Muhammad Jawwad Alam Siddiqi

Experience

• 

  Union Bank

  Jan 2005 - May 2005

  Internee-Volunteer

  Worked in the clearing section of the bank therefore I am familiar with the entire inward and outwardclearing procedures being followed in most of the well reputed banks. Also during my stay there Iprepared an intern’s manual for those doing internship in the clearing section of Union Bank.

• 

  Rawalpindi College for Girls

  Jun 2005 - Aug 2005

  Jr. Network Engineer

  Work responsibility included maintaining college website and computer laboratories.

• 

  Digital Processing Systems

  Aug 2005 - Jun 2008

  􀂃 Leading one of ISO/IEC 27001:2005 implementation team.􀂃 Maintaining Disaster Recovery Plan􀂃 Managing Information Security Group (ISG) in the absence of Manager􀂃 Member Incidence Response Team􀂃 Coordinating with Consultants, External Auditors & Pakistan Software Export Board (PSEB) Representatives􀂃 Creating and implementing information security policies and practices in DPS Inc.􀂃 Monitoring and Controlling the Information Security Management System (ISMS).􀂃 Implementing ISO/IEC 27001:2005 controls􀂃 Implementing Information Security related CMMI process areas.􀂃 Conducting internal audits of applications, processes and physical sites.􀂃 Conducting risk analysis􀂃 Providing Information Security Consultancy to the clients of DPS Inc.􀂃 Coordinating with other branches of DPS Inc. for acquisition and deployment of security hardware.􀂃 Conducting Information Security Awareness campaigns for all DPS Inc. employees􀂃 Administering Information Security Induction to newly hired employees in DPS Inc.􀂃 Preparing EOI and RFP documents for the projects DPS Inc. is interested in. Show less Responsibilities included:􀂃 Creating and implementing information security policies and practices in DPS Inc.􀂃 Monitoring and Controlling the Information Security Management System (ISMS).􀂃 Implementing ISO/IEC 27001:2005 controls􀂃 Implementing Information Security related CMMI process areas.􀂃 Conducting internal audits of applications, processes and physical sites.􀂃 Conducting risk analysis􀂃 Providing Information Security Consultancy to the clients of DPS Inc.􀂃 Coordinating with other branches of DPS Inc. for acquisition and deployment of security hardware.􀂃 Conducting Information Security Awareness campaigns for all DPS Inc. employees􀂃 Administering Information Security Induction to newly hired employees in DPS Inc.􀂃 Preparing EOI and RFP documents for the projects DPS Inc. is interested in.􀂃 Created Training Guides for TABS (Telecommunications, Administration, & Billing System) of ITSKuwait. Sites included Warid Telecom (Pakistan) & BanglaLink (Bangladesh). Show less

  • Information Security Analyst

    Jul 2007 - Jun 2008

  • Jr. Information Security Analyst

    Aug 2005 - Jun 2007
• 

  Freelance Trainer

  Dec 2007 - May 2013

  Security Trainer

  Prepared and delivered Security trainings as a freelance on various domains of CISSP, CISA, CISM, Business Continuity and ITIL.Key Accomplishments:􀂃 Delivered trainings on various CISSP domains in Military College of Signals, to students which included serving Army officers of Pakistan Army, 􀂃 Delivered trainings on Computer Assisted Audit Techniques, to serving Government Auditors at Audit & Accounts Training Institute of Government of Pakistan. 􀂃 Delivered trainings on various domains of CISSP, CISA, CISM, ITIL and Business Continuity at National Institute of Management and Information Security. Audience included people from Defense forces, Law Enforcement Agencies, Government Officials, Multi-nationals, local corporations and students of various universities.􀂃 Delivered CISA Review Course at Supreme Audit Institute of Government of Pakistan Show less

• 

  KPMG US

  Jul 2008 - Dec 2009

  Responsibilities include:􀂃 Leading the IT Advisory Section of KPMG TH Islamabad Office􀂃 Leading the Information Risk Management (IRM) Audit team of KPMG TH Islamabad OfficeIRM clients audited belong to following sectors:􀂃 Hospitality->Marriott Hotel Islamabad, Marriott Hotel Karachi, Serena Hotel Islamabad, Pearl Continental Hotel Rawalpindi, Hashwani Hotels Limited, Pakistan Services Limited􀂃 Manufacturing-> AkzoNobel (formerly ICI Pakistan), Murree Brewery, Biafo Industries Limited, Bestway Cement Limited, Mustehkam Cement Limited, Fauji Cement Company Limited, Fauji Fertilizer Company Limited, Fauji Fertilizer Bin Qasim Limited􀂃 Telecom-> Mobilink (PMCL), Diallog CDMA􀂃 Insurance (non‐life)-> Askari General Insurance Company Limited􀂃 NGO-> National Rural Support Program (NRSP), Sarhad Rural Support Program􀂃 Pharmaceutical-> Ferozsons Laboratories Limited􀂃 Government-> Pakistan Telecom Authority (PTA)􀂃 Oil & Gas-> Halliburton, Oil & Gas Development Corporation Limited, Dewan Petroleum Limited􀂃 Stock Exchange-> Islamabad Stock Exchange􀂃 Electricity Generation & Distribution-> Islamabad Electric Supply Company Limited, Southern Electric Power Company, Uch Power, Saif Power Limited, Fauji Power Company (Dharki) Limited􀂃 Airline-> Air Blue􀂃 Banking & Microfinance Institution-> NRSP Bank, Khushali Bank Limited, First Microfinance Bank􀂃 Software House & IT Consulting-> Landmark Resources (LMKR)􀂃 Construction-> PakGulf Construction Show less

  • Assistant Manager - IT Advisory Services

    Jul 2009 - Dec 2009

  • Senior Associate II - IT Advisory Services

    Jul 2008 - Jun 2009
• 

  Telenor

  Jan 2010 - Nov 2012

  Information Security Executive

  Responsibilities include:􀂃 Conducting ISO27001 Internal Audit for Financial Services - Mobile Banking (EasyPaisa)􀂃 Conducted TL9000 Internal Audit for Business Services, NOC, Systems Infrastructure, Data Center􀂃 Conducted ISO14001 Internal Audit of Telenor Pakistan􀂃 Performing Business Impact Analysis for Business Services including VAS and Financial Services􀂃 Conducting Information Security Policy Compliance Reviews􀂃 Performing Incident Response activities􀂃 Supporitng Fraud & Revenue Assurance teams in identifying fraudulent transactions􀂃 Conducting Application Security Reviews􀂃 Conducting Process Reviews􀂃 Coordinating with External Auditors􀂃 Coordinating with Tameer Bank􀂃 Ensuring regulatory compliance in Financial Services - Mobile Banking Show less

• 

  TASC Management Corporation

  Aug 2012 - Oct 2012

  Consultant

  Worked as offshore consultant to provide assistance and support to ISMS project teams, working on clients of TASC Management.Major activities included:* Documentation review to ensure compliance with ISO27001 requirements* Risk Management Review* Asset Register Review* Statement of Applicability & Scope Statement review

• 

  NADRA

  Dec 2012 - Nov 2015

  Deputy Director Information Security Governance & Risk

  Leading the Governance & Risk teamResponsible for:􀂃 Information Security Policy implementation and compliance􀂃 Privacy Policy􀂃 Application & Information Classification􀂃 Application Security Review􀂃 Information Security Risk Assessments􀂃 Information Security Audits and reviews􀂃 Maintenance of ISO27001 certification of NADRA Networks Communication & Information Security Directorate

• 

  (ISC)2 Islamabad Chapter

  Jan 2014 - Oct 2015

  Treasurer

  Worked on the (ISC)2 Islamabad Chapter board as Treasurer.- Provided recommendations for the Draft of the board constitution and By-Laws- Delivered key note lectures at Cyber Secure Pakistan while representing the chapter

• 

  ISACA Pakistan Islamabad Chapter

  Feb 2014 - Oct 2015

  CISM Coordinator

  Worked on the board of ISACA Islamabad Chapter as CISM Coordinator. - Delivered ISACA Official CISM Review Courses as trainer to aspiring CISM candidates. - Provided input in the official review of Chapter By-Laws and constitution

• 

  Almajdouie Holding

  Nov 2015 - now

  Responsible for:1) Establishing Information Security Function at group level, devising the security policy, creating reporting structures and conducting first information security risk assessment. The Information Security function reports to InfoSec Steering Committee2) Managing the Enterprise Risk Management Function. Identifying and reporting on risks that impact the Group's sales/revenue or cost control annual targets. Further, preparing monthly Key Risk Indicator (financial and operational) reports for executive management.3) Establishing the Fraud Risk Management Program at Group Level in collaboration with Corporate Internal Audit Department4) Preparing material for Corporate Code of Ethics awareness campaigns to be used by Corporate HR Department5) Providing assistance to Business Continuity function in spreading awareness and reviewing the BCM plans6) Providing assistance to Corporate Internal Audit department in conducting General Computing Control (GCC) Audit7) Implementing ISO27001 in RAYA Financing company (sister concern of Almajdouie Group), ensuring compliance with privacy and security requirements given by Saudi Arabia Monetary Agency (SAMA), assisting RAYA Internal Audit, Risk and Compliance functions in performing their duties with respect to ISMS. 8) Reviewing Security Projects proposal as initiated by Corporate IT Department and providing feedback/recommendations to IT Steering Committee Head and PresidentScope of Work Includes:1) Almajdouie Motors (Hyundai > Sales & Marketing, Parts, Service, Commercial, Used/Exchange, Guaranteed Loan)2) Changan Motors (Sales, Parts & Service)3) Almajdouie Logistics Company (Transport, Freight Forwarding, Custom Clearing, Terminal, Warehouse, Dedicated Fleet, Heavy Lift)4) Cafe Liwan and Aryaaf Bakeries5) Almajdouie Metal Industries (Previously Steel Industry)6) Almajdouie Real Estate7) Almajdouie Investment8) ARJAA Travel & Tours9) Middle East Logistics Institute10) RAYA Financing Company Show less

  • Information Security Manager

    Sept 2022 - now

  • Senior Information Security Specialist

    Jan 2017 - Aug 2022

  • Senior IT Security Specialist

    May 2016 - Dec 2016

  • IT Security Specialist

    Nov 2015 - Apr 2016