Muhammad Asif (CISA)

Experience

• 

  Tulip IT Services

  May 2007 - Aug 2007

  Management Trainee

  Summary of work done (IDC-Internal Auditing for Security TIA/942 Compliance)The internal auditing at tulip data center was done with the intent to enhance security in order to build the trust among the customers to gain business advantage.Audited the data center infrastructure for physical security and assess the architecture for TIA 942 compliance.As a part of additional learning I Design the project plan for IBM 3500 server assembling, installing OS and IPS for HSWAN, which helps in completing the project in the stipulated time. Show less

• 

  Deloitte

  Apr 2008 - now

  ObjectiveAligning Information Technology with business requirements and demands by creating solutions through the establishment of full I.T. projects and network infrastructures, including customer liaison, design, testing and successful implementation within budget, scope and strict timescales.SummaryMohd Asif Aslam has more than 4 years of experience in Information security, Information Technology General Controls (ITGC) and SAS 70 Audit execution support. Some of the engagements he did are General computer controls SOX testing for various platforms and databases (like UNIX, Windows, Oracle) and various SAS 70, CICA Section 5970 engagements (including Investment Management Services clients) that involves Testing of controls for operating effectiveness. He possess good understating of SSAE16 and ISAE 3490 standards and the new AICPA reporting standard SOC1, SOC2 and SOC3. Currently is working on creating tool for SOC2 reporting standard.Selected ExperienceGeneral Computer Controls Review and testingAssesing Information security design effectiveness, testing operating effectiveness of the key controls, identification of gaps and benchmarking of business control activities. Test plan Work-paper Setup, Comparison of control objectives to similar service providers to Identify relevant control objectives that would be useful for inclusion in the SAS 70 Audit report, Creation of Test Plans, Identifying gaps in existing controls that support the assertions within the control objectives, assist in performing a walkthrough to identify controls in place and validate the description of controls, Controls Testing - ITGCCs & Business process controls, Report drafting. Show less Summary of work donePerformed SAS 70 and SSAE-16 execution for clients like Hewitt, Fiserv and FIS.Assesing Information security design effectiveness, testing operating effectiveness of the key controls, identification of gaps and benchmarking of business control activities. Creation of Test Plans, Identifying gaps in existing controls that support the assertions within the control objectives, Controls Testing - ITGCCs & Business process controls.Working on SOC1, SOC2 and SOC3 reporting standard. Show less

  • Senior Manager

    Sept 2019 - now

  • ERS Manager

    Sept 2014 - Aug 2019

  • Senior Consultant

    Sept 2010 - Aug 2014

  • Analyst

    Apr 2008 - Sept 2010