Afeef Ahmed

To work in a growth-oriented environment utilizing my experience, analytical & technical skills in areas related to Compliance & Regulatory program Management & Information Security. To further enhance my skills and knowledge while being an asset to the organization. Executive Summary: An IT Professional about 12 Years of work experience in Information Technology and Information Security which covers areas which include Compliance, Information system security & administration and Service delivery.

• ISO/IEC 27001:2013 Lead Auditor
• QualysGuard Certified Specialist
• Eminence Award from client on escalation
• Current Roles and Responsibilities:
• Audit Support Focal:
• Providing required Data to Auditor
• Ensure that contact list is up to date for the ongoing/upcoming Audits
• Any Audit finding create an action plan to mitigate all the weak areas
• Compliance Focal:
• Managing Compliance on various server platforms
• Maintaining infrastructure security
• Administering, Implementing & Maintaining Information security through methodical approach
• And security tools
• Performing Vulnerability assessment
• To check the entire Configuration on Servers
• Testing the Servers accordingly agreed document and writing test case for that
• To develop techniques for conducting regular health check activities in a better and faster way
• To complete assigned target on time and thus to maintain 100% SLA by Delivering the best
• Developing Security Processes and Procedures as per standards and best practices, ensuring compliance to
• Information Security Policy
• To handle the work in an efficient manner by trying to resolve all the possible issues/difficulties internally
• The Regulatory Compliance team advises on regulations and guidelines related to written procedures
• And checks if processes and documentation are following internal policies and regulations/guidelines
• Define, implement, and maintain regulatory process requirements for training, document management
• Records retention, hardware qualification and other regulatory services and ensure development of controlled
• Procedures with approved objective evidence
• Ensure the completion of regulatory tasks within delivery services, such as change management
• Problem management and hardware and software qualification as applicable
• Process Review (Training & Change Management):
• Issue and maintain tracking reports and inform management of outstanding issues
• Define, implement, and maintain regulatory training and individual qualification requirements
• Check completion of training requirements, file and maintain completed training records
• Document and Record Control Management:
• Scan &store documents and records in database
• Control the review/approval process of these documents in QMX db
• Manage, update and control QMX database and the Hard Copy Repository
• Manage retention and retrieval of documents in QMX db
• Ensure the records are stored in the database and the necessary overview reports are created and updated accordingly
• Monitor the Regulatory Compliance mailbox and respond on time to the queries
• Compliance Web Portal for Jaguar Landrover & Broadridge Financial Solution:
• Driving the submission and updating of compliance status for each account in the Compliance Web Portal (CWP) link
• Addition of any new accounts signed by IBM to the Compliance Web Portal to have the compliance status assessed
• Ensure the accounts have been assessed by the DPE's on the compliance status for their respective accounts
• Responding to the queries sent by DPE's and IMT leaders related to CWP
• Ensuring the report on the monthly basis is sent to Managers, DPE's and IMT leaders
• Compliance Threat Management Focal:
• Responsible for Threat and Risk Analysis and review
• Co-ordinating with the stakeholders for the Risk Closure
• Reporting the Threat/Risk status to the DPE’s and IMT Leaders
• To provide daily metrics on progress with relation to the workflow threats are in
• CIRATS Issues and APARs
• To ensure the implementation of applicable APARs and resolution of Issues in line with ITCS104 requirements (Security advisory patch management and Time limits sections in the Security Integrity and Availability chapter)
• Review and update quarterly, CIRATS Department documents to maintain accuracy
• Regularly (weekly) review status with CIRATS Management team open and recently closed CIRATS Issues & APARs
• Regularly (twice-weekly) review status with CIRATS Management team overdue CIRATS Issues & APARs
• If APAR is applicable a Change record is raised and scheduled to install the patch else, we close the APAR as Not applicable
• Negotiate with customer target extensions where required for APARs when patch can’t be installed on time
• Compliance Testing, Vulnerability Assessment:
• Validating the all settings and update in checklist per the policy
• All the process is stored in documented in DL [document Library] for audit
• Be 100% audit compliance to both Internal and External Auditors
• Server Health Checking and Patch management
• To ensure all appropriate IT security health checking is performed in line with Technical Specification requirements in ITCS104
• Ensure visibility of Compliance Scheduling database is available
• Ensure all technical specifications which exist on Service Managed devices exist in the Compliance Scheduling database
• Submit requirements in correct template to appropriate team to load missing and all new technical specifications in the Compliance Scheduling database
• Ensure all health checks are performed at the appropriate cycle (i.e
• Quarterly or semi-annually) in line with ITCS104
• Coordinate completion of GAP checklists with technical teams where GAP health checking is required
• If not returned on time have non-returns raised
• If any non-compliances are found can be fixed by raising a change
• Executing server health check scans using TSCM as per agreed frequency with client and IBM
• Analyzing violations or deviations from Scan reports and raising CIRATS for remediation
• Suppression of false positive deviations and raising exceptions on valid deviations with customer approval called as Risks
• Analyzing missing patches and raising CIRATS to implement those patches
• Ensuring patches are implemented and closed within the SLA agreed with customer
• Role: Senior Technical Support Executive (Jul 2011 – Jul 2015)
• Key Responsibilities: Handling internal IBM users for Special accounts such as
• Applications supported
• Lotus Notes Client 9.0 Eclipse and Basic Version
• Lotus Sametime, Lotus Symphony
• ATT Network Client (VPN Tool)
• Cisco AnyConnect VPN Client
• WECM VPN Client
• ThinkVantage Access Connections (Wireless Networking Tool)
• Workstation Security tool
• IBM Standard Asset Manager
• PGP encryption of Hard drives
• IBM Standard Software Installer
• Tivoli Storage Manager (TSM)
• Ticketing Tools Used: IBM Tivoli Service Request Manager, TSM (ticketing tool)
• Infrastructure Support: IBM Network Wired and Wireless, IBM Connect Service, Enforced Device Registration
• Antivirus Supported: Symantec Antivirus
• Hinduja Global Solution Customer Support Representative (May 2007 – July 2011)
• Role: Senior Technical Support Representative
• Description: Being the Senior Technical Support Representative I have been given the chance to share my expertise with the team and guide them in finding resolutions to the issues quickly
• I am mentoring the new agents too who have joined the team and helping them to increase their confidence in handling the issues
• Responsibilities: o Providing Support to Helpdesk Customers o Guiding the new resources of the team and providing knowledge transfer o Handling supervisor chats and calls as and when required o Acquiring full business level knowledge of all the systems under consideration
• O Providing best solution for Incidents, Service Calls and Service Request Raised, in compliance with SLA
• O Achieving quality greater than 95% on each Request Raised with respect to the Service Delivered
• O Interactions with other teams to resolve issues with minimal turnaround time
• O Identifying a pattern in the issues faced by the users and ensuring that a prompt resolution is provided with regards to these issues
• Trainings:
• Completed ITIL Training from IBM (Internal)
• Completed QualysGuard Vulnerability assessment training

ISO27K LA Certified