Umer Chaudhry, CISSP, CCSP, CISA, CRISC,CDPSE, CEH,CCZT

Experience

• 

  Cnetso Limited

  Oct 2008 - Apr 2010

  IT Consultant

  • Perform Technology Risk Assessments on the infrastructure including privileged access; network architecture; databases; electronic mail systems and operating systems. • Performed end to end process walkthroughs, prepared process flowcharts, identified key controls and tested the adequacy and effectiveness of controls implemented.• Gather information, understand stakeholder needs and articulating high-level requirements• Experience with programming languages (such as Java, ASP, HTML and C Language).• Worked on multiple projects simultaneously and took initiative to manage priorities and meet deadlines. Show less

• 

  Scotiabank

  May 2010 - Apr 2018

  Senior Manager, Cyber Security Audit

  - Managed and administered the audit as an Officer in Charge of medium to high risk audit assignments.- Responsible for planning, managing, and executing technology audits involving infrastructure including operating system, network, database, application and specialized security components. - Ability to exercise sound professional judgement in the assessment of risks with understanding of IT infrastructure systems including: iSeries, z/OS, Windows Server/Active Directory, Oracle, SQL, Sybase; including technical implications to the business.- Performed complex IT Risk Assessments, Vulnerability Assessments, Entity Level Controls Assessments, IT Infrastructure Audits, Business Continuity Planning, and Technology Risk Management.- Audited the outsourced operations and evaluated the governance processes in place to manage service delivery, availability, performance, capacity and change. - Conducted international assignments and conducted the data centre audits in Hong Kong, India, Bahamas, Barbados, Jamaica, UK, Ireland, Cayman Island, Malaysia and USA. Show less

• 

  RBC

  Apr 2018 - Jan 2020

  Senior Manager, Global Cyber Security & Infrastructure

  • Serve as the subject matter expert on Zero Trust principles, methodologies, and technologies, including micro-segmentation, identity and access management (IAM), encryption, and network security.• Lead the cyber security, infrastructure, application and third-party risk assessments.• Conduct comprehensive risk assessments to identify vulnerabilities and potential security gaps within existing systems and propose effective mitigation strategies.• Identify security gaps and provide recommendations to mitigate the risk.• Conduct risk assessments, evaluate alternative strategies, develop recommendations and ensure responsive communication with business representatives, security management, and third-party vendors.• Managed the critical cyber security assignments including Enterprise Cryptographic Services, Data Loss and Prevention (DLP), Security operations Centre (SOC) and Cyber Threat Intelligence.• Evaluated the threat scenario development including the development of cyber scenarios for different businesses and reviewing potential mitigating controls.• Ability to exercise sound professional judgement in the assessment of risks with a sound understanding of cloud, cyber and IT infrastructure systems. Show less

• 

  CIBC

  Jan 2020 - Apr 2023

  Senior Information Security Advisor, Enterprise Security & Risk Services

  • Provide Zero Trust and Cybersecurity Subject Matter Expertise in multiple security domains.• Perform complex risk analyses which also include risk assessment to identify compliance with Zero Trust Architecture.• Perform assessment and analysis of designs, architectures, configurations, and implementation of Zero Trust principles and security capabilities.• Worked closely with architects to assess the Zero Trust solution, road map, and capabilities in alignment with industry standards, including NIST Zero Trust Architecture.• Experience with access control solutions, such as Privileged Access Management (PAM) and Multi-Factor Authentication (MFA)• Execute the detailed Threat Risk Assessment (TRA) and Third-Party Risk Assessments, deviations, coordination of penetration testing and reporting. • Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk.• Assess business needs against potential risks and provide recommendations to enhance the information security landscape. Show less

• 

  BMO

  Apr 2023 - now

  Third Party Cyber Risk Assessment

  • Evaluate and assess the implemented controls for Zero Trust architecture, SD-WAN, SASE, edge computing, cloud technologies, enterprise identity, microservices, containers, encryption, tokenization, AI, SIEM, SOAR, UEBA, threat modelling, SDP, DLP, etc.• Conduct thorough cyber security assessments of third-parties and Cloud Security providers to determine compliance with security requirements, including assessing system architecture, security controls, and risk management practices. • Evaluate and review the supplier’s Identity and Access Management (IAM) end to end process including access provisioning, de-provisioning and attestation process is operating effectively. Assess the Privilege Access management process.• Work with stakeholders to ensure Zero Trust is implemented throughout customer environments.• Provide Zero Trust and Cybersecurity Subject Matter Expertise in multiple security domains.• Assess supplier’s security posture by evaluating their key controls and review SOC 2 Type 2, penetration test, security policies and network architecture diagrams.• Review the results of Vulnerability and Penetration testing and track the remediation of identified vulnerabilities till remediation.• Communicate the cyber risk assessment results to internal and external stakeholders.• Coordinate with risk stakeholders to identify appropriate risk mitigation and remediation plans.• Draft a report for each assessment and present it to the management for review and approval.• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise. Show less