Murad Rzazade

Experience

• 

  Azerbaijani Society in Manchester

  Sept 2013 - Jun 2016

  IT Manager
• 

  Azercell Telecom LLC

  Jun 2014 - Sept 2014

  IT VAS services support and administration

  Administrator of Azercell Web application, proposing business plans for new VAS services

• 

  PwC

  Jan 2017 - Nov 2019

  Information Security Audit• Conducted penetration tests in accordance with OWASP methodology for the bank, telecom, and retail sectors.• Authored, reviewed and commented on Information Security policies, standards such as Authentication and authorization, Security monitoring, Backup management, Incident Management, Threat and vulnerability management, Security operations, Malware management, Password Policies, Application Security, Network Security, Cryptography Guidelines, Security Awareness and etc.• Conducted review and provided recommendations for Information Security department based on Center for Internet Security (CIS) 20 Critical Security Controls for Effective Cyber Defense.• Performed security source code reviews on Web, Desktop and Mobile applications on Android and iOS platforms.• Identified Wireless network security vulnerabilities using Kali Linux testing tools.• Analyzed sensitive data storage approaches on encryption and cryptographic methods.• Conducted Information Security training in different organizations.IT General Controls• Testing of IT General Controls (ITGCs) for information, billing and telecom systems in support of financial statements audit; • Designing process control flow charts to facilitate the identification of key controls• Identify risks and understand controls in the business process• Document an understanding of the flow of transactions and financial information for business processes• Backup management and disaster recovery process analysis• Document and understanding of the IT environment• Development of ICRs (Internal Control Recommendations)IT Governance• Review of IT strategy planning and effectiveness of budgeting• Analysis of IT staff competency within the business requirements• Review and assessment of IT Service catalogs based on various KPIs’• Assessment on effectiveness of IT Project Management. Show less

  • Senior Cyber Security and Risk Assurance Associate

    Jun 2018 - Nov 2019

  • Cyber Security and Risk Assurance Associate

    Jan 2017 - Jun 2018
• 

  PASHA Insurance OJSC

  Nov 2019 - now

  • Building Strategical Roadmap on Information Security Enhancement;• Governing processing according to NIST CSF Framework• Managing SOC - Security Operation Center and Cyber Incident Response • Information Security Processes compliance evaluation and providing hardening;• Management of Vulnerability Assessment, Patch Management, and Penetration tests processes;• Providing Security Requirement and Access Management procedures on core business systems;• Implemented monitoring procedures on Microsoft Azure and Internal Windows environment as well as Privileged Access Management (PAM);• Implementation and managing Mobile Device Management (MDM) and Mobile Application Management(MAM) procedures for Bring Your Own Device (BYOD) and COPE/COBO devices;• Implementation and managing Database Security Compliance processes and procedures;• Implementation and managing Network Security processes;• Implementation and managing Endpoint and Server Security processes;• Implementation and Managing procedures of application security;• Implementation and management of Data Confidentiality and Security;• Managing Corporate Security Awareness programs;• Managing corporate information security policies and processes such as Authentication and authorization, Database Security, Mobile Device Security and Acceptable Use, Server Security, Workstation Security, Network Security, Remote Access, Wireless Security, Business Applications Security, Software Development, Security Awareness, Access Control and Authorization, Account and Identity Management, Anti-Malware, Password, Cryptography, Logging and Monitoring, Removable Media, Email Security and Acceptable Use, Internet Security and Acceptable Use, Penetration Testing, Vulnerability Management. Show less

  • Head Of Information Security Department

    Nov 2020 - now

  • Information Security Manager

    Nov 2019 - Nov 2020
• 

  Compulsory Insurance Bureau

  Mar 2023 - now

  Member of Audit Committee