Nida Qureshi

Deployed at client- DHL Express Pvt. Ltd. as Information Security Analyst..

• Conducted various IT security and data protection user awareness programs, including mailers, posters, and quizzes, on a regular basis.
• Proficient in conducting phishing simulations using platforms like Cofense PhishMe, resulting in a 41% increase in employee awareness and reporting of phishing attempts.
• Proficiency in analyzing data from phishing simulations to assess employee susceptibility, and improve training programs.
• Developed security playbooks, policies, and process documents to enhance the organization’s security posture.
• Created third-party vendor security checklists and IT security audit checklists, review decks, and reports for monthly review and management review meetings.
• Assisted in GDPR implementation and collaborated with cross-functional teams to ensure organizational compliance.
• Maintained risk register to support risk assessment activities related to IT security.
• Collaborated with vendors and cross-functional teams to conduct security assessments of third-party applications, including BIA, TVA, DPR, and PIA.
• Analyzed security incident tickets to identify root causes of security incidents, and develop preventive actions and remediation plans.
• Regular review of information security risks, vulnerabilities, and the patching process.

• Created, reviewed, and updated Standard Operating Procedures (SOPs) and the Risk Register.
• Co-created the ISO 27701 standard manual and the Personal Data Protection Act (PDPA) manual for the organization; updated the ISO 27001 and ISO 13485 manuals.
• Participated in ISO 27001 and 27701 certification audits.
• Created audit checklists for ISO 27001, 27701, 13485, and EU MDR 2017/745.
• Prepared Non-Conformance (NC) reports for the ISO 13485 audit, including Root Cause Analysis (RCA), and Corrective and Preventive Actions (CAPA).
• Acquired basic knowledge of CE marking for Class II-A medical devices, US HIPAA compliance, 21 CFR Part 11, and Part 820.
• Created templates for Data Subject Access Requests and Data Correction Requests in accordance with GDPR and PDPA requirements.
• Reviewed all cross-functional documents (risk register, SOP, information handling schedule, departmental KPIs, asset inventory) to ensure compliance with ISO 13485 and ISO 27001 standards.
• Conducted Data Protection Impact Assessments (DPIAs) for critical vendors.