Muzzamil Hussain

Experience

• 

  National Bank of Pakistan

  Mar 2006 - May 2012

  • Data Management Department (DMD): Establish a eCIB & Data Management Department, Overall Data Management, Collection, Collation, Compilation, Meta Data management and road to Data Analytics.• Python for Data Science is used for making consolidated Corporate Report.• Enterprise Risk Management: Risk and Control GAP analysis, Risk assessment and monitoring tools, KRI, KPI, and Risk Register• Digital Data Governance Framework: Development of comprehensive framework on Digital Data Governance.• IT-Governance, Risk & Compliance (IT-GRC) Draft Report: Interpret and Construe Draft report issued by SBP for financial Institutions on IT-Governance Risk & Compliance, draft report issued in 2017. Suggestions are advised on the framework report from stakeholders.• Policy for strategic Data Acquisition (SDQ) and Unified Data Warehouse: To Perform Strategic Data Science and Analytics sound policy for Strategic Data Acquisition and creation of unified Data warehouse established. Big Data Analytics: Data Extraction from SAP, Integration, Data Scrubbing, Data Profiling, Process Orchestration & Automation.• Statistically Data Analysis: Gather Data from multiple sources, interpret, develop routine/ scripts for report generation and publish/share with concerned stake holders & External Bodies for review and analysis.• Review of Frame works / Policies under Information Security Division: I.S Policy, I.S Incident & forensic Management, Business process documentation, I.S Audit and Advisory.• ETL-Extract Transform & Load: Develop a utility for Data Extraction from MYSQL/Data Bases and make format driven Data reports of different Portfolio’s.• Wing Audit Coordination/Internal /SBP/I. S Audit: Act as a coordinator for Internal/SBP and IS Audit for ERMG-ECIB ADC Wing. Getting follow-ups from regions, closing of standing observation and compliance. Show less • eCIB Implementation- Conduct Train the Trainee Program for NBP Users across Pakistan for eCIB Application deployment.• Technical Business Analysis. Meta Data Management, redundancy management.• Business process Re-Engineering to reduce redundancy among existing process and mapping with internal best practices.• Analyze and document Process, Signoffs from stakeholder, Documenting user requirements, creating roles and Privileges.• Patch Management. Conducting test to check current vs desired outcome. Documentation of desired Test• Result.• Develop detailed Test Plan and logging of results desired vs actual. Develop detail log of results submit with application developer Netsol. Pvt.Ltd• Monitoring of user roles and timely updating of system patches.• Administration of eCIB Application both Data Capturing and Data Inquiry.• Disaster recovery and Business continuity planning. Show less

  • Officer Grade-II – GRC- Enterprise Risk Management Group (ERMG)

    Jun 2009 - May 2012

  • OG-III / System Programmer

    Mar 2006 - May 2009
• 

  National Bank of Pakistan

  Jul 2012 - Jan 2021

  • Credit Bureau ERP Implementation: Lead the full-cycle implementation of credit bureau systems, ensuring that robust cybersecurity measures are integrated throughout the process. This includes assessing system vulnerabilities and implementing security controls to safeguard sensitive consumer data.• IT-Governance, Risk & Compliance (IT-GRC): Interpret and implement the IT-GRC framework as outlined in the State Bank of Pakistan's 2017 ETGRM framework for financial institutions. Ensure compliance with national regulations while aligning cybersecurity strategies with organizational objectives.• GAP & Control Analysis: Conduct comprehensive gap and control analyses to evaluate existing versus desired cybersecurity controls. Document business processes and obtain necessary approvals to ensure compliance and effectiveness in mitigating risks.• Data Governance Framework Development: Develop an enterprise-wide Data Governance framework, including establishing a Data Governance Council responsible for overseeing data quality initiatives and ensuring data integrity across systems.• Three Lines of Defense Structure: Propose and implement a Three Lines of Defense model for effective data governance, ensuring clear accountability and enhancing risk management processes across the organization.• Project Management Coordination: Collaborate with the Project Management Office (PMO) to ensure accurate data mapping from core banking applications, focusing on maintaining high data quality standards while integrating security measures.• Regulatory Compliance Coordination: Work closely with State Bank of Pakistan (SBP) coordinators to address compliance observations. Implement necessary rectifications as required by regulatory bodies to ensure adherence to cybersecurity regulations.• IS-Audit Management: Oversee IS-audit management & IT GC Audit, addressing audit observations to ensure compliance with internal policies and external regulations. Show less -Enterprise Architecture I Risk Management ERMI IT-GRC I Data GovernanceI OFSAA FCCM🔹Development of Road Map for Enterprise IT GRC (Governance, Risk Management & Compliance) Frame Work🔹Project Management: Overall project management, development and implementation of software development projects. While working in at Electronic Credit Bureau Department we established the department based on the guideline provided by PMI’s Project Management Body of Knowledge (PMBOK).🔹Data Science: Big Data Processing, analysis and processing for strategic Risk Decisions.🔹Data Modeling : Semantic Web, Bayesian Theory, Apache Tomcat , Modern Portfolio Theory 🔹Development of Data Governance Model having different focused ares like Data Quality, Security, Management Portfolio, Cleansing and Mapping etc.🔹Credit Bureau ERP Implementation: Net Sol Pvt LTD, Lahore (Pakistan): 02 Full Cycle implementation of eCIB application at Bank Level all across Pakistan.🔹SAP University Alliance Program: Specialized elective in FI-CO and its integration with other Modules at I.B.A (Institute of Business Administration) 🔹SAP-Banking & GRC: As part of Implementation of SAP Banking and Governance Risk and Compliance covering different models like OCEG GRC, GRC10.1 etc.🔹Business Process Review & Internal Control Implementation: As part of BPR and Internal Control Implementation, we are implementing COSO Framework along with PWC consultants and currently we are signing off at Phase VI of Development of Risk Control Metrics after Bench Marking with Industry Best Practices. 🔹Member of the team that involve in defining and Implementing Risk Policy of Risk Management Group.🔹Internal Controls Review, Audit and enhancing /Optimizing FR Controls.🔹Development of Blue print of E.A (Enterprise Architecture), SOA, and ESB, creating common point of Interaction of all information sources.🔹IT Security, Business Continuity and Disaster Recovery Planning. Show less

  • Officer Grade-I – GRC- Enterprise Risk Management Group (ERMG)

    Dec 2017 - Jan 2021

  • Senior Analyst - GRC (Governance, Risk & Compliance) & Data Governance & Analytics

    Jul 2012 - Nov 2017
• 

  State Bank of Pakistan (SBP)

  Jan 2021 - Dec 2022

  Scheme Management Officer- DI & SD/ Office of CISO (GRC| SIEM:IBM QRadar)

  • Security Clinic – Digital Financial Services- Governance, Supervision, Monitoring & Regulating. Supervision & providing regulatory guidelines to FI’s. Policies, Procedure and Guidelines. Strategy and Development.• SOC- Security Operation Center (IBM Q-Radar), Highlighted and monitoring of Offenses, events, assigning and closing on security controls like SMG, Firewall, EDR etc., • SIEM & SOAR: Use a SEIM tool to find network anomalies, create graphical representations, Trend report of network traffic. • Design, document and implement process and procedure for SEIM team. Knowledge of Security Orchestration, Automation and Response (SOAR) platform.• Payload & Log Forensics: Aggregate, correlate and analyze log data from network devices, security devices and other key assets using IBM- Q Radar. Build and tune custom cases, dashboards, searches, SEIM platform reports based upon Cybersecurity and business needs.• SIEM Events Correlation: Experience in building, implementing, tuning SIEM event correlation rules, logic, and content in a large environment to filter out false positives and known errors, EPS calculation and storage calculation as per compliance.• Security Research: SOC / NOC/ SIEM Solutions: Research and studies various SIEM solutions available in the Cyber Security domain like RTA, Logarithm, MacAfee SIEM, ZABBIX etc.• Security Monitoring of Pakistan’s First IPS (Instant Payment System) RAAST: Monitoring and closure of Offenses populated on SIEM through RAAST Infrastructure, Tickets generation on JIRA and Closure.• Lead Cyber Security Assessment for RDA Participating Banks.• Malware Analysis Technologies: e.g. Any Run, Threat Grid. Perform Static malware analysis on isolated virtual servers. Research new and evolving threat vulnerabilities.• Email Forensic Analysis: Conduct forensics of emails reported on Phishing Group on various Sand Boxing tools like Virus Total, Any Run, etc. and closure at relevant Security Perimeters. Show less

• 

  National Bank of Pakistan

  Jan 2023 - Jun 2023

  Assistant Vice President I Section Head - Digital Information Assurance

  >Digital Assurance (Road Map & Implementation) – Devise Security assurance standard operating procedure and implementation guide.>Secure SDLC- Develop a Framework on Secure SDLC for in house application development, catering the Security aspects and developing Security stage gates. >Incident Response Plan: Develop Blueprint incident response plan and its detailed implementation guide. >Liaison between security and software development teams and assist in implementation of SAST, DAST, PT and other secure software assurance practices. >Identify, define, build, deploy and track security controls & measures for applications, systems and databases in contrast with OWASP, CWE, CIS benchmark and SAMM. >Design application security architecture via threat modeling, develop detailed cyber security design and analyze cyber security in the domains of security vulnerabilities, Threat actor TTP’s, common malware types and networking protocols. >Responsible for reviewing and assisting in operation of security management and monitoring solution are in place. >Assist in secure coding practices, perform manual as well as tool based review of application security, lay guidelines in mitigating potential threats and minimizing attack surface. >Manage the development, implementation, and continuous refinement of security policies, standards, and procedures to ensure ongoing strengthening and maintenance of security practices. >Ensure that security models, technologies and protocols are established, enforced, and maintained by system architects and designers. >Identify emerging vulnerabilities, evaluate associated risks and threats and provide counter measures >Design technical solutions with tools for applications, databases, mobile, containers, API’s, micro services and other digital solution security testing, as well as identify new security tools to improve the security posture >Determining the sensitivity of Data in order to recommend the appropriate Data classification Show less