Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

Hasan Raza Naqvi

Bhopal

Summary

Adept at driving cybersecurity and compliance initiatives, I leveraged my expertise in ISMS Implementation and risk management at NTT DATA Global Delivery Services Private Limited to enhance security postures significantly. My proactive approach and ability to navigate complex compliance landscapes have consistently resulted in successful TISAX and ISO 27001:2012 certifications, underscoring my technical acumen and strategic foresight. Resourceful Senior Specialist recognized for productivity and efficiency in task completion. Specialize in strategic planning, project management, and data analysis. Excel in communication, problem-solving, and leadership to drive team success. Committed to delivering high-quality results in fast-paced environments. Dependable professional with track record of success in field, attention to detail and proactive mindset. Seeks opportunities to improve processes and workflows for team benefit. Conscientious, hardworking and excels at multitasking in fast-paced environments.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Security Senior Specialist

NTT DATA Global Delivery Services Private Limited
10.2022 - Current
  • Responsible for Managing all the TISAX projects in NTT DATA
  • Responsible for managing end to end cycle of TISAX label, from preparing for TISAX till accomplishing the TISAX Labels
  • Responsible for performing the Gap Assessment against the TISAX and ISMS
  • Responsible for implementing all the TISAX controls to projects requires TISAX Label
  • Responsible for preparing all the ISMS documents for the projects required TISAX Label
  • Responsible for performing Risk Assessment and Risk Mitigation for the projects
  • Responsible for interacting with all the stakeholders and ensuring compliance with TISAX
  • Responsible for assisting the various teams to gather information and evidence to demonstrate the TISAX Compliance
  • Responsible for drafting all the responses of VDA ISA of TISAX
  • Responsible for performing the Internal Audit against the TISAX and ISO27001 for the Projects in NTT DATA
  • Responsible for closing all the identified gaps from client and external audit
  • Responsible for handling TISAX related procurement process including identifying external auditor for TISAX and successfully bring them onboard
  • Responsible for Managing and facilitating the TISAX external audit

Senior Manager

Protiviti LLC, India
10.2021 - 09.2022
  • Responsible for handling the Information Security, Cyber Security, SOX and ITGC projects for the client companies
  • Responsible for Implementing Cyber Security Controls from ISO27001, NIST, Cybersecurity Framework
  • Responsible for performing Gap Assessment to identify risks in the IT Environment
  • Responsible for working on Risk mitigation process for the identified Risk arising from internal audits and different process within the client environment
  • Responsible for designing control requirements based on the Risk Mitigation process
  • Responsible for drafting the control requirement document based on ISO27001 controls, NIST framework and other Cyber Security Framework
  • Reviewing and updating the Cyber Security Policies and Procedures documents
  • Responsible for implementing controls and coordinating with cross function stakeholders for the implementation Cyber Security Controls
  • Responsible for presenting and documenting the project progress to the Management
  • Responsible for performing SOX Audit for the SAP applications
  • Responsible for testing TOD and TOE of the SOX controls
  • Responsible for reviewing the client environment and application architecture for the control testing
  • Responsible for coordinating with the stakeholders to collect the data for testing the SOX controls
  • Responsible for verifying and validating the evidence received from the various SAP applications
  • Responsible for documenting the test results based on the testing performed
  • Responsible for coordinating with stakeholders and documenting the mitigation plan

Senior Consultant

Pacific IT Consulting Pvt. Ltd.
NOIDA
02.2021 - 09.2021
  • Working in the Information Security Team of NTT DATA services as a Deputed employee
  • Lead Implementor for the TISAX (Trusted Information Security Assessment Exchange) implementation
  • Performing the Information security Self - Assessment as per the TISAX requirement and identifying the gaps in the Delivery and IT processes
  • Identifying and implementing the controls based on the Self - Assessment
  • Responsible for collecting the evidence for the implemented controls from the different stakeholders
  • Assisting the delivery team in preparation of Information Security documents including Client information security requirement and Risk Management Document
  • Responsible for tracking and closing the identified issues during TISAX internal Assessment
  • Coordinating with different IT teams for the audit readiness activities
  • Projecting the progress status of the project to the Leadership group
  • Facilitating the Delivery team in the External Audit
  • Identifying and preparing the Corrective and Preventive action and root cause analysis for the non-Conformities
  • Successfully Achieved the TISAX 2.5 Label for the NTT DATA projects

Principal Consultant

AMTAG GLOBAL LLP
Bhopal
04.2018 - 02.2021
  • Responsible for planning out the projects alongside with the AMTAG Global management
  • Handle the client engagement for the Cyber Security IT compliance and Cyber Forensics projects
  • Undertaken projects of ISO 27001:2013 implementation for the client
  • Undertaken projects for ensuring efficiency and effectiveness of Information Security Framework of Client organization
  • Assisting the clients in establishing and updating the ISMS documentation
  • Conducting the Risk Assessment and Risk Treatment for the Client IT Processes
  • Helping the client to patch the identified loopholes and vulnerabilities in the clients Information Security Framework
  • Assisting the clients with ISMS External Audits
  • Undertaken the projects for Testing the Client Networks and Architecture by performing VAPT and suggest the adequate measure to remediate the issues
  • Undertaken the Cyber Forensics project for the Government Agencies
  • Responsible for collecting the digital evidence during the on-site data acquisition and Seizure and maintaining the strict chain of custody for the evidences
  • Specialized in performing on-site Data cloning/ Imaging, Email forensic and Mobile forensic

Associate Consultant

VIRTUSA POLARIS
Mumbai
04.2017 - 03.2018
  • Worked with the Cyber Security team to facilities the client with Cyber Security Related Project
  • Performing the Information Security Vendor Risk Assessment
  • Coordinating with client's compliance team in performing Third Party Reviews of its global vendors
  • Identifying the inherent risk of client's relationship with the service providers and vendors
  • Identifying, measuring, and assessing the risk associated with in the third-party vendor services
  • Establishing the remediation plan and mitigation approach for the identified risk and communicate the same with the client business owners
  • Developing report summarizing the control deficiencies and resulting risk associated with the services provided by the Third-party Service provider

Senior Associate

Oloop Technology solutions
Mumbai
12.2016 - 03.2017
  • Worked as consultant for Deloitte, India as the internal team member of the information security team
  • Helping the Deloitte client in the ISO 27001:2013 sustenance activities
  • Performing the Risk Assessment and Risk treatment for the Banking Client
  • Reviewing and updating the ISMS Documents
  • Reviewing the IT and Business processes of the Banking Client
  • Imparting the Information Security awareness and training
  • Performing the Internal Audit against the ISO27001:2013
  • Assisting the Client during the External Audit of ISO27001:2013

Manager

KOTAK LIFE INSURANCE
Mumbai
09.2015 - 12.2016
  • Worked in the Process Assurance and Risk Management department
  • Look after the audit and risk management within the organization
  • Performing Network based monitoring of the Emails and other Egress point
  • Analysis of the data captured during the monitoring
  • Performing the Risk Assessment and Risk treatment for the IT Processes
  • Identification of Vulnerabilities, Threats and Risks in the processes
  • Establishing the Risk mitigation plan against the identified risk
  • Facilitating the External Audits and internal audits
  • Performing the access rights managements for the critical applications within the organization
  • Establishing the role based access for critical applications
  • Defining the Access control Matrix for the same
  • Conducting the User access validation bases on the Access Control Matrix
  • Handling BISO (Business Information Security Officer) activities within the organization and to ensure compliance of organization policies
  • Monitoring of information security incidents within organization

Associate

Aneja Associate
Mumbai
12.2014 - 09.2015
  • Worked with the IT Audit Team to perform IT internal audit for the clients
  • Responsible for performing Internal Audits for the Client IT processes and validating the ITGC Controls
  • Interviewing the Stakeholders to understand the implemented IT processes and controls
  • Identifying the gaps in the IT systems and Processes
  • Identifying the Root cause and Risk related to the Gaps
  • Identifying Plan of action to close the gaps
  • Preparation of the Audit report highlighting the gaps to the top management

Education

MS - Cyber Law and Information Security

NATIONAL LAW INSTITUTE UNIVERSITY
Bhopal, India
05.2014

B.Tech - Mechanical Engineering

SAGAR INSTITIUTE OF SCIENCE AND TECHNOLOGY
Bhopal, India
06.2012

Skills

  • ISO 27001:2012
  • Compliance monitoring
  • Cybersecurity frameworks
  • Information security policies
  • Security risk assessment
  • ISMS Implementation
  • TISAX Implementation
  • IS internal audits
  • Risk Management
  • Cybersecurity
  • ITGC
  • Cyber forensics
  • Compliance auditing

Certification

  • CISA
  • ISO 27001:2022

Languages

English
First Language
English
Advanced (C1)
C1

Timeline

Security Senior Specialist

NTT DATA Global Delivery Services Private Limited
10.2022 - Current

Senior Manager

Protiviti LLC, India
10.2021 - 09.2022

Senior Consultant

Pacific IT Consulting Pvt. Ltd.
02.2021 - 09.2021

Principal Consultant

AMTAG GLOBAL LLP
04.2018 - 02.2021

Associate Consultant

VIRTUSA POLARIS
04.2017 - 03.2018

Senior Associate

Oloop Technology solutions
12.2016 - 03.2017

Manager

KOTAK LIFE INSURANCE
09.2015 - 12.2016

Associate

Aneja Associate
12.2014 - 09.2015
  • CISA
  • ISO 27001:2022

MS - Cyber Law and Information Security

NATIONAL LAW INSTITUTE UNIVERSITY

B.Tech - Mechanical Engineering

SAGAR INSTITIUTE OF SCIENCE AND TECHNOLOGY

Similar Profiles

  • HAMEED JAFFAR DUDEKULA

    HAMEED JAFFAR DUDEKULAHAMEED JAFFAR DUDEKULA

    Services IT Development Program Senior Associate at NTT DATA Global Delivery Services Private LimitedServices IT Development Program Senior Associate at NTT DATA Global Delivery Services Private Limited

    View Profile
  • UMANG GROVER

    UMANG GROVERUMANG GROVER

    Finance & Accounting Associate at NTT Data Global Delivery Services Private LimitedFinance & Accounting Associate at NTT Data Global Delivery Services Private Limited

    View Profile
  • DEEVI NIKHIL RANGANADH

    DEEVI NIKHIL RANGANADHDEEVI NIKHIL RANGANADH

    Mainframe Developer at NTT DATA Global Delivery Services Private LimitedMainframe Developer at NTT DATA Global Delivery Services Private Limited

    View Profile
Hasan Raza Naqvi