Application Security Testing

Personal Profile

Solution oriented information security Professional and strong believer in continuous improvement with 5 years of professional experience in operational and strategic IT and Security Management, leadership and change management in diverse organizations. Have worked in Government Sector and cross-cultural teams providing guidance and support to Executive management teams and operational management teams on all IT activities, including design, change and implementation, employee training & awareness and communications. Also been involved in in-house information security trainings and consulting services for number of projects and have solid background of delivering services up to the required standard.

Career Achievements
Establishment, Design & Compliance of Information Security Policies Conducted Risk Assessment based on ISO 27001:2005, ISO 27005 & NIST Conducted Information Security Management Review Meetings of the organization and suggested for improvement of organizational systems, policies and operating mechanism. Developed & Conducted Internal ISMS Audits Experience in Information Security management with expertise in: Governance Technical implementation Technical evaluation & assessment Compliance Management

Professional Experience Fatima Group of Companies, Lahore Dec 11 to till date

as IT Security Officer

Responsible for GRC (Governance, Risk & Compliance). Analyzing Information Security policies & procedures with a view to improve the overall workflow of the information systems procedures and processes, particularly focusing on business use. Conducting Security Awareness Training Programs. Working on implementations of best practices throughout the organization and developing strategies for continual improvement.

NADRA, Govt. of Pakistan, Islamabad April 09 to Dec 2011

as Network Engineer Information Security

Responsible for management of Information Security Governance acting as Team Lead. Policies Review: Analyzing Information Security policies & procedures with a view to improve the overall workflow of the information systems procedures and processes, particularly focusing on business use. Working with technical team, as a domain expert, for designing and reorganizing the different sections of the information system. Provide support & deliver metrics to Senior Management and Executives with analysis. Working closely with Higher Management for all initiatives, process and plan enterprise wide Initiated and implemented Information Security Policies and Risk Management Completion of successful audit of NADRA Networks Directorate for ISMS Certification Ensuring systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan. Applying security risk assessment methodology to system development to work on threat model development, vulnerability assessments, web application security testing and resulting security risk analysis. Provide Security Risk Assessment & Compliance Services, IT strategic planning, IT risk management, business process analysis, information and network security, information systems audits, business continuity management, information life cycle management and information technology service management. Conducting Security Awareness Training Programs Responsible for Team development, Motivation and Retention Take part in strategic level Information Security related decisions and work as change agent for Organizational Development Working on implementations of best practices throughout the organization and developing strategies for continual improvement

Punjab Information Technology Department, Lahore Mar 08 to Feb 09

as System/Network Admin

Maintenance and Configuration of LAN/WAN. Conducted Workshops/Trainings/Labs and Intermediate Short Course for Government Employees, E-Government Project. Implementation of various Provincial Projects, monitoring the status and daily reporting. Designing and implementing security tests in accordance with Government stated criteria. System Administration included Antivirus Update, Security Patches, and other security relevant issues.

Emerging Systems, Islamabad

as System/Network Support
2

Aug 05 to Apr07
Advising and providing support to staff & management on the operational issues of Linux platform. Coordinate with customers and handle all issues Responsible for Installation/Configuration & Monitoring of Systems/Servers

Al Khair Medical Center Aug 04 to Jul 05

Responsible for Web portal maintenance and updating Worked on Sql Sever 2000 and Windows Server 2000

as Asst. Prog. & Network Support

MCS, NUST May 10

Guest Speaker on ITILv3 Foundation Course at MCS,NUST

as Guest Speaker

Qualification
MS Information Security 2005-07 National University of Sciences & Technology (NUST), Islamabad

Bachelor of Computer Science(BCS Hons) NWFP AGRICULTURAL University, Peshawar

2001-05

Personal Skills & Competencies

Solid Communication, Interpersonal skills People Management and Analytical skills Excellent planning, Report writing, Negotiating and Presentation Skills

Trainings/Workshops Attended
ISO 27001:2005 Lead Auditor training course from SGS Pakistan APTC Certified Ethical Hacker Training from Trillium Info Sec Systems Attended a workshop on National Conference on Information Assurance NCIA 2010 NUST Linux Fedora 8 Intermediate from Emerging Systems Islamabad Sun Solaris 10 Intermediate System Admin Training from SEECS NUST Islamabad