Atif Amir (CISM, CQI/IRCA ISMS-LA, CHFI, CPSP)

Experience

• 

  Dancom Online Services Pvt Ltd. Pakistan

  Sept 2005 - Jan 2007

  Network and System Support Engineer
• 

  LINKdotNET

  Jan 2007 - Mar 2011

  LAN Administrator
• 

  DURATSABA for Road Contracting and Construction

  Sept 2011 - Feb 2013

  Network Engineer
• 

  Corporate Research and Investigations Limited

  May 2013 - Jan 2017

  Information Security Officer

  Developed comprehensive information security documentation in accordance with ISO/IEC 27001/27002 information security standards.Conducted ISO/IEC 27005:2013 compliant risk assessments of business processes and auxiliary systems.Conducted internal controls evaluation, enhanced network and application security, implemented data protection measures and communicated findings to corporate stakeholders.Utilizing the Nessus vulnerability assessment tool, vulnerability scans of networks and apps were performed.Coordination of all ISMS deployment, monitoring, and reporting activities. Show less

• 

  HBL Microfinance Bank LTD

  Mar 2017 - Apr 2022

  Established and led a team of 2 people and achieved 80% team productivity rate based on the completion of security projects. Published and updated at least 5+ policies and standards annually.Advocated for information security in meetings and committees, like the Change Advisory Board, shaping strategic decisions.Developed a robust RACI matrix for 100% compliance with multiple regulatory frameworks, improving accountability and transparency. Performed thorough risk assessments, devised security treatment plans, closely tracked progress, and delivered detailed reports.Designed, developed, and tested tailored security solutions to mitigate 100% of information security risks and vulnerabilities, aligning with industry standards and regulatory frameworks.Executed a pan-bank information security awareness program, assessed its impact, and provided comprehensive reporting.Reviewed and negotiated contracts and SLAs, aligning them with strict information security requirements and reducing contract negotiation time by 30%. Supervised and coordinated the bank's third-party security audit and assessment activities, with 100% issues mitigation and at least a 90% security compliance rate. Led internal and external security activities, including configuration reviews, source code assessments, architecture evaluations, and infrastructure audits. Led stakeholder consultations and collaborated closely with the CISO and Head of Risk to address risks, audit findings, compliance challenges, and legal obligations effectively. Trained and assessed the impact on at least 500+ bank employees annually on the Information Security process and achieved a 50% increase in employee compliance and 60% increase in employee awareness of security policies.Maintained a 100% response rate to information security inquiries within the organization. Show less Collaborated on the implementation of the IT Governance framework and network-layer encryption to ensure alignment with organizational objectives and enhance data security.Developed and maintained relevant policies, standards, guidelines, and work/process flows, ensured 100% alignment of processes with information security policies and ETGRM.Managed security baseline implementation and compliance reporting ensuring 85-90% compliance rate with DoD SCAP/DISA and CIS standards.Developed and executed the bank-wide SoD-Matrix (non-application), ensuring its effective implementation and conducting regular reviews for compliance.Executed IBM Privileged Identity Management (PIM) project, achieving 100% reduction in unauthorized privileged access incidents.Managed the integration of the IBM QRADAR Security Incident and Event Management system with the bank's IT infrastructure to enhance security incident response. Ensured 98% reduction in data security incidents following network-layer encryption implementation. Collaborated with the Infrastructure team to maintain up-to-date and monitored privileged and non-privileged users' identity and access management (IAM) practices.Developed, executed, and led an annual plan for IT infrastructure Vulnerability Assessment and Penetration Testing (VAPT) activities, achieving up to 80% remediation rate for identified vulnerabilities within 1 month.Coordinated with multiple stakeholders including internal/external auditors, IT division and vendors to facilitate smooth audit activities, manage responses, report findings, and address audit observations.Achieves 100% successful execution rate for Business Continuity Planning (BCP), Disaster Recovery (DR) drills, and security awareness campaigns. Implemented and configured 4 new security tools, enhancing the organization's security infrastructure.Implemented security controls that led to a 80% decrease in phishing attacks. Show less

  • Manager Information Security Governance

    Jun 2020 - Apr 2022

  • Manager IT Security - IT Governance

    Mar 2017 - May 2020
• 

  SECUREISM

  Apr 2022 - Mar 2024

  Information Security Consultant

  VCISO, Information Security Consultation, Risk Assessment, Policies & Procedure Development, PCI DSS Consultation, ISO 27001 Consultation, and Information Security Awareness., SOC 2 Implementation, Management Reporting

• 

  Techwork

  Oct 2023 - Mar 2024

  ICT Security Consultant

  ISMS (ISO 27001: 2022) Implementation Consultation

• 

  UBL - United Bank Limited

  Mar 2024 - now

  Manager Information Security Governance, Risk and Compliance

  Information Security GovernanceRisk Assessment, Analysis and Reporting (Information Security, Technology & 3rd Party)Information Security DashboardsInformation Security Compliance (PCI DSS, ISMS, SWIFT)