Sultan Mehmood

Experience

• 

  Tameer-e-Seerat School & College Ghazi

  Apr 2009 - Mar 2015

  Academic Coordinator/ System Administrator

  Managing all academic and IT related work within the organization.

• 

  Talent Era International School & College KSA

  Jan 2016 - May 2020

  Information Technology Supervisor

  To maintain Campus Management System.Maintain all IT related issues within the organization including (Networks administration, Software management, IT training of staffs). Also handled social media accounts of the school.

• 

  Riphah International University

  Feb 2021 - now

  Information Security Manager

  • Governance, Risk, and Compliance (GRC):o Developed and implemented a robust GRC framework to ensure the university's information security practices align with regulatory requirements and industry standards.o Spearheaded risk management initiatives, including regular risk assessments, audits, and the development of risk treatment plans to mitigate identified vulnerabilities.• ISO 27001 Certification and Compliance:o Led the end-to-end implementation of the ISO 27001 project, achieving certification within set timelines. This included developing the Information Security Management System (ISMS), conducting internal audits, and managing external audit processes.o Conducted internal audits and managed the corrective action process to address non-conformities and improve security practices.• Security Awareness and Training:o Designed and conducted comprehensive security awareness sessions for university staff, covering topics such as data protection, incident response protocols, and best practices for maintaining information security.• Policy Development and Enforcement:o Authored and enforced information security policies and procedures, ensuring they are aligned with both ISO 27001 standards and the university's operational needs.• Incident Management and Response:o Implemented a structured incident management process, including the development of an incident response plan, regular drills, and post-incident reviews.o Coordinated incident response efforts across departments, ensuring timely containment, investigation, and remediation of security breaches. Show less

• 

  Angular Quantum

  Oct 2024 - now

  Cyber Security Auditor

  Specializing in remote audits for SOC 2, PCI DSS, and ISO 27001 compliance for diverse organizations.Conducting comprehensive online audits, including risk assessments and gap analyses, to identify vulnerabilities and ensure compliance.Developing and executing tailored audit plans remotely, aligned with SOC 2, PCI DSS, and ISO 27001 standards.Collaborating with client teams virtually to provide clear, actionable insights and guidance for remediation.Preparing detailed audit reports with findings and recommendations, assisting clients in achieving and maintaining compliance.Staying informed of evolving standards and regulations to ensure accurate and relevant audit practices. Show less